State of the enterprise network & wireless technology

Similar Messages

• VRF Lite running in the enterprise network

  Hello everybody
  Altough VRF lite (or Mulit VRF) seems to be a Service Provider Tecnology.
  Does it make sense to use it in an Enterprise Network to isolate Networks from others ?
  I cant find any design paper which describes if this would make sense.
  What do you think. Is someone using it ? Does Cisco recommend it ?

  Yes, VRF-lite SHOULD be used in an Enterprise environment to isolate the different security classes of devices.
  In the past you would isolate different groups of users using Layer1, i.e. separate hubs either totally isolated or connected together by a router with ACLs. Since the PCs were only connected at shared 10 Mbit and the routers were such low performance and worms weren't really prevalent, this was not a big security issue at the time.
  Then we migrated to VLANs, which essentially allowed Layer2 isolation within the same switch to provide the same functionality of separating different classes of users and to break up broadcast domains. Unfortunately, everyone connected the VLANs together at Layer3 with a router (or SVI) which essentially connected everything together again! And almost no one gets the ACLs right (if at all) to isolate the VLANs from each other. In fact, in most cases every VLAN can automatically reach every other VLAN from a Layer3 or IP perspective. This is a huge security problem.
  Enter VRF-lite, essentially created by Cisco as their tag switching migrated to standards based MPLS and had a need to isolate Layer3 security domains from each other within the same switch (or router). Think of VLANs for routing tables. VRF stands for 'Virtual Route Forwarding', which basically means separate routing tables. Since VRF-lite is a per-switch feature (running locally to the switch) you will need to use other technologies to connect multiple VRF-lite switches together and keep the traffic isolated, see below.
  What makes this so secure is that there is no command within the switch to connect different VRFs together within the same switch. You would need to connect a cable between two ports on the same switch configured in different VRFs to be able to communicate between them (recent IOS 12.2SR allows tunnels with different source VRFs but that is a corner case). The reason for this is simple, remember the basis for VRF (and VRF-lite) is for a service provider to isolate multiple customers from each other within the same switch. Just like an ATM, Frame-Relay, SONET, or Optical switch, the command line makes it very difficult (or impossible) to accidentally connect 2 different customers together.
  Think about that. Even if someone was able to get ssh enable access to your switch (you aren't running telnet anymore, right?!), they CAN'T connect 2 VRFs together with any command.
  And, yes, this is highly recommended by Cisco Engineers and is actually deployed far more than you think. I have VRF-lite running on at least 10 client's networks and those are LARGE networks. VRF-lite was integrated into the environment purely to solve a Layer3 security class isolation issue. I have used Layer3 dot1q trunks on c6500 switches and tunnels to keep isolated connectivity between VRFs between switches.
  In Cisco speak, VRF-lite falls under the topic of 'Path Isolation' which is combined with other features that isolate traffic within the same network such as dot1q trunking, tunneling, VPN, policy-routing, and MPLS. Do a search on Cisco's web site for 'path isolation' and you will find a bunch of info.
  See the following URLs for a good start:
  http://www.cisco.com/en/US/netsol/ns658/networking_solutions_design_guidances_list.html
  http://www.cisco.com/en/US/netsol/ns658/netbr0900aecd804a17db.html
  http://www.cisco.com/en/US/netsol/ns658/networking_solutions_white_paper0900aecd804a17c9.shtml
  As always, rate all posts appropriately, particularly those that provide value and don't be shy about following up with additional questions or comments.
  Good luck!

