SVI for Servers & User VLANs

Similar Messages

• Topology for servers' side VLAN int

  With an ACE SM in the cat65k configured in routed mode and the real servers' defaul gateway being the server side Layer 3 VLAN int on the ACE, when the real server initiates the connection, does it go to the MSFC-ACE-server side Layer 3 VLAN int or does it somehow hit the Layer 3 VLAN int on the ACE without going thru MSFC?
  Thanks..  

  It depends what ip address is configured as default gateway on the server.
  If ACE, it will go to ACE.
  And the problem is that the response will probably bypass ACE if the MSFC is attached to the server vlan.
  You should not configure the MSFC interface on the server vlan.  Let the ACE route between servers and MSFC.
  Gilles.

• 802.1X and per user vlan

  hi all,
  I would like to know if i can assign one user in a vlan with 802.1X in a wireless environment ?
  if yes,Do i need a particular radius server or is this feature "basic" on ias,acs,meetinghouse funk..
  Can i have a vlan authentication policy (i.e vlan 2 no authen, vlan 3 eap-md5 )
  Can i authenticate user1 on domain1 and user2 on domain2 on the same AP with a radius ias,acs or other?.
  Thanks

  I take a stab at some of this...
  I have per user VLANS setup on my 1220 AP's and am using 2003 server IAS for the radius server. I also had it working on 2000 server.
  I have one VLAN with no authentication and others for my users that do authenticate. They are authenticating using MS PEAP and UN/PW combo.
  Here is a link on VLANS for the VXWORKS series of AP's
  http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00800e02cb.html
  This one is for IOS (looks new I haven't read it yet..)
  http://www.cisco.com/en/US/customer/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
  Finally another link -
  http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
  I am not sure about the different user/domain combos since I only have one domain here. There are also some good posts in this forum, do a search for per user vlan, etc.
  Good Luck.
  Don

• Users VLAN and Management VLAN

  is it possible to separate two VLANs:
  one is running for the users VLAN connects to the clients
  one is for management purpose.
  Is there a sample code available for access points, bridges, and switches?
  I am really appreciated that

  Hi,
  You can configure VLANs on enterprise access points.
  What you need to do is configure the access point with its managment IP address, set this as the native vlan and then add the other VLAN or VLANs.
  Then on the switch that the access point is connected to you need to configure a trunk port and make sure that the native vlan is the same VLAN you set as native on the access point.
  As an example if the Access point has an IP address for managment vlan 20, we set this VLAN as native and then we add the other VLAN or VLANs, and on the switch you configure the port as a trunk port with the same native VLAN 20.
  Note, native vlan is the same as untagged vlan. When we confgure a trunk port this will tag all vlans except the native vlan or untagged vlan that needs to be the same between directly connected devices.

• Enable the UAC settings for Domain Controller / Member servers and for end user systems

  Hi
  We are working on hardening the security for all Domain Controllers / Member Servers and end users systems. As part of it we would like to know the best practice for UAC settings for each of these servers. There are 8 settings related to UAC and as of now
  we configured just "User Account Control: Behavior of the elevation prompt for standard users" as disabled for the servers OU. Also not sure about other settings and how it affect the normal operations like installing Windows updates / applications
  through SCCM or manually on servers or end user systems and other stuffs.
  We are looking for experts opinion on this. Thanks in advance
  LMS

  Hi LMS,
  Would you please let us know the current situation? Just check if Martin’s suggestion was helpful for you.
  If any updates, please feel free to let us know.
  Just additional. Please refer to the
  User Account Control Grouping in the following article. It will provide some links about those different UAC settings. Please click those links and read related articles. In these articles, will provide
  Security considerations that may help you to configure those settings.
  Security Options
  http://technet.microsoft.com/en-us/library/jj852268.aspx
  Hope this helps.
  Best regards,
  Justin Gu

• Loadbalance for servers thats belongs from different Vlan

  Hi,
  We are using FWSM and ACE module in our switch. We have to configure our new application in cisco ACE. Our exiciting servers and vip are in vlan5 and new servers and vips are in vlan 6. vlan 6 is defined in FWSM. We have craeated one interface vlan 6 for the application. While checking the interface status  through "show interface vlan 6" we are getting the following error.
    Not assigned from the Supervisor, down on Supervisor
  We have already assigned vlan group to supervisor. We have allocated same interfce vlan to context also.
  kindly suggest what chould be the issue.
  Kindly suggest can we do the loadbalance for servers thats belongs from different Vlan???
  Thanks in advance.
  Regards,
  Ranjith

  Hi Daniel,
  We are using cisco 6509 switch with FWSM and ACE module.
  We have created interface VLAN 6 in FWSM and ACE and assigned the IP as follows.
  FWSM Interface VLAN 6 is 10.6.10.55 and ACE Interfce VLAN 6 is 10.6.10.60.
  We have 2 servers in the same vlan (.49 and .50). and they are physicaly connected to switch vlan 6 and logicaly connected to FWSM interface vlan 6.
  We have defined the VIP as 10.6.10.51 and that is not pinging from our network.
  Server default gateway and ACE default gateway is FWSM interface vlan 6 IP(ie, 10.6.10.55).
  We dont want to change the server gateway as ACE interface vlan 6 ip.
  KIndly suggest how can i achive the loadbalancing with out changing my server gateway to ACE IP.
  Thanks in advance.
  Regards,
  Ranjith

• How to show inboxs for multiple users?

