Private network OK, guest network no IP

Similar Messages

• WLC 4400 Not authetnicating between GUEST and Private networks

  Hello,
  I have a problem. I have a WLC 4400 and the problem i´m encountering is that when a user authetnicates to the private network, and then tryies to autheticate to the Guest network, it just stays there, it doens't do anything. Same way around, if you authenticate tothe Guest network, and change to the private network, it just sits there. I pointing that the problem is with Authentication, but not sure if i´m correct.
  Can anyone help me?? what ifnormation will i need to retreive from the WLC to see where the problem lies??
  I will get the debug mac addr <client-MAC-address           xx:xx:xx:xx:xx:xx> and repeat the issue in order to see if i get anything from the client.
  Thanks for the help
  Tony

  Thanks for the help.
  Actually the problem was that the WLC had a wrong time and also we had on our DHCP a 24 hour lease, so we were running low on IP´s.
  Change the lease for 8 hours and set the time correctly and the issue got solved.
  Thanks.

• Multiple Airports with private and isolated guest wireless networks available from both

  Hi,
  I've been searching online for some equipment that can do what i want to do without going into the enterprise grade and spending $5000 on Cisco gear.
  Consider two locations approx 80m apart - Primary is a house, and secondary location is a garage. A Cat6 run exists between the two.
  The goal would be to have a wireless primary router in the house for wired and private wireless internet access, with an additional Guest wireless that is isolated from the private network that I can turn on and off if guests are coming over.
  In addition, the second location should also support both wired and wireless connections.
  It seems simple to me, one device in each location. The WAN port on the garage device would connect back to the house device. The two devices should be smart enough to know that one is extending the other. Someone on the guest wireless that is connected via the garage AP would not be able to see the wired devices even though it's traffic is going across the same wire back to the primary router.
  Can I do this without spending a fortune?
  Thanks

  Two Apple AirPorts would do most....but not all...of what you want.
  A few notes.....
  In order for the guest network feature to work correctly on an AirPort router, the "main" AirPort in the house must connect to a simple modem......not a modem/router or gateway device.  That is a deal killer for some users right there.
  When the guest network is activated in the garage, it must be activated for both AirPorts....house and garage.
  You could actiivate the guest network for the house and leave the guest network off in the garage if you wanted, no problem there.....but.....you could not activate the guest network in the garage without also activating it in the house first.
  "Guests" can only connect to the guest network using wireless. Up to you to decide if you want to leave the guest network open or use a password that would need to be used to connect to the network.
  But.....If "guests" had physical access to the AirPort in the garage....and they connected to one of the Ethernet ports on the AirPort in the garage, they would be connecting to your main or private network.
  So, if something like this was a concern, you would have to either hide the AirPort in the garage and trust that users would not find it....or....find some way to limit access to the back panel of the AirPort so that users could not connect to it using an Ethernet cable.
  If the features and installation limitations are acceptable, you could spend as little as $100 for each AirPort Express.
  If you wanted better performance from the AirPort in the house, you could use an AirPort Extreme there...about $200 and an AirPort Express in the garage.
  The deluxe option would be to use two AirPort Extremes.
  Finally, you would want to make sure that you understood the store's return policy before you buy.....in case something unexpected crops up, as can sometimes be the case.

• Can I add a wi-fi hotspot to my private network?

  I have an existing private network in our home consisting of cat5 outlets hard-wired to a Cisco 2900 Catalyst switch and wi-fi for the laptop and palm pilot is via a Linksys WRT54GX4 wired to the switch, which in turn is fed via direct bury cat5 from an exterior wireless broadband radio atop a tower. The current wi-fi is locked down with MAC address filtering, WPA-2 encryption and SSID off.
  I would like to add a public wi-fi hotspot for guests without exposing our network. (We host a gathering of motorcyclists from around North America, the kids have freinds over, etc.)
  I assume I will need to add a second wireless router or access point.
  What type of device do I need to add?
  Can I use the advanced routing features to control this, with or without isolating them by setting up a separate VLAN on the switch? 
  How would I configure this? 