• Providing DRC solution for ATMs in the enterprise network

  Hi all,
  I am looking for ideas on how to provide a Disaster Recovery solution for thousands of ATMs (Automated Teller Machine) deployed in the bank enterprise network. The solution should consider
  the following facts:-
  1.- Having the ATMs switch the connection to the Server at DRC shouldn't be automatic. This situation might last for the next few years until DRC becomes mirror image of primary data center.
  2.- The ATM servers at the primary and disaster recovery center is single server equipped with high availability (Tandem). I mean to say, there is no SLBs invloved in the connection
  3.- The application running on the ATMs is calling the ATM Server by hardcoded IP address in the application. The bank is willing to visit the ATMs to change once and forever.
  I see source natting as the most appropriate solution, however your opanion and expertise are appreciated.
  Thanks
  Sami

  Sami,
  what kind of solution are you looking for ?
  Is the concern the connection from ATM to central location ?
  Or is it a concern about the server at the central location ?
  For connection issues, I don't see any other solution than providing multiple lines.
  If the concern is the single server, you could have a loadbalancer somewhere in your network.
  The loadbalancer can use probes to check the health of the server.
  If the primary fails, or is unreachable, you can automatically redirect the traffic to the standby.
  ATM machines will point to the virtual ip (you could reuse the current ip and assign a new one to the servers).
  Not sure where to place the loadbalancer without a better idea of the problem to solve and the network.
  Gilles.

• IPad on the Enterprise network

  Hello All -
  I am looking to get some more information on the iPad in the enterprise. We are currently using Cisco wireless running a corporate SSID using WPA+WPA2 with AES and 802.1X.
  Is anyone running iPad's in the 802.1X enterprise? We use a Device CA for all of our devices, is it possible to use this on the iPad or do you have to use client CA?
  I am using the iPad configuration utility to try and configure my test iPad, but it doesn't seem to work like I need it to. I get to a certain point and it wants username and password. I do not want a user to have to login, so this would lead me to believe client CA needs to be used and not Device CA.
  Can anyone help me out?

  First, try a system reset.  It cures many ills and it's quick, easy and harmless...
  Hold down the on/off switch and the Home button simultaneously until you see the Apple logo.  Ignore the "Slide to power off" text if it appears.  You will not lose any apps, data, music, movies, settings, etc.
  If the Reset doesn't work, try a Restore.  Note that it's nowhere near as quick as a Reset.  It could take well over an hour!  Connect via cable to the computer that you use for sync.  From iTunes, select the iPad/iPod and then select the Summary tab.  Follow the on-screen directions for Restore and be sure to say "yes" to the backup.  You will be warned that all data (apps, music, movies, etc.) will be erased but, as the Restore finishes, you will be asked if you wish the contents of the backup to be copied to the iPad/iPod.  Again, say "yes."
  At the end of the basic Restore, you will be asked if you wish to sync the iPad/iPod.  As before, say "yes."  Note that that sync selection will disappear and the Restore will end if you do not respond within a reasonable time.  If that happens, only the apps that are part of the IOS will appear on your device.  Corrective action is simple -  choose manual "Sync" from the bottom right of iTunes.
  If you're unable to do the Restore, go into Recovery Mode per the instructions here.  You WILL lose all of your data (game scores, etc,) but, for the most part, you can redownload apps and music without be charged again.  Also, if you have IOS-7, read this.

• Ps CC 2014 not opening files on enterprise network - any ideas?

  I've recently run in to an issue where i cannot open any files or start a new .PSD when logged into my company's network.
  However, when I'm working at home on my personal network, everything is functioning normally.
  Any ideas what the issue might be? Our IT help desk do not support Adobe CC, but if I can make a suggestion as to what the snag might be on the enterprise network, I might be able to avoid having my PC re-imaged, which is the only solution they've suggested so far!
  Thanks!
  Jon

  If I drag a .jpg or .png in to Ps, nothing opens.
  If I use 'File -> Open' and select .PSD, .jpg,, .png, nothing...
  If create a new document, still nothing.
  All these scenarios work just fine when not logged in to the company network.
  I've uninstalled/reinstalled Ps, updated all Dell drivers.

• My ipad with retina display can't find my epson artisan 730 wireless printer. They are on the same network and printer's wireless connection is excellent. What are the steps to fix this?

  My imac won't pick up the printer either. Even after I updated it's software.  My ipad is new.  Any help would be appreciated. Thanks!

