VLAN Configuration for Internal and Guest Wireless

Similar Messages

• Single WLC for Corporate and Guests

  Hi, We are looking into deploying Wirelss on our corporate network. There are a few branch office and a central office, we want to use a single WLC if possible which will allow both internal and guest user traffic whilst isolating guest traffic.
  I understand there is the option of placing an Anchor WLC in the DMZ for guest traffic and an internal one, but it's a bit of overkill given the limited access required for guests at this stage.
  Is the above possible to place the WLC in the DMZ or on the internal network whilst having the guest user traffic terminate in the DMZ and isolated from internal traffic.
  The WAN to branch offices are IP WAN and is it possible to somehow bridge them back to the central office WLC?
  Thanks

  There are a lot of variables that would go into this.  In my environment, I have a 6500 and a couple of WiSM controllers.  I also have a FWSM that is seated in a different 6500.  What I did was create a vlan and map that vlan to my FWSM as a DMZ.  Then I set up the approprate firewall rules to seperate that vlan from everything else.  Then I just trunked that vlan to the 6500 that my WLCs are seated in.  I then created a dynamic interface on my WLCs that pointed to this vlan and created an SSID that was meant to be a Guest SSID using Layer 3 security (Web Auth).  Works pretty well.

• "This virtual machine is configured for 64-bit guest operating systems. However, 64-bit operation is not possible.  This host does not support Intel VT-x"

  Hi, I have installed vmware 5.5 hypervisor on hp G8 microserver. I have created one vm as windows 2008 R2. I have also install vmware workstation 11 on this vm. In this workstation when I tried to run vmware 5.5 hypervisor I come across "This virtual machine is configured for 64-bit guest operating systems. However, 64-bit operation is not possible.  This host does not support Intel VT-x" this statement. Which shows that the host machine does not support virtualization and for that you need to go in Bios and enable it but in present case as host machine is also a vm and you would not find much detail of Bios when you log into the Bios therefore, I am pretty much stuck here. I don't see any information in relation to this. Now my question is:
  1. Can we run ESXi inside a vm which is already sitting on ESXi?

  I moved the discussion from VMware Workstation to Nested Virtualization which contains several hints on what's possible and what needs to be configured to make things work.
  André

• SCOT configuration for internal & external email system in EP.

  Hi,
  I want to add SCOT configuration for internal & external email system in  SAP EP 7.0  ?
  What all steps I need to do ? any good documents on this ?

  Hi Haider,
  I have read the link you have given me to configure SCOT. I have 3  doubt plzz clarify.
  Doubt No. 1:
  In that link its mentioned that I have to add 2  profile parameter in the transaction RZ10 namely icm/server_port_<>*  and is/SMTP/virt_host_<>*
  My question is Can I put any value which i like in place of * like can I add either icm/server_port_2  OR  icm/server_port_3 OR icm/server_port_4  in icm parameter AND ALSO
  Can I put any value which i like in place of * in is/SMTP/virt parameter like can I add either is/SMTP/virt_host_0  OR  is/SMTP/virt_host_1  OR is/SMTP/virt_host_2 .
  Doubt No. 2:
  What port value I have to put in the profile parameter    icm/server_port_2  in RZ10.  Can I put any port value ? and automatically that port will work? say suppose I addded this profile parameter in RZ10
  icm/server_port_2 = PROT=SMTP,PORT=25000,TIMEOUT=180          so automatically 25000 port will work ? or will it give error?
  Doubt No. 3:
  When I go to SMICM transaction and go to services , I get the following:
  No.  Log         Service name/port     Host name           Keep Alive    Proc TimeOut   Active
  1     HTTP               8000                  epv.sopm.com           30                     60               Yes
  2     SMTP               0                       epv.sopm.com            30                    60                Yes
  3     HTTPS             8001                 epv.sopm.com            30                    180               Yes
  This means that HTTP port is 8000,   HTTPS port is 8001. My question is why in SMTP its showing 0, why no port is shown?
  I have not added any profile parameter like  icm/server_port_2 = PROT=SMTP,PORT=25000,TIMEOUT=180     for SMTP in RZ10 as of now.
  Is this the reason for this ?

