Trunk Port Threshold Best Practice?
Using CiscoWorks LMS and I notice the notification threshold for switch port utilisation is set at 40%. I know I've seen this before, but I can't remember why 40% was the magic number. I've Googled and come up with nothing useful so I'm handing it over to the experts :)
Does this have something to do with this value being an "average" rather than a peak? I'm struggling to understand why, in a fully switched network, 40% utilisation is something to be concerned about.
Hope you can improve my education :)
Cheers,
Ben.
Thanks Mohammed.
I think I may have chosen my words poorly.
What I'm really trying to understand is this:
In a full-duplex, microsegmented network, which is essentially a collision-less environment, wouldn't it make more sense to set a utilisation threshold of around 80%? In that case, you'd actually be getting close to saturating your bandwidth and creating a bottleneck.
At 40% utilisation, especially on a trunk port which you'd expect to run at a higher utilisation, you still have quite a large portion of free bandwidth.
I'm still relatively new to the networking game, so I'm trying to get my head around something that others seem to take for granted. The question is really more general, about the 40% utilisation threshold figure, than about CW LMS specifically.
Cheers,
Ben.
Similar Messages
-
Hi All,
I have a MDS9509 with port channels going to my Cisco blade switches on my HP Proliant blade enclosure.
I have NO ports left on my MDS9509, but DO have some remaining on the blade enclosure.
The question is, can i port channel from the blade enclosure to another edge switch (MDS9148)?
Is that a supported configuration/Best Practice and what are the ramifications if I do that?
So I'm going from Core, to edge and then to edge switch with port channel.
Thanks,
MattHi Matthew,
Sorry for the misunderstanding, your to-be diagram cleared up a lot for me :-)
First off, yes, it will work. There's no reason it shouldn't and if you have the external ports free on your 9124e, you can hook up a new switch.
It's far from a conventional design, because blade switches are supposed to go in the Edge. It's not a best practice.
What I would recommend is that you move some of the storage from your edge to the 9148, and treat it as a collapsed core, sharing an edge switch (the blade switch). You can then ISL the 9148 and the 9509 together into a somewhat sensible topology.
So for one fabric this would be
(disk)---9148 --- 9509 -- (disks) (some moved to the left to free up space for ISLs)
9124e
Or you can contact your sales team and look to swap some Linecards with higher port density ones.
Lastly I would like to note that, however you link up the switches, most combinations available to you will 'work'. So as a temp solution you can go ahead with the (core - blade - edge) scenario. Just know that you'll be introducing bottlenecks and potential weak points into your network. -
Metrics - Thresholds - Best Practices
All,
I installed em grid control 11g and configured the targets and notification rules. Now i am trying to set up thresholds, is there a best practice threshold values that someone can share for various metrics at weblogic level. I know this is a generic question and i can tune the thresholds for my environment/application usage. But there must be a ball-park threshold document somewhere for alert purposes.
Thanks in advance,
Prasad.Hi Prasad,
There is no document giving recommendations on threshold values. Setting thresholds really depends on your environment. I recommend looking at performance history...looking at for instance a timeframe that had heavy load on the application/server but performance was good. Then set thresholds according to that....either adjust up or down as needed.
Thanks,
Nicole -
Looking For Guidance: Best Practices for Source Control of Database Assets
Database Version: 11.2.0.3
OS: RHEL 6.2
Source Control: subversion
This is a general question aimed at database professionals, however, it is not specific to any oracle version, etc. Its a leadership question for other Oracle shops regarding source control.
The current trunk, in my client's source control, is the implementation of a previous employee who used ER Studio. After walking the batch scripts and subordinate files , it was determined that there would be no formal or elegant way to recreate the current version of the database from our source control - the engineers who have contributed to these assets are no longer employed or available for consulting. The batch scripts are stale, if you will.
To clean this up and to leverage best practices, I need some guidance on whether or not to baseline the current repository and how to move forward with additions of assets; tables, procs, pkgs, etc. I'm really interested in how larger oracle shops organize their repository - what directories do you use, how are they labeled...are they labeled with respect to version?