  No change. The printer still doesn't show up on my devices even though they are all on the same network.  On the printer's connection print out the connection reads Pass and that the network is working correctly.  However, then it states "*A router/access point channel conflict has been detected. If you have problems printing or scanning, Improve your wireless network environment." "*If the problems persist, see your documentation for help and networking tips."
  I've gone through all the documentation and still can't figure out what the problem is.  I've had the router checked out by my building and they claim everything is in order.  I have a excellent signal.

• Iphone 4s wireless issues on a .1X enterprise network

  Hi,
  I'm having a problem with my iphone 4s dropping connection with a .1X enterprise network.
  I can connect but after about 15 minutes the wireless will drop and i have to manually reconnect to it.
  I've turned off the 3g service as it would try and re-connect to that. The strange thing is whilst testing out this problem with
  an ipad 2 (OS 5.0.1) and a macbook pro (os10.7.2) the iphone 4s dropped its wireless connection but the other two devices stayed
  connected and all 3 devices were connected to the same AP.
  Has anyone else came across this problem?? If so was there a work around?
  The network is question is an Eduroam wireless connection with the following spec
  Network name (SSID): eduroam
  Network Authentication: WPA2 Enterprise
  Data encryption: AES
  EAP Method: PEAP
  Phase 2 Authentication: MSCHAPv2
  (this was pulled from the manaul set up guide)

  Hi!when I try turned of my wifi with fn+f12 it totaly dissapeared. I've tried to turn my wifi on again with the same buttons but with no sucess. I've searched for alternative ways to turn it on ex through hp wireless assistance and windows mobility center but niether can detect my wifi. Basically it's like I don't even have wifi on this laptop.No wifi icon and no warnings or signs of disfuntional hardware. I've tried downloading new drives from HP's support site but all the installation ive tried so far just closes whitout finishing and whitout warnings.  i've also tried HP's restore functions to try and install the drivers that way but with no sucess. And even trying to restore to a previous backup point with windows backup and restore proved useless. although the wired connection works fine. any help on this matter is greatly appricieted my system specswindows 7 64bit HP pavilion g7 Notebookg7-1032Product nr LQ145EA#UUW These are the only network adaptors listed in my device manager Realtek PCIe Family ControllerPCI\VEN_10EC&DEV_8136&SUBSYS_166B103C&REV_05
  PCI\VEN_10EC&DEV_8136&SUBSYS_166B103C
  PCI\VEN_10EC&DEV_8136&CC_020000
  PCI\VEN_10EC&DEV_8136&CC_0200 Hamachi Network interfacehamachi //Chris

• Officejet 6000 wireless and WPA2-Enterprise network security

  I own an Officejet 6000 wireless printer. The manual says that it should be compatible with a wireless network with WPA2-Enterprise network security but when setting up the connection (I am using a macbook and am setting the printer up via usb connection) the newtork is listed but the security type is "unsupported." For whatever its worth it is listed 5 or 6 times but probably thats a different issue.
  I can still select the right network but it only asks for a security key, but my network security requires a log-in name and password.
  What can I do to get my printer connected to the network?

  I get the feeling that most of the people replying here don't know the difference between WPA2-Personal and WPA2-Enterprise.
  Personal has a passkey.
  Enterprise uses both a username and password, usually in conjunction with a Radius server (802.1X athentication).
  What we've had to do solve this problem is create a second SSID on the network that authenticates on WPA2-Personal. We use a really long password to secure the network, one that I will never be able to memorize in my lifetime.
  All we can hope for is that these enterprise-level vendors will, perhaps, gain a greater understanding of wireless authentication processes and the needs of actual enterprise customers who at least a percieved need for wireless printer capabilities. It used to be that customer was always right, though. Perhaps those days are gone...
  The other problem that probably ought to be addressed on consumer end is the fact that multicast tools that make AirPrint work (such as Bonjour), are being blocked from crossing between your wired and wireless networks, perhaps by the wireless controller or due to inefficient routing hierarchy or NAT/PAT issues. Solve this issue and you won't have a need for wireless printers.

• I'm suddenly getting the kernel panic message and constant restarts when connected to the time machine wireless network. if is switch to the BT network, all fine. no help found so far as to what's wrong or how to correct, anyone have any thoughts...

