SPA8800 and SRST for small branch office?

Similar Messages

• Simulating small branch office in lab network

  Hi,
  I have to setup what seems to be a very basic configuration, but it doesn't work.
  In our lab there is a cluster of switches with a 3550 that does all the routing for vlans.
  I need to simulate a sort of a small branch office that has one connection
  to the outside world (the lab network).
  Here is my design:
  Vlan 230 (the internet)
  A port on 3550 is in vlan 230 and is connected to e0/0 (172.26.230.150) on 2611 router.
  e0/1 interface on a 2611 is (192.168.1.1).
  A PC is connected to e0/1 (192.168.1.12).
  From the router I can ping any host on vlan 230 and other vlans,
  I can also ping the pc connected to e0/1.
  However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0)
  Below is my configuration
  Thanks for your help.
  R2611-1#sh run
  Building configuration...
  Current configuration:
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname R2611-1
  ip subnet-zero
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp pool 192.168.1
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
  interface Ethernet0/0
  ip address 172.26.230.150 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  no mop enabled
  interface Ethernet0/1
  ip address 192.168.1.1 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  ip classless
  ip route 0.0.0.0 0.0.0.0 172.26.230.1
  ip http server
  no scheduler allocate
  end

  You are not performing nat on the router.
  This is typically required on a box which provides internet connectivity.
  Probably the other hosts on vlan 230 have no route back to the pc on 192.168.1.1
  Configuring nat on the router will resolve this problem.
  regards,
  Leo

• Small branch office network

  We have a small branch office (7 users) that will be moving to a building that has a Wireless Residential Gateway (Model: DPC3829).  This device provides wifi for 2 other tenants on the same floor.  Can we connect another wireless router to this wireless residential gateway device and create our own SSID so that we don't have to use the wifi settings that the other 2 tenants connect to?  
  I've attached a picture of what the back of the DPC3829 currently looks like.  I am thinking I can plug that yellow network cable into another wireless router and create our own wireless network (obviously off of their internet connection) for our 7 users. 
  Thank you for your help.

  u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
  you are correct in what you want to do, and it can be done no problem.
  Regards
  Please mark answer as correct if it helps.

• WLAN Controller at HQ and AP's at Branch offices

  I have a WLAN controller at HQ and want to put APs at my branch offices, but connected and managed by my controller at HQ. I know that if the WAN goes down, I will lose wireless, etc.
  my question is:
  Is there anything I should watch out for with this type of setup? I will have separate vlans' for the wireless and data.. will this matter when it hits the MPLS from the branch back to the HQ WLAN controller? I thought maybe the vlan tagging had to stay consistant between AP and WLAN controller?

  Hybrid Remote Edge Access Point (HREAP) is a mode supportede by 1130 and 1240 series AP's. In the upcoming release of version 4.2, HREAP will also have full support for voice roaming as well. With HREAP, wireless users already authenticated will remain connected in the event of a WAN outage. In addition, v4.2 will support local site authentication for HREAP deployments. If you have an ACS server at the remote site, you can even authenticate new users during a WAN outage. I wouldn't recommend anything in the 1000 series AP family. It's already been announced that it's going end of sale. Keep in mind the latency between AP and controller must be less than 100ms.

• IP Adressing and subnetting for small company

  Hey everybody. I'm trying to come up with the best solution for this topology. The descryption is as follows:
  A small company with 50PCs, 10Printers, 5Web Servers and 5 IP phones is functioning in two places. City A - the main branch and City B.
  Now I would like to know how should I do this. According to my friend the servers should have their own static IP. Each of the host PC on this screenshot represents actually 10PCs and each printer stands for two. Also the subnetting should be ready for growth of the company so there should be some extra slots or even segments. I've read the guide to this at http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml, but I still don't understand how should it be done when there is one more switch standing on top of the other subnets.
  Now, I can choose any IPs I want and any class I want.. it't just an exercise so, if you guys here can, and are willing, please tell me how should this be properly done.
  Thanks.