Assumptions:
1. repository (database assets only) needs to be baselined (?)
2. I have approval to change this database directory under the trunk to support best practices and get the client steered straight in terms of recovery and
Knowns:
1. the current application version in the database is 5.11.0 (that's my client's application version)
2. this is for one schema/user of a database (other schemas under the database belong to different trunks)
This is the layout that we currently have and for the privacy of the
client I've made this rather generic. I'd love to have a fresh
start...how do I go about doing that...initially, I like using
SqlDeveloper's ability to create sql scripts from a connected target.
product_name
|_trunk
|_database
|_config
|_data
|_database
|_integration
|_patch
| |_5.2A.2
| |_5.2A.4
| |_5.3.0
| |_5.3.1
|
|_scripts
| |_config
| |_logs
|
|_server
Thank you in advance.HiWe are using Data ONTAP 8.2.3p3 on our FAS8020 in 7-mode and we have 2 aggregates, a SATA and SAS aggregate. I want to decommission the SATA aggregate as I want to move that tray to another site. If I have a flexvol containing 3 qtrees CIFS shares can I use data motion (vol copy) to move the flex vol on the same controller but to a different aggregate without major downtime? I know this article is old and it says here that CIFS are not supported however I am reading mix message that on the version of data ONTAP we are now on does support CIFS and data motion however there will be a small downtime with the CIFS share terminating. Is this correct? Thanks
-
Best practices for configure Rogue Detector AP and trunk port?
I'm using a 2504 controller. I dont have WCS.
My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.
The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.
Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.
So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
Thanks for any input!!#what's the autonomous AP's(as Rogue AP) Wired and Wireless MAC address?
it has to be +1 or -1 difference. If Wired MAC is x.x.x.x.x.05 and the wireless mac should be x.x.x.x.x.04 or 06. It is not going to detect if the difference is more than + 1 or - 1.
#Does the switch sees the Rogue AP's wired MAC on its MAC table.
Rogue Detector listens to ARPs to get all the Wired MAC info and forwards to WLC, It compares with Wireless MAC, if there is a +1 or -1 difference then it will be flagged as Rogue on wire. And the client that connected to it is also marked as found on wire.
Regards to Trunking, Only Native vlan matters per trunk link, just configure the right vlan as native and we're done.
It is not mandatory to keep the Rogue detector on Management vlan of wlc. It can also be on L3 vlan also as long as it can join the WLC to forward the learnt wired MACs.
So if we don't have +1, -1 difference on Rogues then you've to use RLDP which will work with your existing setup to find Rogue on wire. there's a performance hit when we use this feature on local mode APs.
Note: For AP join - AP can't understand Trunk, meaning if AP connected to Trunk it'll only talk to its native vlan irrespective of AP mode, however rogue detector listens to the Trunk port to learn MACs via ARPs from different VLANs and forwards to WLC using native vlan. -
Template(best practice) for Switch ports
Hi,
Looking for best practice advice on switchport config for client facing ports.
We recently had an incident where an access port turned into a trunk(trunk mode desirable), which we obviously do not want to happen again!
For Access Ports(First two should stop DTP I'm hoping?):
switchport mode access
switchport nonegotiate
storm-control broadcast level 20.00
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree guard root
switchport port-security maximum 10
switchport port-security
switchport port-security aging time 10
And for trunk ports to clients:
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan xxx,xxx
switchport nonegotiate
storm-control broadcast level 20.00
storm-control action trap
no cdp enable
spanning-tree bpdufilter enable
spanning-tree guard root
Thanks in advance.Look here: http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/E_B_SDC1.html#wp68930
That's Cisco's branch design doc from Design Zone.
