Switching and networking

Similar Messages

• How to get "fast user switching" and network shares playing nice

  I've been alternating between banging my head against a wall and reading every forum I could find to try and get a reasonable compromise between using "Fast user switching" and sharing a folder from a file server.  It baffles me how the network share/mount model of OSX/AFP is completely killed by fast-user-switching; this is a big problem with Apple requiring users to be actively logged in to share music/video from iTunes which therefore essentially requires fast-user-switching if anyone else wants to use the computer.  (anyone find it odd that you can share files without being logged in, but sharing songs requires an active login for each user who is sharing?  Apple: time to make iTunes sharing a service!)
  For the sake of example, lets just say I want to share my /Groups folder from my desktop and have it be accessible to my laptop.  Here are all the things that I tried:
  Apple Method 1) Share /Groups in the Server.app on the desktop (running Lion Server), use finder on the laptop and drag the share icon to "Login Items", alternative use a startup Apple script using "mount volume"  Both of the options work and will mount the /Groups folder under /Volumes/Groups, of course when the second person logs in via fast-user-switching (and occasionally the first person for no apparent reason), they will get /Volumes/Groups-1 since /Volumes/Groups is already taken.  Tomorrow we log in a different order and now the previously /Volumes/Groups-1 user has their mount at /Volumes/Group and vice versa.  Any links, aliases, finder sidebar references, and application settings which pointed to yesterday's location are now BROKEN.  Not very user friendly to my mother-in-law who is trying to find those pictures of the kids and doesn't know anything about mount points. I also can't reasonably mirror the file location structure on the desktop so that application preferences that are synced between the two (portable home directories) work.   fail.
  Apple Method 2) Use automounter and set up by hand direct maps for /Groups or an indirect maps for the children of /Groups.  Now it will automatically get mounted to /network/servers/SERVER/Groups/ on the laptop and on the desktop it will automatically create a similar symlink structure so that the same path (/network/servers/SERVER/Groups) work both on desktop and laptop.  Cool.  Except when the second person logs in, the /network/servers/SERVER/Groups/ mountpoint is already owned by the first user and they don't have any permissions to access it.  Fail.
  Apple Method 3) Use mount_afs and specify directly the mount-points.  Have each user have their own startup AppleScript which mounts /Groups to a different location (e.g. /Users/Shared/username/Groups) that way they don't conflict with multiple users.  On the desktop, set up symlinks from /Users/Shared/username/Group to /Groups so that it will be the same as the client and applications settings will work when synchronized back/forth by portable-home-directories.  Will it work, yes it does, but what a bear to maintain.  Is this really what I should expect to do just to have multiple users on my desktop and laptop (which again is essentially required now if I want to do any type of iTunes sharing).  This can't be what apple expects.
  What I ended up doing - the "not quite apple" solution.
  Non-Apple Method 4) After a read of "Autofs: Automatically Mounting Network File Shares in Mac OS X" (http://images.apple.com/business/docs/Autofs.pdf) at the very end there is a single paragraph  of "Kerberized NFS": "A Kerberized NFS mount can have multiple connections from multiple users, each using the correct user’s credentials for each transaction. This allows administrators to support multiple users, each authenticated with their own credentials to the same mount point. This is very different from AFP and SMB mounts," (emphasis mine)
  It appears that by using good 'ole NFS (abeint with Kerberos for security!) you can actually have multiple users on the same mount point.  Roughly following the guidance at https://support.apple.com/kb/TA24986?viewlocale=en_US.  What I needed to do was:
  1) create /etc/exports on my desktop and add a single line "/Groups -sec=krb5".  The existence of /etc/exports triggered a start of nfsd which no longer has any GUI options in Lion.
  2) Add a line to /etc/auto_master on my laptop "/-  auto_mymounts" to reference a new direct map.
  3) Create /etc/auto_mymounts and add a single line "/Groups         SERVER:/Groups" to create the direct map.
  THAT'S IT.  Three lines in three files.
  Now when I log into my laptop, there is a /Groups that is a network mount of my desktop's /Groups, same location AND it works for all of my users, even simultaneously. 
  In the end I'm happy with what I've got, but man was this a difficult path just to support fast-user-switching.  In Lion, Apple appears to be getting away from NFS (no longer turned on by default and remove from the GUI controls) but clearly this really useful functionality which doesn't exist in AFP. 
  I'm really curious, after all this work.  Any other ways to accomplish this?