  I recently have started using the Mail App on my iMac. I was using my company's OWA as my standard mail program but I found the Mac mail easier to use. But... In my OWA it was possible for me to have multiple accounts and inboxs from the same server (exchange 2007) and after I had set up my mac mail with my primary exchange account, I couldn't send or recieve from my other accounts. Then I saw that I could type in more e-mail addresses in the Account setup and now it is possible for me to send fromthese accounts.
  But still.. I can't see the incoming mails for these accounts. Anybody who knows how to setup mac mail app so I can see the incoming mails for ohter users than my primary?

  I've found the same problem in OS X Lion, with Mail, iCal and Address Book getting confused when two Exchange accounts on the same server are configured, resulting in either missing or duplicate entries (despite everything appearing fine when accessing the accounts individually via Outlook or OWA).  iOS doesn't have any problem with this setup; two Exchange accounts on the same server work perfectly; the issue seems specific to Mac OS X.
  After some experimentation I've found a workaround.  Since the issue crops up with two Exchange accounts on the same server, it seems possible to trick OS X into thinking the accounts are on two separate servers through a little DNS manipulation (which I realize may not be a practical option for everyone).  Here's what resolved the issue for me:
  My external and internal DNS FQDNs for the mail server were mail.mydomain.com.
  I set up a new DNS entry - mail2.mydomain.com - as a CNAME for mail.mydomain.com.
  On my Mac, I set up Exchange account #1 with the server set to mail.mydomain.com.
  I then set up Exchange account #2 with the server set to mail2.mydomain.com.
  Even though both FQDNs resolve to the same IP, this seems sufficient for Mac OS X to consider them as separate servers, elliminating the problems I had before when I set both Exchange accounts to the same mail server FQDN.
  I've only tried this on OS X 10.7 Lion, and the recent 10.7.1 update, although I wouldn't be surprised if the same trick works for earlier versions of OS X.

• How do I completely disable initial "Checking Compatibility of Add-ons" pop-up for all users on a Citrix server where the FireFox was upgraded to 29.0.1

  I have a set of Citrix servers, we need to upgrade the FireFox on them to 29.0.1
  When I have done this, and a user runs FireFox, now the users are being presented with a pop-up "Checking Compatibility of Add-ons" which delays the start of FireFox.
  I need to prevent this so users just see FireFox start up without any delays.
  I have installed the add-on that re-enables extensions.checkCompatibility and tried various ways of implementing it like pref("extensions.checkCompatibility", false);
  However we seem to have a situation where the add-on that enables the setting is not loaded yet so the setting is not implemented.
  How do I solve this for all users?

  You can try to set the browser.startup.homepage_override.mstone pref to ignore on the about:config
  *http://kb.mozillazine.org/browser.startup.homepage_override.mstone
  You can use a mozilla.cfg file in the Firefox program folder to specify new (default) values and possibly lock prefs.
  Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  These functions can be used in the mozilla.cfg file:
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes in current session
  lockPref(); // lock pref, disallow changes
  See:
  *http://kb.mozillazine.org/Locking_preferences
  *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
  *http://mike.kaply.com/2014/01/08/can-firefox-do-this/

• One JACK server for multiple users

  It seems that support for JACK_PROMISCUOUS_SERVER has been removed, so JACK only allows programs to connect which were started by the same user who started the JACK server. Is there another way to tell JACK to accept connections from other users? Or do I have to start two servers (one for each user) communicating via the local network?
  Why I'm asking:
  My browser is running with the permissions of the user "browser" to prevent malicious code executed by the browser to seriously affect my files. This leads to the problem that audio playback in the browser is rendered mute, as it cannot connect to the JACK server that has been started by my main user account.
  Any ideas on how to make this work?

  I don't think this was ever "supported". I somehow assume that the hack still works (with JACK_PROMISCUOUS_SERVER) but I have yet to go back to it since the last discussion about it. According to Torben H. (read the last few messages of that topic) it should work.
  NetJACK works in a different way and allows different clients to connect, AFAIK. It has been suggested that some form of this exact functionality can be used in lieu of the promiscuous trick for JACK itself.
  Anyway, for MPD, you can try the alternative setup.