For those that want a fast answer:
For VoIP phones and PC:
interface GigabitEthernet1/0/6 - interface GigabitEthernet1/0/23
description phone with PC connected to phone
switchport access vlan 102
switchport mode access
switchport voice vlan 101
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 100
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust device cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source
ip dhcp snooping limit rate 100
For data only:
interface GigabitEthernet1/0/24- interface GigabitEthernet1/0/28
description DATA only ports
switchport access vlan 102
switchport mode access
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 100
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source
ip dhcp snooping limit rate 100
That's Cisco's recommendation.
And just my opinion is that I'd much rather shut a port down that receives a BPDU than just filter it. Reason being that you can't trust users not to do something stupid, like hook two switch ports to the same switch they're using at their desk in an effort to "make the network faster". For two, if someone malicious plugs in a switch into your environment, shut the port down. . .that makes it hard for them to do anything malicious. -
Best Practice on trunking VSAN 1
Hello all
I'd appreciate feedback on wether this is looked upon as good practice or not.
For all the Cisco SAN implementations I have done to date, I have always trunked VSAN1 (but obviously NOT used it for customer data). I do this for a couple of reasons.
1. It is a good test for an ISL, you can initially trunk VSAN1 to be 100% all is OK, before affecting customer VSAN's
2. Fabric manager is not "erroring" by reporting segmented VSAN's
What do the rest of you do? Is there a Cisco best practice on this?
Thanks
StevenSteven,
CFS stands for Cisco Fabric Services. It can be used to distribute configuration information between MDS switches to keep the configuration consistent. It can be used for various things like NTP settings, Syslog config, call home config etc.
You can find more information in the MDS documentation on CCO. See here for example:
http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/sysmgnt/nxos/cfs.html
CFS uses VSAN 1.
As for best practices, there is a document also on CCO:
http://www.cisco.com/en/US/prod/collateral/ps4159/ps6409/ps5990/white_paper_C11-515630.html
This talks a bit about VSAN 1. I can tell you that I have installed lots of MDS SANs during the past 9 years and it is one of the things I’d do from experience. Use VSAN 1 for management purposes like CFS and put your real production traffic in other VSANs.
Ralf -
Best Practice to Integrate CER with RedSky E911 Anywhere via SIP Trunk
We are trying to integrate CER 9 with RedSky for V911 using a SIP trunk and need assistance with best practice and configuration. There is very little documentation regarding "best practice" for routing these calls to RedSky. This trunk will be handling the majority of our geographically dispersed company's 911 calls.
My question is: should we use an IPsec tunnel for this? The only reference I found was this: http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/virtual-office/deployment_guide_c07-636876.htmlm which recommends an IPsec tunnel for the SIP trunk to Intrado. I would think there are issues with an unsecure SIP trunk for 911 calls. Looking for advice or specifics on how to configure this. Does the SIP trunk require a CUBE or is a CUBE only required for the IPsec tunnel?
Any insight is appreciated.
Thank you.you can use Session Trace in RTMT to check who is disconnecting the call and why.
-
Looking for best practice Port Authentication
Hello,
I'm currently deploying 802.1x on a campus with Catalyst 2950 and 4506.
There are lots of Printers and non-802.1x devices (around 200) which should be controlled by their mac-address. Is there any "best practice" besides using sticky mac-address learning.
I'm thinking of a central place where alle mac-addresses are stored (i.e. ACS).
Another method would be checking only the first part of the mac-address (vendor OID) on the switch-ports.
Any ideas out there??
regards
Hubertcheck out the following link, this provides info on port based authentication, see if it helps :
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801cde59.html -
FC port channels between MDS and UCS FI best practice?
Hi,
We would like to create FC port channels between our UCS FI's and MDS9250 switches.
At the moment we have 2 separate 8Gbps links to the FI's.
Are there any disadvantages or reasons to NOT do this?
Is it a best practice?
Thanks.As Walter said, having port-channels is best practice. Here is a little more information on why.
Let's take your example of two 8Gbps links, not in a port-channel ( and no static pinning ) for Fibre Channel connectivity:
Hosts on the UCS get automatically assigned ( pinned ) to the individual uplinks in a round-robin fashion.