  Jonathan Statham wrote:Hey everybody. I'm trying to come up with the best solution for this topology. The descryption is as follows:A small company with 50PCs, 10Printers, 5Web Servers and 5 IP phones is functioning in two places. City A - the main branch and City B.Now I would like to know how should I do this. According to my friend the servers should have their own static IP. Each of the host PC on this screenshot represents actually 10PCs and each printer stands for two. Also the subnetting should be ready for growth of the company so there should be some extra slots or even segments. I've read the guide to this at http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml, but I still don't understand how should it be done when there is one more switch standing on top of the other subnets.Now, I can choose any IPs I want and any class I want.. it't just an exercise so, if you guys here can, and are willing, please tell me how should this be properly done. Thanks.
  The first question I have is - are your switches layer 3 capable, or just layer 2?
  I would have each segment in a separate VLAN, with a /24 for IP space, then trunk the VLAN's back to switch 1 (if it's layer 3 capable), or through switch 1 to the router, making switch 1 the "distribution" switch and the router your "core".
  Use a /30 for your intra-site link (no need for more - it's a point-to-point link - and use another /24 for Site 2.
  Make sure your routers have clear routes configured to link all the subnets, and away you go. Separate VLAN's to reduce broadcast domains, nice little islands of PC's and printers, and logical separation.
  If *all* your switches are Layer 3 capable, you could be more complex and setup each switch with SVI's for your connected devices, and then use another SVI (or no switchport option on your uplink port) to connect them - but that'd be messy, and you'd end up having a to put a routing table on all devices which you really don't need.
  Cheers.

• Best file for importing images from Illustrator and Photoshop for small file sizes

  Hello Adode consults!
  I'm in the process of preparing an inDesign file for a school project -- I've already had a few harrowing experiences sending large files to the printer that are too large to process (and a very grumpy computer, etc). The end result will be a poster around 36 inches by 4 or 5 feet.
  I'm wondering if there are any best practices for making sure that the files imported into InDesign are a manageable size to begin with. Should I, for instance, be saving each file as a jpeg before placing in Indesign?
  Thanks!
  -Katherine

  No, you should not save every file as JPG before placing it in INDesign. JPG is only usefull for raster images (like photos) without any transparency in high quality.
  When you place images use:
  For raster images from Photoshop psd (rgb with color profile)
  For raster images from Photoshop with form layers, texts or any vector element use PDF (or PDP) with layers.
  For vector graphics from Illustrator use AI files or PDF.
  For layouts from other InDesign projects use either the INDD itsself or export a PDF/X4.
  But to the printer deliver a PDF according to their standards. E.g. when they need CMYK files export as PDF/X1a with the required output color space and the resolution they want. Produce the pdf via Export (Print).
  Don't deliver open INDD. File size should for printing projects not be an issue.

• Please Help (Mouse input and graphics for small game)

  Hi everyone, I'm new to this forum, but it looked like a good place to get some help with a simple-ish game I've been working on. I sorta posted the beginnings of it on a forum dedicated to another cool game called Soldat.
  So that I don't have to retype much about the game itself, the link to the discussion is here (please mind the non-dev talk in there):
  http://www.soldatforums.com/topic.asp?topic_id=20916
  and the start of the 'game' is here:
  http://llsc.us/members/Solidarnosc/uploads/SolidarnoscNew.jar
  Anyhow, I need some advice on fast graphics. My game is sorta 3D (sorta-3D = that enigmatic 3D look in a 3D environment with sprites and no perspective), but I managed to use some simple mathematics and the basic AWT drawing methods to replicate 3D. The problem is that this is rather slow.
  I have started to have a look at different methods of drawing such as OpenGL using JOGL etc, but this is all rather daunting at the moment for someone somewhat self taught (OK, I have done a bit of Java at high school, but it didn't get as far as using such big words as Classpath, Package, let alone Buffer) and I seem to have a curse like Tubbers when it comes to semi-complicated tutorials. Ideally, it would be handy if there was a very simple example or a class that extended a Frame or something similar that had a modified graphics/drawing system with a 'perfect' buffering system (OK, maybe I'm dreaming).
  The other thing that I need help with is mouse movement detection. Currently, I am using a simple system of reading the mouse position on the frame to determine movement, but ideally I need a system that allows the mouse to keep moving without the constraints of the cursor needing to be in the form and not moving at edges of screen, etc.
  Help would be appreciated, but thanks for reading this anyway.