• Reverse proxy for internal and external

  Hello,
  BM1 is our main BM3.9 Box. I have reverse proxy configured for webaccess and to release emails from our spam filter externally (this works). This BM server also is our external DNS, and our default route for Internet traffic.
  Another BM box is our internal DNS.
  I need to modify BM1 config to enable client internally to release emails from our spam filtering software. The error issued is 504 Gateway timeout.
  Do I just add the internal ip address to the BM1 accelerator entry meaning that the same accel will listen for both internal and external addresses ?
  Any help is appreciated
  Regards
  Brian

  bdavis97,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Shop configuration for internal users

  Hi SDN,
  We are using ecommerce 7.0 for SAP ECC 6.0.
  I've seen at the shopadmin that there is a possibility to configure an eshop for internal users. There its possible to create a scenario "B2B For Internal Users".
  So in my point of view. I have to define a b2b configuration at XCM. And then i should see that new scenario after login.
  But that works abolutely not. The shop with scenario "B2B For Internal Users" is not displayed. I only see all the configurations of type "Internet Sales B2B".
  Why?? both this scenarios are B2B scenarios. So both has to been displayed?
  How to configure a shop for internal users?
  One more point which i understand not... Why is this configuration for internal users a B2B scenario and not a BOB?
  The internal user has to select the customer...so thats the same like a BOB shop??
  Please explain me that things What im understanding wrong here?
  Thanks and best regards,
  Toni

  Hi SDN,
  We are using ecommerce 7.0 for SAP ECC 6.0.
  I've seen at the shopadmin that there is a possibility to configure an eshop for internal users. There its possible to create a scenario "B2B For Internal Users".
  So in my point of view. I have to define a b2b configuration at XCM. And then i should see that new scenario after login.
  But that works abolutely not. The shop with scenario "B2B For Internal Users" is not displayed. I only see all the configurations of type "Internet Sales B2B".
  Why?? both this scenarios are B2B scenarios. So both has to been displayed?
  How to configure a shop for internal users?
  One more point which i understand not... Why is this configuration for internal users a B2B scenario and not a BOB?
  The internal user has to select the customer...so thats the same like a BOB shop??
  Please explain me that things What im understanding wrong here?
  Thanks and best regards,
  Toni

• Single URL for internal and external CRM access when using IFD

  Hello,
  At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
  I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
  when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.

  There are several approaches to your question.  You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
  sign on.
  I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
  externally really isn't possible.
  What I recommend is:
  1. make the external URL available internally
  2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
  3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
  4. Have users who are primarily external use the external URL for the web client
  For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
  One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
  URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external.

• I will be buying the new IMac 27 inch in December. Would like input on the best configuration for photographic and possibly video processing-dream machine!

  I will be buying an IMac 27 inch in December. What is the best configuration for photo and possibly video processing.Does one need a Mac Pro? Dream machine!

  Just to explain what I just wrote to Laundry Bleach:
  Why is there no iDVD on my new Mac?
  https://discussions.apple.com/docs/DOC-3673
  UPDATE & ADDENDUM:
  But even though you can still buy iLife 11 that includes iDVD 7 from Amazon, Apple now make it difficult to install:
  Poster jhb21939 posted this in another thread:
  “when I attempted to load iDVD into a new iMac. A notice came up on the screen stating that the 'Authorisation Licence' had expired on 25 March this year (2012).
  I contacted the Apple support team and eventually, I was told that the Licence had been withdrawn and could no longer be used.”
  In other words Apple are now so adamant that we don’t use iDVD that they have tried to make it impossible to install.
  In response, Old Toad posted this solution:
  “You can still use it one all of your Macs.  If you get an invalid certificate message just set your Mac's clock to sometime before early 2011 and run the installer.  After you're done reset the time back to the correct time.” He added this comment:
  “It began after iDVD and iWeb were discontued and they were dropped from the Apple Store. All I can think of is the certificate was set to expire after a certain time period after the intitial iLife disc was released.
  I've been able to use the installer even without setting back the date.  I just clicked on the Continue button and it would work as expected.  For some it would not continue unless the date was set back.”
  The latest anorexic iMacs just announced do not even include a CD drive! Proof positive that Apple virtually prohibit the use of DVDs - although the newly announced Mac Minis do include a Superdrive.
  Yet, they still include iMovie! Heaven alone knows or understands what you are supposed to do with your newly edited masterpiece - except make a low quality version for YouTube?