  In my example above, yes I chose to mount the share "Groups" to the top of the root since that is where I put it on my server and I wanted to keep them similar; but that was just my preference, it isn't a requirement.  You can export and mount from other directories.

• Windows 7 hangs and switches off network access

  We are running a Windows 7 Ultimate 32-bit operating system as our server.
  About on 30 minute intervals the computer hangs and switches off network access.
  If the computer is in this state and you try and access it from another computer nothing happens.
  While in this state you can see the desktop indicating that it's not in sleep mode.
  The problem is rectified by click the mouse on the computer.
  It has not gone into a sleep mode as everything on the power options is set to never.
  Please help?
  Regards,
  Andries Malherbe
  Vizier Systems

  About on 30 minute intervals the computer hangs and switches off network access.
  If the computer is in this state and you try and access it from another computer nothing happens.
  Could you plaese share more information about "switches off network access" with us? I don't quite understand this situation
  Please also check the event viewer to collect related information about this issue when you re-use the Windows 7.
  Meanwhile, Please update the driver for network adapter or reinstall for a test.
  Regards
  Yolanda
  TechNet Community Support

• Home setup - network switch and 2 Time Capsules

  I have an ADSL modem/router (Billion BIPAC 5200G). I have used it previously with wireless turned off. I then used a time capsule  in bridge mode so that NAT etc is turned off, and then use it to broadcast wifi and as a backup. It is attached to the modern with ethernet. It worked fine.
  I am now in a house with a lot of ethernet ports, linked to a massive hub thing. But it needs a switch to link it all together.
  So I am thinking of this setup:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  NETWORK SWITCH
  to
  VARIOUS ethernet enabled devices in different rooms (i.e. printers, Apple TV, TV, Time capsule)
  Then I want to use my 2nd time capsule to extend my ground floor network by plugging it in essentially directly into the time capsule via ethernet in roaming mode.
  Is this the optimal setup for this? My other idea was to forgo the network switch and do it this way:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  VARIOUS ethernet enabled devices INCLUDING the TIME CAPSULE and PRINTER.
  then:
  To the TIME CAPSULE:
  to
  VARIOUS ethernet enabled devices INCLUDING Imac, Apple TV and another TIME CAPSULE in roaming mode.
  My main questions are: which setup will give me better speeds to all devices. Ie: is the switch even necessary? In my 2nd example, will the first time capsule and printer be available to the Imac.
  There seems to be no real advantage to having the TIME CAPSULE in router mode while keeping the BILLION ROUTER as a pass through with NAT off (To avoid Double NAT) except for the guest network capabilities.
  If its just simpler to have the network switch, then perhaps that's the way to go. If so: any suggestions on network switches that work well?

  It doesn't allow me to select ethernet as an option for internet connection, only dchp, ppoe and one more which isn't ethernet.
  DHCP is correct setting. .it will use ethernet but the new AC TC has problems.. it needs a crossover cable with some switches. Or you need to return it and get it replaced as there is something wrong with its wan port.. the new AC model needs a hardware revision and about 3 or 4 firmware upgrades before it hits the status of the Gen4 it replaced.
  My questions are: should I connect my time capsules together directly with ethernet using another available port in my new time capsule. I thought my switch would work better. Also, does one time capsule have to be in router mode instead of having both of them in bridge.
  Both should be in bridge.. but you can rearrange things to see if any of the other devices works better.
  You can use the billion or the old TC.. plug the new TC into those.
  Bob is correct though.. the switch is the correct thing for everything to be plugged into .. but in home situation what works is more important than what is best. It if fails in all of them then the WAN port is proven faulty.
  Should I be able to use the hdd on the 2nd (older) time machine as essentially a networked hdd for putting movies and music on, and use my new time capsule as the sole backup (occurring both over ethernet for my iMac and wifi for our laptops)
  Yes, that is ok.. you just need to get the AC version TC actually working properly.
  Give us a few screenshots of things.. that really helps to see.
  Click on each unit and show the summary pages.

