Vlan design help

Similar Messages

• Unable to toggle between LiveCycle Designer & Help

  If we opened the LiveCycle Designer Help window, we are unable to switch to the Designer util the help window is minimized. This is slightly annoying the developers.
  It would be better if it can behave like other applications (e.g. Adobe Workbench ES)
  Thanks,
  Nith

  Charlie
  I am unable to duplicate the problem you are experiencing.  I was able to use Acrobat Pro 9 and X, to apply the Reader Extension permissions (to the sample form I posted earlier) and open and sign the form in both Reader 9 and X.
  What is the exact version of Acrobat you are using to apply the Reader Extension rights.  The dialog I see when doing so with Acrobat 9 Pro is...
  If you are using Acrobat Standard, it seems there is a limitation (save data only) on the Reader Extension permissions that you can apply.
  Regards
  Steve

• Questions VLAN design best practices

  As per best practices for VLAN design:
  1) Avoid using VLAN 1 as the “blackhole” for all unused ports.
  2) In the local VLANs model, avoid VTP (use transparent mode).
  Point 1
  In a big network, I'm having VLAN 1 as the blackhole VLAN. I'd like to confirm that, even if we're not complying with best practices, we're still doing fine.
  a) all trunk ports on all switches have the allowed vlans explicitly assigned.
  b) about all ports on all switches are assigned to specific data/voice vlans, even if shutted down
  c) the remaining ports (some unused sfp ports for example) are shutted down
  d) we always tag the native vlan (vlan dot1q tag native)
  So, no data is flowing anywhere on VLAN 1. In our situation, it is safe to use VLAN 1 as blackhole VLAN?
  Point 2
  Event if we're using local VLANs model, we have VTP in place. What are the reasons of the best practice? As already said, we allow only specific VLANs on trunk ports (it's part of our network policy), so we do not have undesired layer 2 loops to deal with.
  Any thoughs?
  Bye
  Dario

  We are currently using VTP version 3 and migrating from Rapid-PVST to MST.
  The main reason for having VTP in place (at least for use) is to have the ability to assign ports to the correct VLAN in each site simply looking at the propagated VLAN database and to manage that database centrally.
  We also avoid using the same VLAN ID at two different sites.
  However, I did find something to look deeped: with MST and VTP, a remote switch can be root for a VLAN it doesn't even use or as active ports into, and this doesn't feel right.
  An example:
  1) switch1 and switch528 share a link with allowed vlan 100
  2) switch1 is the root for instances 0 and 1
  4) VLAN 100 is assigned to instance 1
  5) VLAN 528 is not assigned to any particular instance so it goes under instance 0
  6) VLAN 528 is the Local Data LAN for switch528 (switch501 has VLAN 501)
  swtich528#sh spanning-tree vlan 528
  MST0
    Spanning tree enabled protocol mstp
    Root ID    Priority    24576
               Address     1c6a.7a7c.af80
               Cost        0
               Port        25 (GigabitEthernet1/1)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
               Address     1cde.a7f8.4380
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi0/1               Desg FWD 20000     128.1    P2p Bound(PVST)
  Gi0/2               Desg FWD 20000     128.2    P2p Edge
  Gi0/3               Desg FWD 200000    128.3    P2p Edge
  Gi0/4               Desg FWD 200000    128.4    P2p
  Gi0/5               Desg FWD 20000     128.5    P2p Edge
  switch1#sh spanning-tree vlan 501
  MST0
    Spanning tree enabled protocol mstp
    Root ID    Priority    24576
               Address     1c6a.7a7c.af80
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    24576  (priority 24576 sys-id-ext 0)
               Address     1c6a.7a7c.af80
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Should I worry about this?

• Can the same IP scheme be implemented to a new VLAN design?

  p { margin-bottom: 0.1in; line-height: 120%; }
  Hello,
  I have a one broadcast domain using, for example the 192.168.0.0/20 network. If a VLAN design is implemented, can the same IP scheme 192.168.0.0/20 be used or would it be something like 192.168.0.0/24 for the servers, 192.168.1.0/24 for the users, etc....?
  Also, what determines the use of VLANS? For example, I've read that if the broadcast traffic is 20% or more then a VLAN design should be implemented. Or is it best practice to implement VLANS regardless of broadcast traffic?
  Thank you,
  Alex

  Alex,
  Usually the best practice is to use vlans and keep the broadcast domain small.  A common practice is to use a /24 subnet per vlan.  
  192.168.0.0/24 vlan 10
  192.168.1.0/24 vlan 11
  192.168.2.0/24 vlan 12
  and so on.
  HTH

• I like to pdf my score. I design my score properly, but then when I make the PDF it changes, in not correct design, help!

  i like to pdf my score. I design my score properly, but then when I make the PDF it changes, in not correct design, help!
  the same problem when normal printing

  You have 90 days of free AppleCare telephone support, please call them. If you don't know the number please click AppleCare Contact Info to locate the number on your part of the planet.

