Restricting machines to a single VLAN

Hi all,
I am trying to figure out if there is a way to stop a single machine from possibly acting as a bridge between VLANS. Assuming there are two VLANS (10 being operations and 20 being secure), how can one ensure that a machine cannot be added with two network cards, connecting one to VLAN10 and the other to VLAN20. Of course, being a secure VLAN, we would restrict which MAC addresses can connect to a VLAN20 port.
Any ideas? Is this just a risk that a client must accept when using VLANS for security rather than separate switches?

This is nothing to do with vlans as such because the same would still apply if you used separate physcial switches ie. sw1 for vlan 10 and sw2 for vlan 20 and then you connected a PC with 2 NIC's one to each switch.
If a user could add another NIC and has the capability to connect his 2 NIC's to two different vlans/switches within your network then you have some very serious physical security problems.
I guess what i'm trying to say is that yes you can use port-security etc.. but the sort of problem you are outlining is much better dealt with at the procedures/physical level.
Jon

Similar Messages

2 different subnets on single vlan

I have this setup.
2 3750G switches stacked.
I have 2 servers with IP 10.10.10.1/30 and 10.10.10.2/30 connected into port g1/0/1 and g1/0/2 respectivily on switch1 both in vlan 100
I have another 2 servers with IP 10.10.20.1/30 and 10.10.20.2/30 connected into port g2/0/1 and g2/0/2 respectivily on switch2 both also in vlan 100.
I need to keep this same vlan across the stack. In theory servers on same subnet in vlan 100 should be able to communicate properly, or am I wrong?
What can I do to prevent broadcasts from propagating between subnets of this single vlan?

Edison
Perhaps I read the post from Sparky slightly differently than you do. The first pair of servers are in the same logical subnet and in the same VLAN so they should communicate with each other fine. And the second pair of servers are in the same logical subnet and in the same VLAN so they should communicate with each other fine.
But I agree with you that there are flaws in this implementation. First, since the subnets are /30 they only allow two hosts and with two servers in the subnet there is nothing to act as a gateway and to provide access to "remote" addresses. Also this implementation breaks the assumption that there is a correlation between subnet and VLAN. We tend to assume that a correlation exists and that a subnet is related to a VLAN and a VLAN is related to a subnet. But VLAN is a layer 2 concept and subnet is a layer 3 concept and they are not necessarily related. There is no rule that says that a VLAN have only 1 subnet (though that is common practice). A VLAN interface with a primary IP address and a secondary IP address would certainly support 2 (or more) subnets.
Note that this implementation does not provide the isolation that we tend to assume when we talk about subnets. We generally assume that devices in 1 subnet do not communicate directly with devices in a different subnet (because we tend to assume that each subnet is a separate broadcast domain). But this implementation puts both subnets into the same broadcast domain. So the first pair of servers will hear all the broadcasts (including ARP) from the second pair of servers and any of these servers could communicate directly with any other of the servers - certainly not bounded by the subnet.
Sparky
There is no way to isolate the broadcasts within the same VLAN. The basic definition of VLAN is that it is a broadcast domain. And any broadcast generated will be flooded thoughout the entire broadcast domain. The only way to restrict the broadcasts is to create 2 VLANs.
HTH
Rick

Multiple SSIDs on a single VLAN

I dont think its possible but I vaguely recall seeing a document stating that it is poosible to have two SSIDs on a single VLAN.
If so can they also have two different authentication methods

Hi,
Thank you very much. I got it right now. Anyway, I could broadcast only 1 SSID. I have tried âmbssidâ but it did not work. I understand VLAN is needed for mbssid. Please let me know if you have any suggestions. The following is my configuration.
ap#sh run
Building configuration...
Current configuration : 1471 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
no logging console
enable secret 5 xxxxxxxxxx
ip subnet-zero
no aaa new-model
dot11 ssid test1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010703174F5A575D7218
dot11 ssid test2
authentication open
authentication key-management wpa
wpa-psk ascii 7 120D000406595D56797F
username xxxxx password 7 xxxxxxxxxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid test1
ssid test2
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 80 in
interface BVI1
ip address 192.168.2.171 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
line vty 0 4
login local
end
Thanks again,
Nitass