• Problems with SRW224G4 switch and Bridged Network Cards

  Hello,
  We have recently installed a SRW224G4 switch and have discovered that when we plug our DELL PowerEdge 2900 server into the switch, the switch loses all network connectivity and all of the LED's on the switch start flashing.
  The server works perfectly well plugged into another switch, but as soon as we introduce the SRW224G4 into the network, either with the server plugged into that switch or any other, the problem re-occurs.
  The only way we found we could eliminate this issue was if we disabled the Bridged Network connection on the two network cards on the server. If we do that, everything is fine, except the network performance of the server has dropped significantly.
  The server is plugged into the 1GB ports on the switch, although we tried it on the 100MB ports and received the same problems. The switch reports that the ports are running at full-duplex.
  Has anyone noticed this behavior before, and more importantly been able to rectify it.
  Thanks in advance for your assistance,
  Paul

  I had this problem as well with any Linksys 2024 or rackmountable switch..  The trick is, you need to use the network cards management software to "team" or bridged the 2 NIC's otherwise the switch detects a loop and the whole thing locks up. So lame...  Windows built in bridge mode stinks dont use it.  When you use the Intel management software or Dell or HP's NIc management software you have the option to actually choose "redundant mode" where you can pick a Nic to be the primary, or you can choose Load Balancing where you can essentially double your throughput by joining the 2 nics.
  In Windows 2008 Server, you actually do this by going to the Properties on the NIC in  Device Manger.  the software controls are now built right into the driver.  pretty neat.  2003 you can check Device Manager the same way but not sure if it's the same as 2008, you might need to run the actual NIC management app.
  Hope this helps
  fdigi 

• When I switch between networks firefox is not working. I will have to close the browser and open it again!?

  Hi,
  I love firefox!!! I wanted it to be perfect all the time, one issue I come across with it recently is: When I switch between networks (say connecting to myoffice network through VPN when firefox is already open) firefox is not working. I will have to close the browser and open it again to make it work! could you please fix this.
  Thanks.
  Raja Pattamsetty

  If an option or preference settings not being saved after you restart firefox see:
  [http://kb.mozillazine.org/Preferences_not_saved Preferences not saved]
  thank you
  Please mark "Solved" the answer that really solve the problem, to help others with a similar problem.

• Wi-Fi on/off on my iPhone 4S is grey. First 2 times switch off then on was fine. This time I have done a full restore of the software and network settings and followed everything in Apple Support but still grey - help!

  Wi-Fi on/off on my iPhone 4S is grey. First 2 times I switched off then on it was fine. Third time this didn't work so I have done a full restore of the software and network settings and followed everything in Apple Support but still grey - nothing else wrong with the phone all sofware up to date, just can't swith wi-fi on - help!

  You're welcome.
  Good luck.

• Switched wireless network and now cannot send emails

  I just switched wireless network and now cannot send emails. i have checked with my email provider and all settings are correct.

  Depending on what wireless network you switched to if it is not connected to your ISPs network most all ISPs block sending mail from clients that are NOT part of there network, IE have an account with them.
  So if you switched from your home wired/wireless network that uses XYZ ISP to a friends network that uses ABC as there ISP and you try to send mail through YOUR ISPs Mail servers it will fail because YOU do not have an account with them and you are trying to use a different ISPs mail servers. This is to stop Spam emails being sent out from other mail servers that can't be tracked by the ISP you are connected to.

• I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

  I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

  Create two locations in Network, one for one and one for the other.
  WiFi, Internet problems, possible solutions
  WiFi security issues, at home and WiFi hotspots

• Open and Network-EAP authentication - difference in security?