  Hmmm. No responses, eh?
  Ah well, I think I may have found my answer. Does anyone have experience with the WRV200 or WRV210? They appear to feature multiple SSIDs (that can be hidden or exposed independently) and VLAN support. Am I correct in assuming that I could set up one VLAN for my private network, with it's own hidden SSID and encryption key and a second VLAN with a visible SSID and possibly a separate encryption key?
  Now, assuming all that works. How will the wireless get along with my existing SRX400 exquipment? Does the fact that the WRV210 only has 2 antennas compared to the 3 on my existing WRT5GX4 mean this one will be slower or have reduced range?

• Live Migration and private network

  Is it a best practice to put up a Private Network beetween the nodes in a pool (reserving a few network cards and switch ports for it), to have a dedicated network for the traffic generated e.g. by live migration and/or ocfs2 heartbeat? I was wondering why such setup is generally recommended in other virtualization solutions, but apparently it's not considered strictly necessary in OVM... Why? Are there any docs regarding this? I couldn't find any.
  Thanks!

  Hi Roynor,
  regarding the physical separation beetween management+hypervisor and the guest VMs, it's now implemented and working...
  My next doubt on the list of doubts :-) at this point is:
  I could easily set up ONE MORE dedicated bond, create a Bridge with a private IP on it on each server (e.g. 10.xxx.xxx.xxx), and then create a Private VLAN completely insulated from the rest of the world.
  I'd be putting the physical switch ports where the Private Bonds/Bridges belong to on the same VLAN ID.
  But:
  - How can I be sure that this network WILL be actually used by the relevant traffic? If I'm not wrong, when you set up e.g. a physical RAC cluster, at a certain point you are prompted to choose what network to use for the Heartbeat (and it will be marked as PRIVATE), and what network will be used by clients traffic (PUBLIC).
  In Oracle VM such setting does not exist... Neither during installation, nor in VM Manager, nowhere.
  - Apart from Security, I'm doubting that during heavy VMs migration problems could arise, because if the network gets saturated, there are chances that the OCFS2 heartbeat would be somehow "lost", therefore messing up HA etc. This is at least the reason why in a RAC setup a private network is highly recommended.
  - I finally found that doc you mention from IBM (thanks for pointing it out!) but my opinion is that THEIR INTENTION was to separate the traffic at the same way I'd like to, but there is simply NO PROOF that such setup would work... They do not mention where you can specify what traffic you want to be on what network...
  This is a very important point... I'm wondering why this lack of information.
  Thanks for your feedback, btw
  Edited by: rlomba on Dec 17, 2009 6:16 AM

• Virtual Private Network using JSP

  Sir tell me how to create a virtual private network in jsp using rmi to register for a new user and socket program to 1.send data(file and text)
  2.Recieve data (for a particular client).The server will monitor which all clients are loggined into the network and control all transactions between clients.I am using jakarta tomcat 5.0 as webserver and notepad as editor.
  Sir please help me....

  alan,
  Thank you for your reply.
  I apologize for misunderstanding. I should have phrased my question better.
  You wrote:
  "Load up each OS on the hardware and then add the software and then figure out which matrix you're looking for. In order to do this your application will need to be compiled for each OS assuming that it isn't something cross platform such as a Java application. Is it completion time, time on the network, load, memory consumption, or something else that you're looking to measure?"
  Although the application's own performance is extremely important, my question was not related to it.
  It's written in .NET 2.0, and it's not designed to work on non-Windows machines, or not even on Mono framework.
  I am asking about performance of virtual machines.
  For example, if I had 2 servers (not just one) with the same technical characteristics, and run several "guest" virtual machines (say, for example, 1 Windows Server 2003 + 1 Windows XP) in a virtual private network on VirtualBox on both of those servers...
  ...so, everything is exactly the same, EXCEPT the host OS on the two servers: Solaris vs. something else (Fedora, or Windows Server 2008, or whatever),
  my question is: would Solaris 10 provide better performance benchmark numbers, or would those numbers be the same as the other OS on the 2nd machine?
  The problem is, I have quite a bit of experience with running virtual machines on Windows hosts, but I am new to Solaris, and I am trying to figure out which OS I would be better off installing on the new machine, because that decision is not going to be easy to undo later.
  No "OS wars". Really. I do not have any allegiance to any particular OS.
  Thank you.
  Dmitriy