  Recently upgraded to mountain lion in order to buy the new tall tower for time machine backups. had to get technical support to help with set up as it wouldn't play ball with two computers. all working fine up until last week when the iMac started getting backup error messages. then system restarts independently when using time machine on the time machine wireless network. only stops restarting when I switch the wireless network back to he bt one, which is a pain obviously as can't back up to time machine then.  it has to be a problem with airport utility or something wireless but all says all up to date with software etc. all still works fine backing up from laptop on the wireless network, just the iMac is not happy. any help or thoughts very much appreciated.

  Hi, many thanks Bob, what you say is not unthinkable at all, although it does answer the question
  "what could I do *instead* of ..." rather than the one I actually asked, but seriously ...
  Shutting down might be an answer, although it would clear out my tmp directory - which I might not want to have to sort through looking for things I want to save every time I go to work, and also, now that nvram doesn't seem to work for disabling the boot chime, it can get a bit embarassing booting up in a busy meeting if I have forgotten to mute before I shut down. There are all sorts of other issues, such as editing documents, loading web pages and so on that I would have to set up again.
  Your suggestion of letting Apple know is a good one - thank you for the link.
  Take care,
  Mark

• Does a wireless printer need to be on the TC network or can it remain on the FIOS router network

  I have a verizon FIOS router with one wireless network...connected to it are 3 laptops, 2 HP wireless printers and numerous things like TV's, wii and Apple TV...when I set up a new TC and use it as my router for my Macbook Pro will I be able to print to the printers if I leave them on the FIOS network?..I of course will have the TC connected to the FIOS router via a ethernet cable. Its a pain to reset up all the numerous devices to a new network. Since the TC is connected to the FIOS router is it safe to assume something connect to the TC is also connected to the FIOS wireless network??

  yes we got sidetracked into the extending thing..I don't want to do that I want to do what you mentioned latter..2 different networks I was planing on leaving my TV's, blueray, WII on the FIOS network but connect the laptops to the TC N network..and I'm now sure I'll have to set up the wireless printers on the TC network or the laptops wont see them..
  So I will do as you mentioned in another post and:
  Here is how to hook up your Time Capsule to the FIOS router:
  Connect an ethernet cable from one of the LAN <-> ports on the FIOS router to the WAN (circle of dots icon) port on the Time Capsule.
  Open Macintosh HD > Applications > Utilities > AirPort Utility and click Continue to follow the guided setup to configure your Time Capsule.
  Page 1 will ask you to assign a name and device password for the Time Capsule
  Page 2 you want to choose the option to Create a wireless network
  Page 3 will ask you choose a name for the wireless network and a password
  Page 4 you want to select the Bridge Mode option
  Page 5 select Configure IPv4 using DHCP. Leave everything else blank
  Click Update to save your settings and the Time Capsule will restart in 25-30 seconds and you should have a green light.
  You can now log on to the Time Capsule wireless network by locating the name of the network and entering the wireless network password.
  It is possible that having two routers in close proximity both producing a wireless network may introduce wireless interference effects between the two networks. If you experience this, you will need to turn off the wireless on the FIOS router.

• How to connect an apple tv to an enterprise network with a username and a password?   I need to use it over my university's wifi. theres no option to enter username and password. how to connect the apple tv to such enterprise network?

  How to connect an apple tv to an enterprise network with a username and a password?
  I need to use it over my university's wifi. theres no option to enter username and password. how to connect the apple tv to such enterprise network?

  Contact the University's IT dept, they may be able to set something up on the network to allow the ATV to connect without the need for a user name/password.

• If I connect a time capsule via ethernet to an existing internet connection and use it to create a private wifi network for my wireless devices, will other users on the primary network (not the private wifi one) be able to access my files on my TCapsule?