Create a Collection of machines missing a single patch MS07-042

Good Morning All,
   I am trying to create a collection for all machines missing a single patch. MS07-042. This patch has multiple KB numbers.
I noticed a couple of odd occurances.
1) Console query builder does not expose the Updates classes.
2) Console query builder does expose all the ITMU classes. I am not sure if these are populated with the WSUS information gathered by the WUA.
I did create the following query
select *
from SMS_R_System inner join SMS_UpdateComplianceStatus on SMS_UpdateComplianceStatus.MachineID = SMS_R_System.ResourceId
   inner join SMS_Softwareupdate on SMS_Softwareupdate.CI_ID = SMS_UpdateComplianceStatus.CI_ID
where SMS_Softwareupdate.BulletinID = "MS07-042"
However, I am unable to locate any documentation on what the Status Fields indicate in SMS_UpdateComplianceStatus.
My Questions
1) Is there an easier way to do this?
2) Is there any documentation on what the fields mean in SQL?
I look forward to blogging about this as soon as I am sure of an answer.
Best
Shaun Cassells
http://myitforum.com/cs2/blogs/scassells/default.aspx

Torsten, do you have a refrence for the SMS_UpdateComplianceStatus table? I want to know what the Status Field values represent.
I realize this is an old thread, but I just wanted to put in my $0.02 in case someone else stumbles upon it looking for info.
So, the SMS_UpdateComplianceStatus class (cuz we're talking collections here, which is WQL and pulls from WMI classes) is really the equivalent of the v_UpdateComplianceStatus view. So if you want to see what's in that, go to SQL and query it.
Also, if you want to know what the Status field values are, you can find those by looking at the v_StateNames view from SQL too where TopicType = 400 I believe.
State 0 = Unknown
State 1 = Not Required (meaning doesn't have patch and doesn't need it)
State 2 = Not Detected (meaning it doesn't have patch but needs it)
State 3 = Detected (meaning it has this patch)
So, if you want to create a collection of machines that are missing a patch, you could do something like this:
SELECT
SMS_R_SYSTEM.ResourceID,
SMS_R_SYSTEM.ResourceType,
SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client
FROM
SMS_R_System
JOIN SMS_UpdateComplianceStatus
    ON SMS_R_System.ResourceID = SMS_UpdateComplianceStatus.MachineID
    AND SMS_UpdateComplianceStatus.Status = 2
JOIN SMS_SoftwareUpdate
    ON SMS_UpdateComplianceStatus.CI_ID = SMS_SoftwareUpdate.CI_ID
    AND SMS_SoftwareUpdate.ArticleID = 832671
Number2 - (John Nelson)
Microsoft MVP (2009) - System Center Configuration Manager
http://number2blog.com

HT4913 Hi, I was trying add a second computer on iTunes Match. I was signed into both machines with a single ID which already has iTunes Match. When I selected iTunes match, it asked me to buy it again rather than add. Now I've got it on neither machine-

Hi, I was trying add a second computer on iTunes Match.
I was signed into iTunes on both machines with a single ID which already has iTunes Match from the primary machine. When I selected iTunes match on the second, it asked me to subscribe to it again rather than add.
To try to fix this, I signed out of the primary machine and so i was only in the second computer. This didnt work and when i tried to log back into Match on the primary machine it has the same problem now, asking me to buy iTunes Match when I already have it!
Now I've got it on neither machine- can someone please help!!
Cheers,

wandererny wrote:
Only one library can be matched at a time. If you continue, the other iTunes Match session will be stopped and this computer's library will be matched instead.
Hi,
You often get this message when match thinks that you already have a match in progess on another computer.
If you are happy that all your music is on your new hard drive (or if it is only in the cloud), you should select "this computer".
Jim

How to restrict acess to a single user for a proxy service in OSB

how to restrict acess to a single user for a proxy service in OSB

A.     Go to Proxy Service and Click on the Security tab
B.     Click on Transport Acess Control Policies to Edit.
C.     Click on Add Conditions to Restrict the users.
D.     In the Predicate List Select the User Category
E.     Give the User Name to which you want to give access.