  As far as security goes, and assuming Radius authentication wil actually authenticate and allow users access to the wireless network (or not), it there any difference (once again, as far as security goes), between Open Authentication and Network-EAP as described below?
  In any EAP/802.1x-based authentication method, you may question what the differences are between Network-EAP and Open authentication with EAP. These items refer to values in the Authentication Algorithm field in the headers of management and association packets. Most manufacturers of wireless clients set this field at the value 0 (Open authentication), and then signal their desire to do EAP authentication later in the association process. Cisco sets the value differently, from the start of association with the Network EAP flag.

  1. Join process - comparable to connecting a cable in the wired network world. Usually "OPEN".2. Authentication - this verifies the client is who they claim they are because they possess a certificate (EAP-TLS), know the password or a PSK.3. Encryption with TKIP or AES - this is about protecting data as it is transmitted through the air AFTER authentication.
  You are correct.
  What confuses me when attempting to configure the Aironet I'm working with is the difference in terminology with the familiar choices I had in Linksys access points, something like this:- WEP- WPA- WPA-Enterprise- WPA2- WPA2-EnterpriseI thought WPA-Enterprise has to do with Radius and indeed I was able to create a test network in which a Windows XP laptop could connect via a Linksys access point, authenticating with EAP-TLS, with WPA-Enterprise selected on the AP. The Windows 2008 server was both a certificate authority, a radius (NPS) server and a domain controller.With the Aironet, I'm not sure what the equivalent choices should be, because, if you look at the link in my last post, there is a larger selection: WEP 40 bit, WEP 128 bit, TKIP, AES, combinations of what precedes and no reference to WPA or WPA2. I'm guessing TKIP = WPA and AES = WPA2.And while I can select "EAP" in the Express Security Setup tab, I cannot see where I would opt for EAP-TLS rather than PEAP or EAP-TTLS and so forth.I'm going to take a look at your blog now and see if that doesn't enlighten me further.
  You are on track my friend keep the thinking going .... you are very close!
  Some more foundation for you ...
  WPA   -  Is PSK with TKIP
  WPA2 -  Is PSK with AES
  WPA Enterprsie -  EAP- ??? with TKIP
  WAP2 Enterprsie - EAP - ??? with AES
  ??? = Your selected EAP type
  Now, why dont you have to configure EAP type on the AP? Great question, lets break this down.
  1. The AP or WLC for that matter doesnt care what EAP type you use . Why you ask?
  When you configure 802.1X, there are 2 virtual ports . These are virtual and you do nothing to configure these. Once you connect to an AP and EAP starts, the ap BLOCKS ALL TRAFFIC except for EAPOL  traffic. This is the ONLY traffic allowed past the until the AP / WLC receives a RADIUS SUCCESS. Once the AP/WLC sees this radius success it then switches virtually over to the controlled port and allows ALL your traffic to pass.
  2. With that being said, your client is only passing traffic through the ap and wlc. The ap / wlc doesnt care what EAP you are using. Your client is talking directly to the radius server at that point. The AP/WLC at this point is only a pass through, nothing more.
  Does that help ?
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• CiscoWorks user options "device type groups|switch and Hubs"

  Hi,
  We are using CiscoWorks software to deploy new configuration to our network devices.  Because our environnement is mixed about version of network devices we have to create a new netconfig job for each device model, because in some plate-forme configuration option, syntax maybe different of each other.
  When I create a new netconfig job with my username under "device type groups|switch and Hubs" I have a list there of all plate-forme we have in our production environnement managed by CiscoWorks software.  I know thoses group was'nt define by on of us and thoses are define by default in CiscoWorks software, but they are hiden by default per user basic.
  We have a new one in our team, I had created his user name and password, but I can find the option where I can asked to make visible to him plate-form device type group as I have in my user configuration.
  Also, is it possible to copy private define group to an other user without to make thoses as public ?
  Thanks a lot !