  Maybe I'm not making myself clear here (or maybe I
  missed a sign that that said "open source only"). I
  don't need a part of my program fixed by someone else
  as such, but rather I was just wondering what the
  easiest way to speed up AWT graphics is and how can I
  read mouse motion (specific to neither the cursor nor
  the application's frame) or even just set the
  cursor's position relative to frame. Failing that,
  can someone tell me how I should read mouse input in
  a way similar to a standard First Person Shooter?Unless I am missunderstanding what you want again, then take a look at AWT's Toolkit, it has
  public void addAWTEventListener(AWTEventListener listener,
                                  long eventMask)and it should do what you want.

• To make a new site or not? (for branch office with small number of people)

  We have a main office, with our DC (DC01) and a single site (SiteHO), and we are about to open up a new branch office in another city.  This branch office is connected to the head office via a 5 Mbps MPLS network.  The branch office will have around
  5-7 domain joined workstations, and the people there will require access to the existing file and exchange servers in the head office. 
  I was thinking about not adding a RODC in the branch office and not creating another site in AD for the branch office either.  My thinking is that since the number of users is relatively low, it doesn't warrant having a new RODC and site.  The
  traffic generated by the 5-7 user logon activities will be minimal, and the local profiles are stored on the workstations (no roaming profiles), so there shouldn't be much WAN link impact.  Obviously I would have to add the subnet from the branch office
  to the SiteHO site. 
  Can anybody think of something wrong with my reasoning?

  I think the dedicated line has a little to do with AD since its used both to authenticate the users and move the data.
  I am not sure what bandwith you get from an internet provider in your location, but for example you might get a 100Mb internet connection from an ISP. A VPN tunnel over a 100Mb internet connection I am guessing is faster then a 5Mb guaranteed MPLS link.
  The advantage of MPLS is that you can have QoS policies for voice and video traffic.
  If users move 'very large files' perhaps a local file server might be an good option. DFS replication can save a lot of bandwidth in that case. And then you would have 'local resources' in the branch and in case of wan failure the users will not be able
  to access the local file server resource. So you would need a secondary DC in that location.
  And if they are moving the files think (and check) the impact on the MPLS, because authentication requests go through that link, Exchange traffic (RPC MAPI) goes through that link so these might be affected. For example, lets say you have 2GB mailboxes.
  All Outlook users use OST files. One user's profile gets corrupted and needs to be rebuilt. The Outlook client sets up a fresh OST copy of the mailbox so now its downloading a 2GB mailbox copy over a 5Mb MPLS while some other user is moving a 'large file'.
  By local resources I am referring to file servers, printers, applications in the branch location that require AD authentication. Authentication works with both VPN and MPLS and in case the wan/vpn is down users can even log in with
  cached credentials.
  Hope it helps.
  http://mariusene.wordpress.com/

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Perfect router for small office (2-3 peoples)

  Hello,
  I'm trying to find the most cost effective VoIP solution for one of our small branch offices. This office will have no more than 3 peoples, but each person requires to have a PC and Cisco IP phone (voicemail, multiple line, direct inbound, pstn dial out and etc).
  Building will provide ethernet hand-off for internet access (part of T1 I guess) so we are planning to create VPN connection between our data center and the local gateway.
  As for the PSTN connection, 2 POTS will be provided by LEC. Gateway should be able to accomodate 4 Ports FXO module.
  What would be the smallest but the best router can handle firewall/VPN/IP Voice/PSTN for the small office?
  Thank you very much for your help in advance.