Is't Single-VLAN One-Armed Mode let the pop-ups error?

Dear all
In my network I deployed Single-VLAN One-Armed Mode In this mode,the real server’s default gateway is the upstream router. To ensure the return
flow traverses back through the load balancer, the IP address of the client isrewritten to that of the load balancer.
Direct access web was fine ,however when open Pop-ups website will appear error Example, the figure-1 ：
figure-1
When I used real Server IP address not through ACE anything will be fine. Example, the figure-2 :
figure-2
The Web's Code
<%@ page language="java" pageEncoding="UTF-8"%>
<%@ taglib uri="/WEB-INF/hnisi.tld" prefix="hnisi"%>
<%@ include file="/jsp/framework/head.jsp"%>
<%@ page import="cn.sinobest.framework.util.DTOUtil,cn.sinobest.framework.util.Util,cn.sinobest.framework.util.ConfUtil" %>
<%
    //当前登录用户所属系统机构
    String orgCode = DTOUtil.getUserInfo().getBAE001();
    //操作员ID
    String operId = DTOUtil.getValue("OPERID");
    //角色类型
    String roleType = DTOUtil.getValue("ROLETYPE");
        String fromFuncDesc = DTOUtil.getValue("fromFuncDesc");
    //所选操作员的姓名
    String sOperatorName = DTOUtil.getValue("SOPERATORNAME");
    //权限树 where 条件
    String whereClsTree = " rightid in ( select distinct B.RIGHTID "+
                " from FW_RIGHT B"+
                " left join FW_OPERATOR2RIGHT A on LOCATE(B.RIGHTID,A.RIGHTID) = 1"+
                 " where A.AAE100 ='1'"+
                 " and B.AAE100 ='1' and A.operid = '"+operId+"' ";
    //条件：有效角色，当前登录用户只能操作用户所属系统机构及下级机构的角色，以及上级机构的共享角色
    String whereCls =" AAE100 ='1' and (BAE001 like '"+orgCode+"%' or ( IFSHARED = '1' and LOCATE(BAE001,'"+orgCode+"') = 1))";
    if(!Util.isEmpty(roleType)){//角色类型
             whereClsTree +=" and AUTHTYPE='"+roleType+"' ";
             String roleType_zdfpzj = ConfUtil.getDict("ROLETYPE", "13");//最大分配角色
        if("2".equals(roleType)){//分配角色包括：分配角色、最大分配角色
                 whereCls += " and ROLETYPE in('"+roleType+"','"+roleType_zdfpzj+"') ";
        }else{
                       whereCls += " and ROLETYPE='"+roleType+"' ";
    whereClsTree +=" )";
%>
<%-- 导航栏标签 --%>
<hnisi:gNavStr />
    <legend style="cursor:hand;" >
        <span>
            <img id="img_fw_authmngr_geneauth_list_grid" src="${ctx}/themes/default/images/query_icon_right.gif">
        </span>
        <span title="单击展开或收缩">
            <b><%=sOperatorName%></b>已拥有的权限树
            <hnisi:tree id="menus" type="1" whereCls="<%=whereClsTree %>"/>
        </span>
    </legend>
    <form name="roleListForm" method="post">
        <%-- 角色列表--%>
        <hnisi:glt id="fw_authmngr_geneauth_role" whereCls="<%=whereCls %>" />
        <p align="center">
            <%-- 确定按钮 --%>
            <hnisi:btn name="btnQuery" onclick="roleAutoOk()" value="保存" href="javascript:void(0)"/>
            <%-- 清除按钮 --%>
            <hnisi:btn name="btnCls" onclick="cls()" value="清除" href="javascript:void(0)"/>
            <%-- 关闭按钮 --%>
            <hnisi:btn name="btnClose" onclick="winClose()" value="关闭" href="javascript:void(0)"/>
        </p>
    </form>
    <form name="roleForm">
        <input type="hidden" name="OPERID" value="<%=operId %>"/>
        <input type="hidden" name="ROLEIDS">
    </form>
    <script type="text/javascript">
    