• How to move all files from a folder for a user to a centralized folder on a core server

  Hello,
  I'm curious if there is a batch file that can be made to move the contents that are setup like this....
  I'm having to redo a TS cluster and I'd like to make a batch file script that can be executed that moves the contents of say 'jsmith's local desktop profile @ \\NGTTS1\users\jsmith to a centralized folder on our roaming desktop profile server that saves
  all of the files for the desktops @ \\NGTFS1\users\jsmith.
  The problem I have is no matter what I tell users to save there files to our Y drive that is a folder that is synced across all 6 of our TS servers, users still store files on there desktops, so as you can imagine if one day they are on one server, then
  next day they could be on another and there files aren't the same.... hence the reason why I want to move all there files to the centralized server so when I redo the profiles from scratch on the TS server in the farm they suck files from the core server and
  have all of the files they are used to having.... 
  Now I know I can do this with a MOVE command I've just never done one to this exact.
  Hopefully someone knows the command to move all the contents of one folder on one server to the folder on a different server. I've already got the bulk of the coding done of the .bat script I just don't know this move command:
  would it be this:
  move \\NGTTS1\users\jsmith *.* \\NGTFS1\users\jsmith
  any help would be appreciated, I'm sure this is a easy command to do!
  This is the coding I have so far....
  @echo off
  color 0A
  title Moving Local Profile folder to Centralized Profile Folder on Core Server.
  :start
  echo Welcome, %USERNAME%
  echo What would you like to do?
  echo.
  echo 1. Moving Local Profile folder to Centralized Profile Folder on Core Server
  echo. 
  echo 0. Quit
  echo.
  set /p choice="Enter your choice: "
  if "%choice%"=="1" goto Move-user-profiles
  echo.
  if "%choice%"=="0" exit
  echo Invalid choice: %choice%
  echo.
  pause
  cls
  goto start
  :Move-user-profiles
  echo.
  set /p profile="Enter user profile: "
  move "\\NGTTS1\users\%profile%" *.* "\\NGTFS1\users\%profile%"
  echo moving files from local profile folder to FS1 profile server, stand-by...
  echo.
  goto cancel-special 
  :cancel-special
  set /p cancel="Type cancel to stop action: "
  if not "%cancel%"=="cancel" exit
  cls
  echo Action is cancelled.
  echo.
  pause
  exit

  In Windows we would do this using Group Policy.  There is a Policy setting that csn move the Desktop folder to any server you want to move it to.  Once set it will automatically do this for you.
  You should post in the Group Policy forum to find out how we use Group Policy to manage users profiles in Windows.
  You cannot use a script to relocate a users Desktop folder.  The desktop is locked by the time the users logon script is finished running.  It the desktop and profile are already being managed by Group Policy then this can only be done with GP.
  There are also numerous issues associated with deployment and re-deployment that you need to address  Post your questions in the Winows Deployment forum to get assistance with deployment issues.
  Again - want you are asking is not generally possible because of how Windows is designed.  This would only likely work on a simple system or on a stand alone PC and then only under a very limited set of circumstances.
  Use GP folder redirection to do this.  For deployment use Deployment Forum and for TS specific issues post in the RDS forum. 
  All of  this needs to be considered correctly for TS users inn a TS Cluster environment. (TS Cluster?? - not sure what you mean by that.
  ¯\_(ツ)_/¯

• How to move all files from a folder for a user to a centralized folder on a core server with a GP

  Hello,
  I was curious if someone know how to move all the files of a user "local" profile on a Terminal Server to that of a centralized server where the "local" profile of like the user desktop, favorites, setting, etc are stored in the event
  the local profile on the TS become corrupt it can pull from this server...
  The problem I have is no matter what I tell users to save there files to our Y drive that is a folder that is synced
  across all 6 of our TS servers, users still store files on there desktops, so as you can imagine if one day they are on one server, then next day they could be on another and there files aren't the same.... hence the reason why I want to move all there files
  to the centralized server so when I redo the profiles from scratch on the TS server in the farm they suck files from the core server and have all of the files they are used to having.... 
  So I was curious and I've heard from some this is possible in a GP, but I'd like to move the contents of all 6 TS for
  each user or if I have to d this on  per user basis I will, just looking for a way to move the files....