  Like it says in the title basically.
  I want to use a time capsule to store my files and backups and access it from my phone and MacBook Air. However I do not want the others in my house who are currently connected to the same wifi/ethernet router to use my connection or my TC hard drives.
  I had also been thinking about wirelessly extending the wifi network (a linksys N router) but I guess that will allow everyone to access my Time Capsule?
  I hope you guys can help me.
  Regards, Guido

  ......will other users on the primary network (not the private wifi one) be able to access my files on my TCapsule?
  No, if you have not provided them with the Time Capsule device password. 
  Users will be able to "see" the Time Capsule icon under the SHARED heading in the Finder on their Macs, but they will not be able to access the drive or the files.
  I had also been thinking about wirelessly extending the wifi network (a linksys N router) but I guess that will allow everyone to access my Time Capsule?
  Same answer as above.

• Welcome to the Enterprise Data Center Networking Discussion

  Welcome to the Cisco Networking Professionals Connection Network Infrastructure Forum. This conversation will provide you the opportunity to discuss general issues surrounding Enterprise Data Center Networking. We encourage everyone to share their knowledge and start conversations on issues such as Mainframe connectivity, SNA Switching Services, DLSw+, managing SNA/IP and any other topic concerning Enterprise Data Center Networking.
  Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
  We encourage you to tell your fellow networking professionals about the site!
  If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at [email protected]

  Hi together,
  Since the release of SAP NetWeaver 2004s to 'Unrestricted Shipment' as of 6th of June 2006, we have renamed the forum 'SAP NetWeaver2004s Ramp-Up' to 'BI in SAP NetWeaver2004s'.
  The forum should continue to adress BI issues particular to the release SAP NetWeaver 2004s. Please post general BI, project, etc. question to the other existing BI forums.
  The SAP NetWeaver BI organisation will also use this forum to communicate / roll-out information particular to the release of SAP NetWeaver 2004s (in addtion to the FAQs and other material on the SAP Service Marketplace and information in other areas of the SDN).
    Cheers
       SAP NetWeaver BI Organisation

• Enterprise Manager is not able to connect to the database instance. The state of the components are listed below.

  Dear all,
  I have trouble to connect em console to database instance. My database is 11.2.0.3 and before this I did the patching from version 11.2.0.1, and now i cannot get fully functionality of em console.
  error is:
  Enterprise Manager is not able to connect to the database instance. The state of the components are listed below.
  It shows that agent is connected, database and listener is up.
  I did recreation, dropping and recreating with emca, but no success.
  Did anyone have similar problems with em console?
  Regards,

  You need to first of all, Connect to the Database as SYSDBA (because your were not connected), then start the database (because it is not started).
  If you already used the username and password in the command prompt and you are sure that the database is already stared, then you need to set the ORACLE_SID before you open SQLPlus. This is because if SQLPlus does not know the SID you are connecting to, it simply thinks it is not up or has no service hence the message "Connected to an idle instance".

• Epson Artisan 800 can't scan over the network (wireless)

  Hi,
  I installed the Artisan 800 all-in-one drivers and software. I can print wirelessly. I looked up Epson scanning setup help. When I open Epson Scan Settings.app, click on "Network", but all the buttons are disbled (unclickable). Therefore, I cannot click "Add" and all the subsequent steps. I tried adding the app to the "incoming allowed" list in Firewall, disabled the Firewall entirely, but to no avail. Funny thing is, it was working a couple of months ago when I had the printer new, but since then I have installed a couple of OS X updates (I believe I had 10.5.5 when it was working). In the intervening period, I also messed around with the OS X supplied Printer drivers (deleted a whole bunch of files, not sure if some required files were deleted), and I noted that the recent 10.5.7 update (and possibly 10.5.6 before) did not restore those files. However today I uninstalled all the Epson drivers/files using the A800 supplied CD, and reinstalled everything. I even tried installing the scanner files from Epson's webpage. Nothing worked. Please suggest something!

  i had a similar problem -I connected by printer to an iMac via a network cable to a Time Machine 802.111 router. Could print but not scan. I could only get the scan functions working by setting up the wireless connection on the printer. But then I could not print until i reconnected the network cable between the printer and the TIme capsule. Tel support from Epson seemed more confused than me!
  Should I have to have the printer networked by cable as well as wireless? That seems silly. I must be missing a step in one of the setups.