    </script>
</body>
</html>
The ACE's config
`show running-config`
Generating configuration....
boot system image:c4710ace-mz.A4_2_0.bin
interface gigabitEthernet 1/1
switchport access vlan 100
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
switchport access vlan 3
no shutdown
access-list ALL line 8 extended permit ip any any
access-list allowany line 8 extended permit ip any any
access-list allowany line 16 extended permit icmp any any
probe icmp Ping
interval 2
faildetect 2
passdetect interval 2
passdetect count 1
receive 2
probe tcp TCP6666
description RPC Client Access
port 6666
interval 30
passdetect interval 60
connection term forced
open 10
probe tcp TCP8888
description RPC Client Access
port 8888
interval 30
passdetect interval 60
connection term forced
open 1
rserver host YB1
ip address 110.43.102.241
inservice
rserver host YB2
ip address 110.43.102.245
inservice
rserver host YB3
ip address 110.43.102.246
inservice
rserver host YB4
ip address 110.43.102.247
inservice
rserver host YB5
ip address 110.43.102.248
inservice
rserver host YB6
ip address 110.43.102.242
inservice
serverfarm host YB01farm
predictor leastconns
probe TCP6666
rserver YB2
    inservice
rserver YB3
    inservice
rserver YB4
    inservice
rserver YB5
    inservice
serverfarm host YB02farm
predictor leastconns
probe TCP8888
rserver YB2
    inservice
rserver YB3
    inservice
rserver YB4
    inservice
rserver YB5
    inservice
parameter-map type http PRESIST-REBALANCE
persistence-rebalance
sticky ip-netmask 255.255.255.255 address source YB01-GRP
timeout 60
replicate sticky
serverfarm YB01farm
sticky ip-netmask 255.255.255.255 address source YB02-GRP
timeout 60
replicate sticky
serverfarm YB02farm
sticky http-cookie COOKIE1 STICKYYB01
cookie insert browser-expire
timeout 3600
replicate sticky
serverfarm YB01farm
action-list type modify http IP-header
header insert request X-Forwarded-For header-value "%is"
class-map match-all YB01-slb-vip
2 match virtual-address 110.43.102.251 any
class-map match-all YB02-slb-vip
2 match virtual-address 110.43.102.252 any
class-map type management match-any remote_access
description remote-access-traffic-match
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
    permit
policy-map type loadbalance http first-match YB01-slb
class class-default
    sticky-serverfarm STICKYYB01
    action IP-header
policy-map type loadbalance http first-match YB02-slb
class class-default
    sticky-serverfarm YB02-GRP
    action IP-header
policy-map type loadbalance first-match YB6666
class class-default
    sticky-serverfarm STICKYYB01
    action IP-header
    insert-http https header-value "on"
policy-map multi-match client-vips
class YB01-slb-vip
    loadbalance vip inservice
    loadbalance policy YB6666
    loadbalance vip icmp-reply active
    nat dynamic 100 vlan 100
    appl-parameter http advanced-options PRESIST-REBALANCE
class YB02-slb-vip
    loadbalance vip inservice
    loadbalance policy YB02-slb
    loadbalance vip icmp-reply active
    nat dynamic 100 vlan 100
interface vlan 3
ip address 192.168.50.2 255.255.255.240
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 100
ip address 110.43.102.238 255.255.255.0
access-group input allowany
nat-pool 100 110.43.102.239 110.43.102.239 netmask 255.255.255.255 pat
service-policy input remote_mgmt_allow_policy
service-policy input client-vips
no shutdown
ip route 0.0.0.0 0.0.0.0 110.43.102.112