(1)If you have some hosts that are transferring a lot of data, to and from storage, these hosts can end up pinned to the same uplink and could hurt their performance.
In a port-channel, the hosts are pinned to the port-channel and not individual links.
(2)Since hosts are assigned to an individual link, if that link goes down, the hosts now have to log back into the fabric over the existing working link. Now you would have all hosts sharing a single link. The hosts will not get re-pinned to a link until they leave and rejoin the fabric. To get them load balanced again would require taking them out of the fabric and adding them back, again via log out, power off, reload, etc...
If the links are in a port-channel, the loss of one link will reduce the bandwidth of course, but when the link is restored, no hosts have to be logged out to regain the bandwidth.
Best regards,
Jim -
Best practices whil using Iron Port as MTA..
We are planning to deploy ironport in our environment as a MTA and Spam. Currently we use qmail as MTA and Trend was a spam.
Mail Flow
External --> Qmail (DMZ) --> Trend Micro Spam Server (LAN) --> Exchange
Kindly suggest as best practice and important features should enable to block spam.Something that may aid you in your readings --->
https://supportforums.cisco.com/discussion/11429111/ask-expert-best-practices-configuring-email-security-appliance
Snippet from there:
Because everyone's mail flow is different (my company will receive different targeted spam than yours, for instance), obtaining the maximum potential can be as much an art as a science.
Since we often are asked what extra steps can be taken to get the maximum potential out of your IronPort, we've published an external Knowledge Base article that lists *several* things you can do to stop as much spam as possible:
Article #493: IronPort Anti-Spam Efficacy Checklist Link: http://tinyurl.com/eqpk6
I cannot stress enough to use Step 11: Report mis-classified messages to IronPort. Anytime you catch an email making it through our systems, we want to know. You cannot submit too many samples. (The same holds true for misclassifed HAM messages.)
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
Best practice for integrating a 3 point metro-e in to our network.
Hello,
We have just started to integrate a new 3 point metro-e wan connection to our main school office. We are moving from point to point T-1?s to 10 MB metro-e. At the main office we have a 50 MB going out to 3 other sites at 10 MB each. For two of the remote sites we have purchase new routers ? which should be straight up configurations. We are having an issue connecting the main office with the 3rd site.
At the main office we have a Catalyst 4006 and at the 3rd site we are trying to connect to a catalyst 4503.
I have attached configurations from both the main office and 3rd remote site as well as a basic diagram of how everything physically connects. These configurations are not working ? we feel that it is a gateway type problem ? but have reached no great solutions. We have tried posting to a different forum ? but so far unable to find the a solution that helps.
The problem I am having is on the remote side. I can reach the remote catalyst from the main site, but I cannot reach the devices on the other side of the remote catalyst however the remote catalyst can see devices on it's side as well as devices at the main site.
We have also tried trunking the ports on both sides and using encapsulation dot10q ? but when we do this the 3rd site is able to pick up a DHCP address from the main office ? and we do not feel that is correct. But it works ? is this not causing a large broad cast domain?
If you have any questions or need further configuration data please let me know.
The previous connection was a T1 connection through a 2620 but this is not compatible with metro-e so we are trying to connect directly through the catalysts.
The other two connection points will be connecting through cisco routers that are compatible with metro-e so i don't think I'll have problems with those sites.
Any and all help is greatly welcome ? as this is our 1st metro e project and want to make sure we are following best practices for this type of integration.
Thank you in advance for your help.
JeffJeff, form your config it seems you main site and remote site are not adjacent in eigrp.
Try adding a network statement for the 171.0 link and form a neighbourship between main and remote site for the L3 routing to work.
Upon this you should be able to reach the remote site hosts.
HTH-Cheers,
Swaroop -
ASA 5505 Best Practice Guidance Requested
I am hoping to tap into the vast wealth of knowledge on this board in order to gain some "best practice" guidance to assist me with the overall setup using the ASA 5505 for a small business client. I'm fairly new to the ASA 5505 so any help would be most appreciated!