  Here,
  is a view of what I have with my user
  but in his profile he is only see
  Device type Groups
       + Routers
       + Switches and Hubs
       + Wireless
  if he clic on the plus sing to develop group "Switches and Hubs" he see all switches and hub managed by CiscoWorks software.  I know He did not create Cisco Catalyst 2912 XL Switch and Cisco Catalyst 2924 XL Switch group in my profile.  I know we have to modify an option in CiscoWorks per user basic to view those group, the person who where that option should be modifiy is currently in vacation, but he will need that option enable before our specialist will be back !
  Thanks a lot !

• Switch and Broadcast filtering

  I read this article in the cisco curriculum, but I did not understand it well :
  " Occasionally, a device will malfunction and continually send out broadcast frames, which are copied around the network. This is called a broadcast storm and it can significantly reduce network performance.
  A switch that can filter broadcast frames makes a broadcast storm less harmful.
  Today, switches are also able to filter according to the network-layer protocol. This blurs the demarcation between switches and routers. A router operates on the network layer using a routing protocol to direct traffic around the network. A switch that implements advanced filtering techniques is usually called a brouter. Brouters filter by looking at network layer information but they do not use a routing protocol ".
  Can the switch filter the broadcast ? Yes, it can,,,,as Cisco says :"This filtering is achieved through the implementation of virtual local-area networks or VLANs ".,,,,,Is there any other type of filtering ?
  What is the main difference between router and brouter

  hi
  if u would like to control the broadcast and multicast storms you can refer the link for configuring the storm control for both broadcast and multicast.
  you can define up the values and shut the port if it exceeds the threshold limit..
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hif_r/int_s4h.htm#wp1229258
  About the difference between a router and a Brouter afaik BROUTER u use in most of the SP network where you got customers in either DSL or Metro ethernet network where you will have the aggregation of the whole network traffic and from where it will be forwarded to upstream.
  It depends on the ios code too which is available to serve the purpose for the same..
  you got to have something like 7200 or 7300 in place to serve your purpose of brouter.
  regds

• Core switch and sub switch gateway

  I have a Layer 3 core switch(backbone) 10.18.16.0/24, and the core switch needs to connect to multiple Layer 2 sub switches.
  The Layer 2  sub switches will connect to multiple workstations. The sub switches network will be 172.20.10.0/24, 172.20.40/24 and so on.
   I use core switch IP 10.18.16.11 to connect to sub switch 172.20.10.0/24. Which gateway IP  should I use for 172.20.10.0/24 ? Should I use 172.20.10.1 or 10.18.16.11 ?
  Thank you for your help in advance.

  I am not sure what you mean by "sup switches", but usually you need a management IP/vlan segment, so you can use it to access the devices.  So if your management segment is 172.20.10.0/24 you assign an SVI to every layer-2 switch and give it an IP in this range and the gateway for all the SVIs should be on the core (172.20.10.1/24
  example:
  access switch-1 172.20.10.11/24
  access switch-2 172.20.10.12/24
  access switch-3 172.20.10.13/24
  and so on
  The default gateway for all your layer-2 switches should be the SVI on the core (172.20.10.1/24)
  HTH

• Switches on Network Borders

  Hi There,
  Can somebody advise how secure is it to place a L2 switch on my network perimter? I heard that it is easy to flood a switch that's exposed to the internet but I'm not sure how accurate is this sentence because I'm aware that switches are not stateful devices so what concerns should I worry about when exposing my switch to the internet?
  Thanks!
  Haitham

  In many cases you can't avoid putting a layer 2 switch on the perimeter. You have your ethernet handoff from the provider and quite often you have other interfaces in this "dirty" network, such as VPN concentrators, IPS/IDS devices, etc. I am not quite sure how you can use VLANs since you typically have a public IP range that's all in the same subnet. I would recommend not putting an IP address on the switch and shuting down the management interface (vlan 1). In addition you can turn off unnecessary services like CDP, STP and SNMP in order to minimize your exposure. In terms of flooding your network your router (assuming you don't have a switched ethernet service) would most likely take the hit before your layer 2 switch would.