Hi,
The error comes when accessing the website through LB. The error is thrown by the server. Do we know what does that error indicate and will be thrown by server under what circumstances?
Can you just try with one server in the serverfarm and check if it works fine?
Does it load initial page at all or throws error right away.
What do you see in show conn output? Which VIP is in question here?
Regards,
Kanwal

Restricting multiple sessions to single device

Dear All
How to control the number of concurrent sessions permitted for a single userid. Can Concurrent access authorization be varied by excluding userids or by restricting multiple sessions to single device?
Any suggestion will be appreciated

We are running an application made up of oracle 9i forms and reports using oracle application server and we need to restrict the limit of sessions per user so that a single session to single pc

Single VLAN can have different subnets????????

single VLAN can have different subnet

Hi Devang,
Yes your single vlan can have different subnet but they will not talk to each other on ip (layer 3) till the time you configure routing on your layer 3 device using secondary ip address on same logical interface.
But your answer is yes single vlan can have different subnet.
HTH
Ankur

Restrict browse window to single directory

Hi !
I want to restrict browse window to single directory.
Please see the bmp image.
Here i m giving browse file option C:\US\
Now i want that - user can brows only those folder in C:\US\.
I want to restrict user to brows other folders from this browse button.
Please give me the solution.
Thanks in Advance
Kaustubh
VC (Pune)
INDIA
Attachments:
Test 1.bmp ‏1407 KB

To add to Brett's suggestion,
You could store the value for the last directory inside a lookup file (text).
So when the user opens the folder, the folder selection is populated with the last one that was opened.
This way, it allows the flexibility to open other folders and remember which one was last opened. Unless you want to restrict to a single folder, then you could do the same without offering a choice of folders. In that case, you could store the static folder location in the file.
I use this method when developing code to make my life simpler. I have a boolean value that alters the behaviour of the vi (wired to a Case Statement) which allows selection why I run the vi and presents static settings for an operator. An example of static settings is the folder where the results reside. They can be indexed by login name.
I'm sure you get the picture.
Experiment and have fun.
JLV

Restrict RMAN to start single session per database

Hi,
Is there way we can restrict RMAN to start single session per database. we are using RMAN for full database Backup.
I can not restrict user session as same catalog user is shared with other database as well.
ORACLE : 11g

Ok :)
Backup files created by RMAN must be tagged with the local system name, and with RESTORE operations that tag must be used to restrict RMAN from selecting backups taken on the same host. In other words, the BACKUP command must use the TAG node name option when creating backups; the RESTORE command must use the FROM TAG node name option; and the RECOVER command must use FROM TAG node name ARCHIVELOG TAG node name option.
RESTORE DATABASE FROM TAG '<node name>'
RECOVER DATABASE FROM TAG '<node name>' ARCHIVELOG TAG '<node name>'
http://download.oracle.com/docs/cd/B14117_01/server.101/b10823/manage_ps.htm

Restricting user access through single machine without entering password

Dear All,
We would like to provide access to temporary user and he should be able to access our Production R/3 using SAP GUI from the machine which is allocated to him and not from any other machines in the same network.He should be able to login when he click on the login pad without entering password.
Please let me know is there a way to achieve this by changing the SAP gui settings in that machine alone/suggest me if you have an alternate solution?
Appreciate your response.
Thanks,
Vadi

Hello Vadivambal,
Actually the second thing might be possible with logon pad. In the logon pad there is an option for short cuts. You can create a short cut for a system in launch pad which gives you the option for specifying user id and password also. However this is relevant for SAP GUI 640 or higher only. The GUI launch pad has two tabs: Shortcuts and systems. Check the short cut part.
Regards.
Ruchit,