My current client configuration is as follows:
a) business internet service (cable) with a fixed IP address
b) a Netgear N600 Wireless Dual Band router (currently setup as gateway and used for internet/WiFi access)
c) a Cisco SG-500-28 switch
d) one server running Windows Small Business Server 2011 Standard (primary Domain Controller)
(This server is currently the DNS and DHCP server)
e) one server running Windows Server 2008 R2 (secondary Domain Controller)
f) approximately eight Windows 7 clients (connected via SG-500-28 switch)
g) approximately six printers connected via internal network (connected via SG-500-28 switch)
All the servers, clients, and printers are connected to the SG-500-28 switch.
The ISP provides the cable modem for the internet service.
The physical cable for internet is connected to the cable modem.
From the cable modem, a CAT 6 ethernet cable is connected to the internet (WAN) port of the Netgear N600 router.
A Cat 6 ethernet cable is connected from Port 1 of the local ethernet (LAN) port on the N600 router to the SG-500-28 switch.
cable modem -> WAN router port
LAN router port -> SG-500-28
The ASA 5505 will be setup with an "LAN" (inside) interface and a "WAN" (outside) interface. Port e0/0 on the ASA 5505 will be used for the outside interface and the remaining ports will be used for the inside interface.
So my basic question is, given the information above of our setup, where should the ASA 5505 be "inserted" to maximize its performance? Also, based on the answer to the previous question, can you provide some insight as to how the ethernet cables should be connected to achieve this?
Another concern I have is what device will be used as the default gateway. Currently, the Netgear N600 is set as the default gateway on both Windows servers. In your recommended best practice solution, does the ASA 5505 become the default gateway or does the router remain the default gateway?
And my final area of concern is with DHCP. As I stated earlier, I am running DHCP on Windows Small Business Server 2011 Standard. Most of the examples I have studied for the ASA 5505 utilize its DHCP functionality. I also have done some research on the "dhcprelay server" command. So I'm not quite sure which is the best way to go. First off, does the "dhcprelay server" even work with SBS 2011? And secondly, if it does work, is the best practice to use the "dhcprelay" command or to let the ASA 5505 perform the DHCP server role?
All input/guidance/suggestions with these issues would be greatly appreciated! I want to implement the ASA 5505 firewall solution following "best practices" recommendations in order to maximize its functionality and minimize the time to implement.
FYI, the information (from the "show version" command) for the ASA 5505 is shown below:
Cisco Adaptive Security Appliance Software Version 8.4(7)
Device Manager Version 7.1(5)100
Compiled on Fri 30-Aug-13 19:48 by builders
System image file is "disk0:/asa847-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 2 days 9 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is a493.4c99.8c0b, irq 11
1: Ext: Ethernet0/0 : address is a493.4c99.8c03, irq 255
2: Ext: Ethernet0/1 : address is a493.4c99.8c04, irq 255
3: Ext: Ethernet0/2 : address is a493.4c99.8c05, irq 255
4: Ext: Ethernet0/3 : address is a493.4c99.8c06, irq 255
5: Ext: Ethernet0/4 : address is a493.4c99.8c07, irq 255
6: Ext: Ethernet0/5 : address is a493.4c99.8c08, irq 255
7: Ext: Ethernet0/6 : address is a493.4c99.8c09, irq 255
8: Ext: Ethernet0/7 : address is a493.4c99.8c0a, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.Hey Jon,
Again, many thanks for the info!
I guess I left that minor detail out concerning the Guest network. I have a second Netgear router that I am using for Guest netowrk access. It is plugged in to one of the LAN network ports on the first Netgear router.
The second Netgear (Guest) router is setup on a different subnet and I am letting the router hand out IP addresses using DHCP.
Basic setup is the 192.168.1.x is the internal network and 192.168.11.x is the Guest network. As far as the SBS 2011 server, it knows nothing about the Guest network in terms of the DHCP addresses it hands out.