• How to create a private network for OCFS2 in OVS 2.2.1

  Does anyone know how to create a separate netwok for ocfs2 and leave the regular vm traffic on the main network.
  I have done the following
  - configured 3 vm servers connected fia fibre channel to a SAN
  - Bonded 2 network cards on each server to provide 1 bridge on each. (172 network)
  - Installed a 3rd network card in each server and configured on a 10 network with a separate switch.
  so my servers are called bart, lisa, flanders
  I can communicate between them effectively and the VM manager on a different server can talk to them all.
  I have also configured entries for bart2, lisa2, flanders2
  which are on the 10 network. I can ping and talk between these successfully.
  I can't however configure the cluster.conf to use the bart2, lisa2, flanders2 as it has a problem with the names not matching the local name of the machine.
  Im not sure if changing the server name will affect the VM agent.

  Basically, Oracle VM uses the IP address you specify when adding the Oracle VM server to configure OCFS2 and Live
  Migration. So you should use the private ip when adding the server.
  Then, the "regular" VM guests network traffic will be on the network/bridge/bond the guest itself belongs to.
  Maybe this old thread would be interesting for you to read:
  Live Migration and private network
  HTH

• ASA 5505 VPN - how to access Two private networks

  Hello
  i have cisco 5505 and i confirgured a remote VPN clients.  here is my sceniro
  cisco switch 2950   ===  holds two private network 192.168.8.x  and 192.168.4.x
  vlan 2  outside interface -    Eth0/0       155.155.155.x
  Vlan 1 inside interface --       Eth 0/1    192.168.8.180
  VPN pool ip address  =  192.168.8.100 --110
  i drag i cable from my cisco switch and put in to Eth0/1. and i want to access this twor private networks 192.168.4.x and 192.168.8.x .
  now i can access to 192.168.8.x .
  but i can't access 192.168.4.x .. please can any one help me that.
  Regards
  Thomas

  configure a split tunnel list that contains the networks you want the client to access.
  Sent from Cisco Technical Support iPad App

• I am using a verizion jetpack to wireless connect to an airport express next i want to connect a Airport extreme wired from toe express to create a second private network that has internet access via the jetpack

  Thanks for the help after looking over your sugesstion I did some additional troubleshooting which i should have done in the beginning and heres what i found
  Airport express is joined to and existing wireless network and i have internet access....all good
  I set up my Airport Extreme as follows:
                      Connect using :ethernet
                Ethernet Wan Port : automatic
                Connetion Sharing : Share a public IP address
  Tcpip      Configue IPv4: Using DHCP
  DHCP                   Begin address: 172.16.22.200
                             Ending address:  172.16.22.254
  Wireless    Create a wireless network
                           Wireless network name Test1
                            wpa2 security
  This is needed due to set ip address of device on this private network did not address NAT
  Conneted Express ethernet port to Extreme wan port
  All wired devices have internet access and i get a double nat status which ignore
  however my wireless device will not connect.... sometimes they will they want
  any suggestions

  Here are sceeen shots of the Express

• IP routing utilizing Verizon private network (GRE tunnel) with remote cellular gateways