  Hi,
  What drives the price up a bit is the FXO requirement. Cisco used to have a router small as the 1751V, but it is EOL now, so the smaller you can get is a 2801. The price is almost the same but the earlier model was a bit more office-friendly due the box shape and size, while the 2801 is a classic rack box 1 unit.
  The good thing with the 2801 is that it supports POE (optionally), so if you put one 4 or 9 port ethernet switch (HWIC) in the router, your phones can work without the external power supply.
  You can configure the voice system be totally controlled by the router itself with the embedded CCME, or be part of company's CallManager (now CommunicationManager)
  Can I give you another advice, try to get ISDN BRI preferentially instead of FXO. You will have all the features like DID, caller-ID, and much easier setup a diagnostic in the router. Plus, if you add a WIC-1B/ST you can also have ISDN backup using the same data facilities.
  Please remember to rate useful posts!

• Branch office dial backup design

  I'm having more trouble with this than I think I should.
  I have 10 small branch offices connected to the home office via frame-relay -- it's purely hub-and-spoke, with no PVC's between branch offices, everything goes to the central office. I'm trying to set up a POTS dial scenario to replicate this. Each branch has a 26xx with a two-port serial card, two analog modems and two POTS lines. The central office has an ISDN PRI terminating in a 3725 with MICA modems.
  I can get a branch router to dial on one or both lines (multilink ppp), and the 3725 receives the call. CHAP negotiation works. Where I'm having trouble is in the IP routing. I've tried countless combinations of numbered and unnumbered interfaces, dialer-based ip pool on the 3725, EIGRP and/or floating static routes, etc., etc. Nevertheless, I can't get correct ip routes established, and I feel like I'm banging my head against the wall now. None of the edsign docs I can find on the Web site directly address my scenario in a way I can understand. Any suggestions?

  This is my config for our 3640.
  interface Group-Async1
  ip unnumbered Serial1/0:23
  encapsulation ppp
  no ip mroute-cache
  dialer in-band
  dialer idle-timeout 1200
  dialer map ip 170.1.1.16 name bri01rt01ec
  dialer-group 1
  async mode interactive
  peer default ip address pool default
  ppp authentication pap chap ca
  ip route 192.168.16.0 255.255.255.0 172.17.1.6-----our PIX
  ip route 192.168.16.0 255.255.255.0 170.1.1.16 200---Ip address of modem that dials in from 1750.
  This config looks fine to me..what does everyone think?

• Windows 2008 R2 RODC + Branch Office

  I'm looking at utilising a new RODC in a small branch office but I have a copuple of queries that hopefully someone can point in the right direction.
  Is it possible to move a RODC to a new Site / Subnet like you can with a normal DC. I plan to build the rodc and then move it to the new office once the sites / subnets have been created.
  I think I need to run ADPREP / rodcprep to install this server. I currently have 2 windows 2008 rc domain controllers and 1 windows 2003 (soon to be retired).
  Plan:
  Adprep the domain
  Build Windows server and promote to RODC
  Create new site and subnet
  POwer down RODC
  Move RODC to the new site within AD and physcially move to site
  Does this sound feasible?
  Many thanks

  I'm looking at utilising a new RODC in a small branch office but I have a copuple of queries that hopefully someone can point in the right direction.
  Is it possible to move a RODC to a new Site / Subnet like you can with a normal DC. I plan to build the rodc and then move it to the new office once the sites / subnets have been created.
  I think I need to run ADPREP / rodcprep to install this server. I currently have 2 windows 2008 rc domain controllers and 1 windows 2003 (soon to be retired).
  Greetings!
  Promote your RODC and let it replicate the content from RWDC, after that move RODC within new site and then move the server to new location with yourself.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Branch office logic from SD