• Non-Web Server Publishing Rule for Internal and External

  Hi there,
  I have a problem with my TMG and publishing SSH for Internal and External users to an internal Server.
  Network:
  Internal Network
  SSH Server, 10.10.10.25
  Internal DNS record "ssh.domain.com" pointing to 10.10.10.254
  TMG Server, 10.10.10.254/192.168.0.254
  External Network
  External DNS record "ssh.domain.com pointing to 192.168.0.254
  I want my users (internal AND external) using their SSH client to connect to ssh.domain.com and TMG to forward the request to the SSH server. Note that internal clients and the SSH server are in the same network.
  I have created a custom "SSH Server" protocol with inbound TCP for port 22 and created a Non-Web Server publishing rule.
  Traffic Tab: SSH Server Protocol
  From Tab: Internal, External
  To Tab: 10.10.10.25, original client
  Networks Tabs: Internal, External
  External users cann connect without a problem, all fine here. Internal users get a timout. The TMG Log says: Denied Connection (Default Rule,
  The policy rules do not allow the user request) and doesn´t recognize this is an inbound request. The log gives me dest IP 10.10.10.254 and protocol SSH and not 10.10.10.25 and SSH Server.
  I read a lot of networking rules and NAT/Routing, tried a bit but never got a success.
  Can you help me fix or working around this and tell me whats going on there and if there a limitations in TMG I don´t know yet?
  Regards,
  Sascha

  Hi,
  According to your description, it seems that request was denied by the TMG rules so the request from the internal users
  could not be forwarded to the SSH server. I would appreciate it if you can post the logs to us and the results of running ipconfig/all on the TMG server.
  In addition, maybe you can change the firewall policy only from
  External and add another firewall policy for the internal user to see if the issue persists.
  More information:
  Creating and using a server protocol
  TMG
  Back to Basics - Part 1: Server Publishing Rules
  Best regards,
  Susie

• Restrict email attachments if more than 1mb for internal and 250kb for external emails

   
  Hi,
  Restrict email attachments if more than 1mb for internal and 250kb for external emails ?
  Can any one help me in this issue
  Thanks
  Deepan.T

  Hi Deepan,
  You can use transport rule to restrict the attachment size.
  I use the following transport rule to reject the attachment size over 2MB with "5.7.1" information returned.
  New-TransportRule "block large attach" -AttachmentSizeOver 2MB -RejectMessageEnhancedStatusCode "5.7.1"
  For more information, here is an article for your reference.
  New-TransportRule
  http://technet.microsoft.com/en-us/library/bb125138(v=exchg.141).aspx
  Hope it helps.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Internal Corporate wireless and guest wireless network

  I need some technical information on hwo the wireless guest network is created on the Airport Extreme. We currently do not permit personal wireless devices to connect to our internal wireless network in order to protect out data. Several times users have presented us with justifiable business requests to have access to the wireless network from their own devices. We've been looking at using the Airport Extreme in order to do this, but we are bound by PCI (Payment Card Industry) requirements to keep our customer credit card data secure. PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?
  Two or three of these on each floor would fit our need for such access and keep out customer data secure.
  Thanks

  Welcome to the discussion area!
  +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
  I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
  This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
  FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

• Disabling Right Click Menus for Network Magic's System Tray Icons for Standard and Guest Accounts

  OK, so I want to know how to disable the right click menus for Network Magic's system tray icons only for Vista's standard and Guest accounts?   I don't want other users signed in as a Standard account or guest account having the ability to disable the system tray icons for network magic.

  Hi, currently it's not possible to disable NM from being accessed by a Limited user account, but that is a good idea.
  My Cisco Network Magic Configuration:
  Router: D-Link WBR-2310 A1 FW:1.04, connected to Comcast High Speed Internet
  Desktop, iMac: NM is on the Windows Partition, using Boot camp to access Windows, Windows 7 Pro 32-bit RTM, Broadcom Wireless N Card, McAfee Personal Firewall 2009,
  Mac Partition of the iMac is using Mac OS X 10.6.1 Snow Leopard
  Laptop: Windows XP Pro SP3, Intel PRO/Wireless 2200BG, McAfee Personal Firewall 2008
  Please note that though I am a beta tester for Network Magic, I am not a employee of Linksys/Cisco and am volunteering my time here to help other NM users.