  Hi Trevor,
  To move all users’ desktop to a server, we can use Folder Redirection to do this. The path for Folder Redirection is:
  [Group Policy Object Name]\User Configuration\Policies\Windows Settings\Folder Redirection
  In this situation, we can choose to redirect desktop to the root of a network file share or a folder on a network share.
  Regarding how to configure this, the following article can be referred to for more information.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Hope it helps.
  Best regards,
  Frank Shen

• Allowing clear-text logins for multiple users

  I'm not sure if this is the correct section to place this question in, so Mods, please move if needed.
  As many know, Apple changed the AFP Client defaults in 10.5.x so that clear-text logins to servers are disallowed by default. You can edit the afpcleartextallow option in ~/Library/Preferences/com.apple.AppleShareClient.plist to enable it on a per user basis.
  What I wish to know is wether it's possible to allow clear-text logins on a global basis. I've looked at /Library/Preferences/com.apple.AppleShareClient.plist and it does not contain the afpcleartextallow option, and adding the option and setting it to "yes" (without editing the file in the user's preference folder) does not allow clear-text logins.
  Is there some global preference file that this option could be added to that would preclude me from having to edit the preference file for every user? Part of the reason it's a problem is if you have multiple user accounts on multiple machines, or network based home folders stored on an AFP server that only supports clear text, for example, a Netware 6.5 server running NFA for Mac.
  One problem I've seen is that until the user is actually at the desktop (well I think it's specifically when the Finder loads and reads the per-user preferences) the OS will prevent clear-text logins, regardless of the setting in the pref file, thus you cannot automatically mount volumes at login if the server only supports clear-text.
  Any suggestions or advice greatly welcomed.

  If you are familiar with the exchange man shell, use the new-mailboxsearch powershell cmdlet in your code.  You can pass it a list of -SourceMailboxes(use get-content to pass your .txt to a variable, you'll want to place each name on a new line) to
  search on/set the in place hold.. Here is the technet material on new-mailboxsearch. 
  http://technet.microsoft.com/en-us/library/dd298064(v=exchg.150).aspx

• I created a form with Single Choice fields, 4 days with times listed. But, I want the user to only be able to choose one time, and the time chosen to be unavailable for other users. How do I do this?

  I created a form with Single Choice fields, 4 days with times listed. But, I want the user to only be able to choose one time, and the time chosen to be unavailable for other users. How do I do this? I have 4 blocks of Single Choice fields in order for the summary page to give me each day in the final report. But, I need the user to be able to make a selection of any day and time and that apointment to no longer be available to future users when they log in. Plus, when the user clicks on the time, they are unable to change their mind and choose another time. Here's the link if you want to see what I'm talking about: 2015-2016 Workload Apportionment Review

  I'm afraid not.    It's not rocket science but you need to do some coding. 
  You'll need to find a script (php) and save it to your local site folder.  Then reference the script in your form's action attribute like so.
       <form action="path/form-to-email-script.php" >
  The input fields in your HTML form need to exactly match the script variables. 
  I'm  assuming you're hosted on a Linux server which uses PHP code.  Linux servers are also case sensitive, so upper case names are not the same as lower case names.  It's usually best to use all lower case names in your form and script to avoid confusion.
  Related Links:
  Formm@ailer PHP from DB Masters
  http://dbmasters.net/index.php?id=4
  Tectite
  http://www.tectite.com/formmailpage.php
  If this is all a bit beyond your skill set, look at:
  Wufoo.com (on-line form service)
  http://wufoo.com/
  Nancy O.

• Need help in setting up Group Policy for same user in local system and Terminal server

  Hi All,
  Currently our remote users are using our network using VPN client over internet.
  They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
  We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
  Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
  Now my confusion is how can I configure different policies for same users or same OU.
  Can any one guide me please...

  you can achieve this fairly easily with group policy.
  create an OU and put your remote desktop servers in that OU.
  configure both user and computer policies in a group policy and link it to that ou.
  you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
  now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
  when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
  when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
  hope that makes sense.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Safari works for one user but not another on same computer

  MacBook with multiple user accounts. Safari (and Firefox) work fine for one user but are unable to open web pages when the other user is logged in. The error in Safar is "Safari can't open the page "http://xxxxxxxxx/" because it could not connect to the server "/xxxxxxx/" . DNS is working for this user. I am able to ping any number of sites from Terminal. Network Preference pane is configured to not require any proxy. This is a case of it was working but now it's not.
  Can anybody help with this? I know I can fix this by simply creating another user and transfering the affected user's data to the new account but I would rather not. TIA

  HI Bob,
  You can test your settings by clicking the big "Test My DNS" button at <https://www.dns-oarc.net/oarc/services/dnsentropy>. If you see "Poor" on any of the tests, don't use that domain name server! Remove it from Apple Menu => System Preferences =>Network =>DNS Servers or similar location in your router if you've got a 'home network'. If all you have is "poor" DNS servers in your list, call your ISP and insist that they give you the address of a name server which is protected against the recently exposed DNS cache-poisoning threat.
  Also, open System Preferences/Network. Click the DNS tab. Add these numbers in the DNS Servers box.
  208.67.222.222
  208.67.220.220
  See if that helps.
  Carolyn