Your assumption about the Guest network is correct, I only want to allow guest access to the internet and no access to anything internal. I like your idea of using the restricted DMZ feature of the ASA for the Guest network. (I don't know how to do it, but I like it!) Perhaps you could share more of your knowledge on this?
One final thing, the (internal) Netgear router setup does provide the option for a separate Guest network, however it all hinges on the router being the DHCP server. This is what led me to the second (Guest) Netgear router because I wanted the (internal) Netgear router NOT to use DHCP. Instead I wanted SBS 2011 to be the DHCP server. That's what led to the idea of a second (Guest) router with DHCP enabled.
The other factor in all this is SBS 2011. Not sure what experience you've had with the Small Business Server OS's but they tend to get a little wonky if some of the server roles are disabled. For instance, this is a small busines with a total of about 20 devices including servers, workstations and printers. Early on I thought, "nah, I don't need this IPv6 stuff," so I found an article on how to disable it and did so. The server performance almost immediately took a nose dive. Rebooting the server went from a 5 minute process to a 20 minute process. And this was after I followed the steps of an MSDN article on disabling IPv6 on SBS 2011! Well, long story short, I enabled IPv6 again and the two preceeding issues cleared right up. So, since SBS 2011 by "default" wants DHCP setup I want to try my best to accomodate it. So, again, your opinion/experiece related to this is a tremendous help!
Thanks! -
Best Practice - WAP connecting switchport configuration.
Is there a best practice for deploying the WAP's in a WAP/WLC infrastructure? Should the connecting switchport be an Access port or a Trunk port? I've seen this implemented in both fashions and wasn't sure if one was a better choice than the order. What is the difference?
My other question is regarding applying additional switchport configurations. Is there anything wrong with applying either spanning-tree portfast, spanning-tree bpdguard, or switchport port-security.Hi Ken,
Access port all the time, everywhere, UNLESS the AP is configured for HREAP/FLEX then trunk. Or if you deploy a AP in monitor mode then TRUNK.
QOS -- if its access port trust dscp. If you truck trust cos.
No you are fine. Portfast is highly recommended.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
Best practice about dial-peer creating when using analog lines
Hi,
I am trying to find out what is the best practice when creating dial-peer for analog lines on CME, should I use trunk group or create separate dial-peer for each FXO ports? If I use trunk group, is there any advantage ( lesser dial-peer) or disadvantage?
Thanks!The advantage of trunk groups is that a single dial peer can point to for instance PSTN, rather then multiple dialpeers, with varying preference, each pointing to a separate FXO. Funtionally I can't see much difference. So I guess it also comes down to personal preference.
=============================
Please remember to rate useful posts, by clicking on the stars below.
=============================
Maybe you are looking for
-
Windows File CS Content Crawler - Permission Issues
Hi, Having a strange problem with a Windows File CS Content Crawler. We have setup a shared directory on a server (on the same subnet/network as the portal server) where users drop their files (Word, PDF, Excel etc). We have a Content Crawler job tha
-
Solaris8 intel keyboard problem
I have been unable to make one key ("| \" on english keyboard or "<>" on spanish keyboard) work on either of my machines. The installation worked fine on both boxes but much to my surprise, neither of them have that key working. Incidentaly one box i
-
No Quick Mask mode in Photoshop CC Win
My Photopshop CC for windows does not open quick mask mode when I try any of these three (Select / edit in quick mask, or hitting Q on the keyboard, or clicking the washing machine Icon) Instead it goes into and Alpha/8 or 16 mode. And I am not able
-
Can't connect to VPN after 10.4.10 Upgrade
Please help me! Before I upgrade to 10.4.10 I could connect to VPN. But after the upgrade, it just "timed out". In the Console it shows: Sep 28 12:22:57 vivivold pppd744: PPTP error when sending echo_reply : Network is unreachable\n Sep 28 12:22:57 v
-
Magazine / in-app subscriptions
Hi everybody, Just a quick question regarding Magazine subscriptions and in-app purchases. Can you use you iTunes credit for pay for these? Obviously iTunes credit is predominantly used for purchasing app's however I just wondered if you could use th