• Exchange certificates and services setup for internal and external clients access on separate domains.

  I have the following on my local network.
  Server DomainA -> Small Business server 2003/Exchange 2003
  Server DomainB -> Windows 2008 R2/Exchange 2013
  Clients Domain A ->  Windows XP/Outlook 2003
  Clients Domain B -> Windows 7/Outlook 2007/2010
  Problem:  I want clients from DomainA to log into Exchange on DomainB on the same local network.
  I need to know how to setup the DNS on both domains and the certificates on the DomainB Exchange server
  to accept the connection from the PC on domainA.   All connections from clients on domainB to server on domainB
  work correctly but when adding accounts to Outlook 2003/2007 on domainA clients I am getting certificate errors.
  I have purchased certificates for mail.domainb.com and autodiscover.domainb.com but I dont know how to get 
  the clients on domainA to recognize those external URL's of the exchange server (with the certificates bound to them) from the internal network. Hence I get domain errors.
  I am getting issues when a client on DomainA tries to add an Outlook mail profile to connect to the Exchange on DomainB
  Any suggestions on how to set this up?
  thanks

  Domain A & Domain B are two separate AD Forests?
  Users in Domain A either need mailbox-enabled user accounts that are in DomainB or a linked mailbox in Domain B to utilise the Exchange Server in DomainB. In either case with the help of the autodiscover service user can use the services in ExchangeB. 
  If the client machines are member of domainA and you are trying to access ExchangeB you will then need to leverage a custom XML file for autodiscover and force the Outlook client to use this file. 
  <?xml version="1.0" encoding="utf-8"?> 
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> 
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> 
      <Account> 
        <AccountType>email</AccountType> 
        <Action>redirectUrl</Action> 
        <RedirectUrl>https://autodiscover.domain.com/autodiscover/autodiscover.xml</RedirectUrl> 
      </Account> 
    </Response> 
  </Autodiscover>
  Then you need to configure the client machine to query that XML file by adding the following registry key:
  Refer to XML file
  for Outlook 2007:
  HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  for Outlook 2010:
  HKCU\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  STRING_value <your_namespace> = path to XML file
  you can find more information in the following link.
  Controlling Outlook Autodiscover behavior
  http://blogs.technet.com/b/kristinw/archive/2013/04/19/controlling-outlook-autodiscover-behavior.aspx
  CK

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Capacity evaluation for internal and external workers in one work center

  Hi ,
  Normally in all Industries you have internal manpower to execute work. Say I have a work center named "Mechanical" , I will have 5 people working 8 Hrs for 5 days in a week. We usually configure this in capacity tab of work center for capacity category "002-Labour".  In scheduling tab we configure sceduling data for a capacity category "002-labour"
  In many industries , depending on load, many time, external labours are hired to give assistance to internal workers. Technically it is like adding one more capacity category "PER-Person" and adding number external labours there and in scheduling tab adding required configuration for "PER" capacity category
  Total capacity for any given day would be available capacity in capacity category -002 + available capacity in PER capacity category.
  However in scheduling Tab , scheduling basis can be either 002/PER.
  How can we add more scheduling basis to refer to more than one capacity category ?
  Any other alternative to above problem statement?

  let us say, you have a work "Pump repair" which is done partly by internal workers say 2 people and 1 external labour. Let us assume the number of people in 002-labour is 2 (internal ) and  capacity in capacity category (PER) which is external work center is 3 (Total 5 ).
  Now if I I leave scheduling basis as blank, then system will calculate scheduling based on 002 capacity category as it is "Major" . But I want system to consider both 002 and +PER .
  You are suggesting two line items "Pump Repair internal" and give 2 numbers and duration as 8  control key PM01 . Create another operation "Pump repair External" use control key PM02 (where in scheduling is enabled)  where 1 number - 8 Hrs duration is maintained with another work center.
  If I maintain 2 different work centers and two different operations, this will work. But for customer this is just one work and capacity evaluation should be based on capacity category 002 and PER .
  How to solve this by maintaining one work center , two capacity categories in same work center  and maintaining one control key PM01 in operation?