  Okay, I give up, and think I have done my due diligence (I have been engrossed and fascinated spending many more hours than allotted to try and learn some of the finer details).  Time for some advice.  My usual trade is controls engineering which generally require only basic knowledge of networking principals.  However I recently took a job to integrate 100 or so lift stations scattered around a county into a central SCADA system.  I decided to use cellular technology to connect these remote sites back to the main SCADA system.  Well the infrastructure is now in and it’s time to get these things talking.  Basic topology description is as follows:  Each remote site has an Airlink LS300 gateway.  Attached to the gateway via Ethernet is a system controller that I will be polling via Modbus TCP from the main SCADA system.  The Airlinks are provisioned by Verizon utilizing a private network with static IP's.  This private networks address is 192.168.1.0/24.  Back at the central office the SCADA computer is sitting behind a Cisco 2911.  The LAN address of the central office is 192.168.11.0/24.  The 2911 is utilizing GRE tunnels that terminate with Verizon.  The original turn up was done with another contractor that did a basic config of the router which you will find below.  As it stands now I am pretty confident the tunnels are up and working (if I change a local computers subnet to 255.255.0.0 I can surprisingly reach the airlinks in the field), but this is obviously not the right way to solve the problem, not to mention I was unable to successfully poll the end devices on the other side of the Airlinks.  I think I understand just about every part of the config below and think it is just missing a few items to be complete.  I would greatly appreciate anyone’s help in getting this set up correctly.  I also have a few questions about the set up that still don’t make sense to me, you will find them below the config.  Thanks in advance.
  no aaa new-model
  ip cef
  ip dhcp excluded-address 10.10.10.1
  ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1 
   lease 0 2
  ip domain name yourdomain.com
  no ipv6 cef
  multilink bundle-name authenticated
  username cisco privilege 15 one-time secret 
  redundancy
  crypto isakmp policy 1
  encr 3des
  hash md5
   authentication pre-share
   group 2
  crypto isakmp key AbCdEf01294 address 99.101.15.99  
  crypto isakmp key AbCdEf01294 address 99.100.14.88 
  crypto ipsec transform-set VZW_TSET esp-3des esp-md5-hmac 
  mode transport
  crypto map VZW_VPNTUNNEL 1 ipsec-isakmp 
   description Verizon Wireless Tunnel
   set peer 99.101.15.99
   set peer 99.100.14.88
   set transform-set VZW_TSET 
   match address VZW_VPN
  interface Tunnel1
   description GRE Tunnel to Verizon Wireless
   ip address 172.16.200.2 255.255.255.252
   tunnel source 22.20.19.18
   tunnel destination 99.101.15.99
  interface Tunnel2
  description GRE Tunnel 2 to Verizon Wireless
   ip address 172.16.200.6 255.255.255.252
   tunnel source 22.20.19.18
   tunnel destination 99.100.14.88
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
   ip address 10.10.10.1 255.255.255.248
   shutdown
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   ip address 192.168.11.1 255.255.255.0
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   ip address 22.20.19.18 255.255.255.0
  duplex full
   speed 100
   crypto map VZW_VPNTUNNEL
  router bgp 65505
   bgp log-neighbor-changes
   network 0.0.0.0
   network 192.168.11.0
   neighbor 172.16.200.1 remote-as 6167
   neighbor 172.16.200.5 remote-as 6167
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 0.0.0.0 0.0.0.0 22.20.19.19
  ip access-list extended VZW_VPN
   permit gre host 99.101.15.99 host 22.20.19.18
   permit icmp host 99.101.15.99 host 22.20.19.18
   permit esp host 99.101.15.99 host 22.20.19.18
   permit udp host 99.101.15.99 host 22.20.19.18 eq isakmp
   permit gre host 22.20.19.18 host 99.101.15.99
   permit gre host 22.20.19.18 host 99.100.14.88
  access-list 23 permit 10.10.10.0 0.0.0.7
  control-plane
  end
  So after spending countless hours analyzing every portion of this,  I think that adding one line to this will get it going (or at least closer).
  ip route 192.168.1.0 255.255.0.0 22.20.19.19
  That should allow my internal LAN to reach the Airlink gateways on the other side of the tunnel (I think)
  Now for a couple of questions for those that are still actually hanging around.
  #1 what is the purpose of the Ethernet address assigned to each tunnel?  I only see them being used in the BGP section where they are receiving routing tables from the Verizon side (is that correct?).  Why wouldn't or couldn't you just use the physical Ethernet address interface in its place (in the BGP section)?
  #2 is the config above correct in pointing the default route to the physical Ethernet address?  Does that force the packets into the tunnel, or shouldn’t you be pointing it towards the tunnel IP's (172.16.200.2)?  If the config above is correct then I should not need to add the route I described above as if I ping out to 192.168.1.X that should catch it and force it into the tunnel where Verizon would pick it up and know how to get it to its destination??
  #3 Will I need to add another permit to the VZW_VPN for TCP as in the end I need to be able to poll via Modbus which uses port 502 TCP.  Or is TCP implicit in some way with the GRE permit?
   I actually have alot more questions, but I will keep reading for now.
  I really appreciate the time you all took to trudge through this.  Also please feel free to point anything else out that I may have missed or that can be improved.  Have a great day!

  This post is a duplicate of this thread
  https://supportforums.cisco.com/discussion/12275476/proper-routing-lan-through-verizon-private-network-gre-airlink-gateways
  which has a response. I suggest that all discussion of this question be done through the other thread.
  HTH
  Rick

• Creating a virtual private network?