PEAP Windows Logon -Machine & User Authentication -Multiple VLANS

Windows Client <==> Access Point <==> Radius <==> Windows DC/AD
Windows OS : XP Client SP 2
Supplicant : Built-in Wireless Supplicant
Authentication : 802.1x PEAP(MS-Chapv2)
Access Point : Aironet 1200
Radius : ACS 3.3
Adaptors : Built-in
CA : Microsoft
I have a single SSID and am using a RADIUS server to assign users to different VLANs. When a computer boots up, machine authentication is used and the ACS tells the access point which VLAN to be on (i.e. VLAN1 192.168.1.x). Then when the user logs on the ACS tells the access point to switch the computer to a different VLAN (i.e. VLAN2 192.168.2.x). The problem is that the windows logon scripts do not run. Once the computer finishes booting, I quickly check its IP address and it still thinks it is on 192.168.1.x (VLAN1) when it is actually on VLAN2 and needs a 192.168.2.x address. If I give the machine time, it will eventually switch its IP to the 192.168.2.x address.
Has anyone else run across this? I assume that there is no fix and that it is a Microsoft problem. Obviously, it can't do the logon script if it does not have a valid IP for its VLAN. I also never know who will be logging into the computer to put the computer in the correct VLAN ahead of time.
Note: If the machine and user are both set to use the same VLAN, the computer does not have to switch IPs and the windows logon script works fine.
Thanks
Steve

Hi there.
I've tried that solution, and I had a similar problem. My problem was on the DHCP server side: there was a superscope defined with the different scopes for each VLAN. When I'd the MAC Address from one machine registered at the DHCP database, the settings were always the same. Then I deleted the superscope and only defined scopes for each VLAN. It's working fine now.
Hope this helps you.
Regards,
João

SG300 recommended setup for single vlan

I have 4 SG300 switches running in their default configuration.
I have a single subnet and have been working just fine.
I tried expanding my subnet from a /24 to a /23 but am having trouble communicating between old and new parts of the subnet. Pings to the new part of the subnet work once or twice then stop.
What kind of setup is recommended for this? Apparently the default config is blocking traffic to the new addresses, but I don't know why.
I did verify that putting a single dumb switch in place fixes the problem. I thought the default config fo these switches basically acts like a dumb switch, but I guess not.
I also noticed that when pings stop going, if I look at the arp -a on the source PC, the MAC of the destination is a single Cisco brand Mac for ALL the devices on the new part of the subnet.
I do understand IOS Vlan setups, but I'm consfused by the GUI terminology. And don't know whether I can just continue using the single default VLAN or if I should create a new one.

Hello Chris,
One thing that stood out to me was you said you are unable to ping from the old part of the subnet to the new, by that do you mean from clients still in the /24 to the /23? Because they won't be able to communicate with each other unless the switch has a default gateway configured. The switch doesn't do any routing, so it has to send traffic for a different subnet to some sort of router that knows where that other network is.
There is a setting under Administration > Management Interface > IPv4 Interface. After you setup a static IP for the switch and change it's prefix length to 23 you can specify a default gateway for the switch. At that point (assuming your router is setup correctly) you should be able to ping from the /24 to the /23 addresses.
I got this info from page 257 of the admin guide, where there is a note about inter-subnet communication. That guide is available here:
http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
I'm assuming however you will eventually be transitionin your entire network to /23, in which case just make sure everyone is on the same subnet mask and they will be able to communicate just fine, even without a router.
Hope that helps, but if I got something wrong somewhere let me know and I will take another look.
Christopher Ebert
Network Support Engineer - Cisco Small Business Support Center
*Please rate helpful posts*

Machine Authentication On One Vlan, User authentication on another

I am trying to have my wireless users authenticate the machines on one vlan and then based upon the user id from AD switch to another vlan if required. I have it working just fine except when the user logs on and ACS forces the new vlan, the IP stack goes to "Limited Access" because the ip address hasn't released and renewed. Because of this until they turn off and turn the wireless card back on they go no where and log on routines such as scripts and user group policies don't execute. Any help would be appreciated.

Mark,
See if this article helps you resolve your issues, Cisco latest supplicant anyconnect NAM is the supplicant that replaced the CSSC.
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/f68dc3f0-744a-4d0f-b85a-87f8bc531fd0
Thanks,
Tarik Admani
*Please rate helpful posts*

Restricting machines to a single VLAN

Similar Messages

Maybe you are looking for