  The business scenario I'm trying to address is:
  we have multiple customers/shiptos that order, have credits issued for, and an individual credit limit set - but one corporate office that pays all of the bills and wants to take credits from shipto A for a balance on shipto B. 
  I know about and have set up the head office/branch office relationship and about setting the Payer partner to = the head office.  The problem with this set up is that it rolls into one credit limit (head office customer) rather than each branch having it's own.  If I change the payer to = the branch office, then it does not show up within open items or cash app in FI under the head office.
  Has anyone figured out how to keep seperate credit accounts for the branch offices but apply cash from a corporate level?

  The variable WDSSERVER is a variable that is figured out by MDT when booting a machine using the boot image created by Microsoft Deployment Toolkit. Therefore it is not available in Windows.
  If you want different WSUS servers depending on location of the client you can use for instance this technique in CustomSettings.ini. This will point clients on a specific subnet to a specific WSUS server.
  [Settings]
  Priority=DefaultGateway,Default
  [DefaultGateway]
  10.0.0.1=HQ
  10.0.1.1=BranchOffice
  [HQ]
  WSUSServer=http://wsus-hq:8530
   [BranchOffice]
  WSUSServer=http://wsus-branch:8530
  Blogging about Windows for IT pros at
  www.theexperienceblog.com

• Branch Office Mail Server?

  I have Mac OS X providing mail services to about 100 users at a main office. We are opening a branch office with 20-30 users. I'm wondering if it is possible to setup another mail server for the branch office using the same domain. The users at the branch office are moderately heavy users who will often deal with lots of attachments. I would like them to have an IMAP server that is local to them for better performance and to reduce traffic on the main office network.
  I thought I'd give it a try. There's a field called "Mail Server" on the mail tab of WGM for each user. I put the address of the branch office server in that field. However, the main office server keeps the messages in its own mailstore. So, what's this field for? It doesn't seem to do anything.
  I see a way to accomplish this by editing the postfix alias file for each user and adding a line for each branch office user like branchofficeuser: [email protected] but that wouldn't be so nice if I ever have to turn over administration of these servers to someone else.
  Is there any way to distribute mail for users of the same domain across more than one IMAP server without resorting to entering aliases to subdomains for each user?

  x

• Advise on using Branch office server as backup

  Hello and thanks for assistance,
  The site in question has four physical servers and two virtual servers. They have the following major functions. Server A is a DC/DNS server as well as hosting DFS files. Server B holds exchange server 2012A and the replica partner for DFS, Server C 
  has two virtual servers installed. First one is exchange 2012B and second one is the antivirus server. Server D is a DC and a witness server. It also holds WSUS. Backup is taking as long as 12 hours. I had an idea of moving Server C and D offsite and configuring
  them as branch office servers using VPN. Then all data including mail will be offsite and eliminate the need for backups. All servers of course have RAID1 so my concern really is not hardware related but disaster recovery in the event of fire, flood, ect.
  I know this idea may be full of holes but that is why I am posting this for your opinions. There are about 50 workstations in the network. The client is very dependent on the network.
  Thanks
  Ronald C. Pope

  Hi Ronald,
  Of course you can create offsite Exchange server and DC. The connection performance may be an issue as you must use site-to-site VPN incase you need a failover.
  Both topics are discussed a lot in Exchange and DC forum:
  Advice for Offsite DC
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/237d8767-4004-448d-883d-ccb596b4da61/advice-for-offsite-dc
  Onsite and Offsite Exchange 2010 Failover?
  http://social.technet.microsoft.com/Forums/exchange/en-US/6cfdfa81-9a4a-499d-a0dd-96b6b8d07bdc/onsite-and-offsite-exchange-2010-failover
  If you have any feedback on our support, please send to [email protected]