  I've been reading some articles recently about creating a virtual private network for security and privacy reasons. Is it easy and is it a good thing to do?
  One part mentioned possibly having to pay a subscription for this service with your service provider? Would I have to with sky?

  If you regularly have the need to remotely access another machine which is at a different geographic location, VPN is a great idea. It can be difficult to set up, and requires network hardware support. For example, you either need to have a VPN gateway device (such as a Netgear FVS114 - check for them on eBay), which acts as the VPN endpoint, or you need to run a VPN server on your Mac and your gateway must allow VPN passthrough traffic. I'd generally recommend the first option, although it can be more expensive.
  You also need VPN client software running on the Mac you use to access your network. I recommend the free IPSecuritas. There's also VPN Tracker, which is very user friendly but does come at a price.
  Matt

• What is the correlation of Logger Private network to Router Private Network.

  What is the correlation of Logger Private network to Router Private Network.
  You have to define them in Websetup for the Router and Logger but what is communicating on the Private network path between the Logger and Router?    I thought that was over the Public network.  is it only Recovery from the Loggers talking over the Private network?

  Hi,
  you can read about the types of messages exchanged over various links in the SRND.
  G.

• Webforms, Firewall and Private Network

  Hello,
  We have following configuration:
  Server: Formsserver 6i patch 13 on Sun solaris
  Client: WindowsXP with Jinitiator 1.3.x
  Connect-Mode: https
  Our configuration works with ClientPC which are
  not in a private network.
  If you have a ClientPC in a prvt network with a private ip-address is a communication with a formsserver possible?
  ClientPC (with private ip-address) <> Firewall
  <> Internet <> Firewall <> Formsserver
  The ports for calling the applet and the
  communication between applet and formsserver are
  opened.
  Jinititaor is configured with the proxy https-port.
  We get following errors:
  Java Console: SSL handshake failed SSl connection closed graceful
  the applet terminates with: FRM-92050
  Could it be that the webforms applet sends
  the private ip address to the formsserver,
  which tries to establish a connection to a
  non real ip-address???
  Is there a workaround?
  thx for any help

  You should be able to do this however it may be that it is the web server which needs to be "tweeked".
  Can you do something like <machinename>/forms60/f60servlet - this will at least ping the java servlet - if you can't even do this then its probably not Forms which is the problem but the app server set up.
  Regards
  Grant Ronald
  Forms Product Management

• How to route traffic to a static public IP address on my private network

  Here is my topology:
  ISP Modem ---------------- (gig0/0) Cisco Router (gig0/1) -----------------Cisco Switch--------------------Server
                                         60.70.80.90             172.16.0.1                     172.16.0.2                         60.70.80.91
  Gateway: 60.70.80.89
  Netmask: 255.255.255.240
  Scenario:
  My ISP has given me 5 static IP addresses in which I want to assign one of them to one of my servers that lies within my private network.  I am wondering what kind of configurations I would need to be able to access my server from outside my private network using one of the static IP addresses that was given from my ISP. Does this need some sort of static NAT on top of the inside/outside NAT I have done on my router? Thanks
  Best Regards,
  Sean

  Duplicate post. 
  Go HERE.

• Mixing public and private networks on the same switch

  Hello Everyone,
  I know this may get some security engineers in frenzy but wanted to know if there is a safe way to mix public and private networks on the same switch. 
  We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network.  Each office has a 3750 with plenty of open ports.  How can I safely create a vlan for public access on these switches which currently have our internal network on.  I have read that people are doing this to save on the cost of purchasing a dedicated switch.  Some people are using access lists and one person mentioned creating a private vlan for the public network.  I looked up private vlan and it seemed bit confusing.
  Is this recommended?  If not what would be the safest way to do this?
  Thanks Everyone

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  How "safe" is relative.  If your running just one VLAN on a switch, that's would be the safest (basically the same as mixing traffic on the same wire - separation is done else where).
  If you multiple VLANs on a switch, then you need to determine how likely someone might figure out a way to breach the VLAN barriers.  (This isn't so easy on newer switches.)  If the VLAN isolation is breeched, then you need to examine what does that imply from a security perspective (for example can someone now inject or receive other VLAN traffic).
  For most purposes, I don't see mixing public and private VLANs, alone, on the same switch as much of a risk.  More of a concern is what can be reached on either VLAN and how well it's protected.