• Management VLAN Design and Implementation

  Greetings, friends.  I'm having trouble getting a clear picture of how a management VLAN ought to look.  I just installed a Catalyst 6509-E as my core switch, and as soon as they arrive I'm going to be replacing all of our other (HP) switches with Catalyst 3560X switches.  I understand the reasoning behind segregating traffic, not using VLAN1, etc., but I've never actually implemented a management VLAN--I've always just accessed the switches via the IPs assigned to them where all the client traffic flows (not VLAN1, by the way).
  Is "management VLAN" simply what we as humans call a VLAN we dedicate to management activities, or is there something official in these switches to designate a "management VLAN?"
  Is it best practice to include SNMP, netflow, syslog, and NTP as "management" traffic?
  There's a lot of documentation talking -about- management and management VLANs, but unless I'm blind or not looking hard enough I can't seem to find any implementation whitepapers or best practices whitepapers that demonstrate setting one up on a campus LAN.  Are you able to point me in the right direction to find such documentation?  Is it perhaps buried in a manual somewhere that isn't explicitly labeled "Management VLAN Design and Implementation" or somesuch?
  What is the best practice for accessing the management VLAN?  Inter-VLAN routing + ACLs?  Multi-homed PCs or servers?  Additional PCs to be used as access stations?
  Thank you for your wisdom, experience, and advice!
  Kevin

  1. Yes, you may want to keep this traffic separate of the other traffic limiting device management access to just this vlan, as this prevents eavesdropping.
  2. Indeed all other housekeeping goes via this VLAN altough you could limit it to the interactive or session traffic.
  3. On a campus you could think of one big VLAN spanning the campus, one a multi-site environment or where you use L3 to go to you datacenters you probably need multiple management lan's. I've seen implementations where the management traffic was kept separate and even didn't use the routing protocol in use. The whole management lan was statically routed and would work even if OSPF or BGP was down.
  4. I feel a situation where the people providing support are connected on the lan giving access to the devices is probably best. A dual homed pc is a good solution I think, other customer feel the management lan should be treated as a DMZ accessible via a firewall,  but the hardcore customer insist on a second pc connected to the management lan.
  Points to consider are as always,
  Find the single point of failure. Any device, L2 L3 firewall that could cut off management from accessing a part of the network.
  Find the right balance between security, costs, easy of access for the business your in.
  Cheers,
  Michel

• VLAN Design

  Hello Fellow Experts,
  Are there any Cisco documents that implicitily recommend the use of smaller subnets over larger ones? i.e. VLAN Design Best Practices
  Aside from the obvious benifits, can anyone think of other advantages other then the following:
  A. Smaller Broadcast / Bandwidth Domains
  B. Less impact to STP BPDU on large (flat) L2 networks where timely receipt of BPDU's is important.
  C. Less impact to wired and wireless client machines that must listen to broadcast/multicast traffic.
  D. Increased granularity when defining ACL, QoS & Security Policies through increased VLAN segmentation (i.e. smaller subnets) 
  E. Increased performance through VLAN segmentation of network traffic.
  In addition, there might be alternate reasons why keeping a subnet/VLAN small. While reviewing some Cisco documentation, I discovered the following:
  Examples of why the switches may not receive BPDUs include bad transceivers or Gigabit Interface Converters (GBICs), cabling issues, or hardware failures on the port, the linecard, or the Supervisor engine. One frequent reason for STP failures is a unidirectional link between the bridges. In such a condition, one bridge sends BPDUs, but the downstream bridge never receives them. STP processing can also be disrupted by an overloaded CPU (99 percent or more), because the switch is unable to process received BPDUs. BPDUs can be corrupted along the path from one bridge to the other, which also prevents proper STP behavior.
  Aside from the forwarding loops, when no ports are blocked, there are situations when only certain packets are incorrectly forwarded through the blocking ports. In most cases, this is caused by software issues. Such behavior might cause “slow-loops.” This means some packets are looped, but the majority of the traffic is still flowing through the network, because the links are probably not congested.
  http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/28943-170.html#stp_fails
  STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed
  STP calculates the path cost based on the media speed (bandwidth) of the links between switches and the port cost of each port forwarding frame. Spanning tree selects the root port based on the path cost. The port with the lowest path cost to the root bridge becomes the root port. The root port is always in the forwarding state.
  If the speed/duplex of the port is changed, spanning tree recalculates the path cost automatically. A change in the path cost can change the spanning tree topology.
  If auto negotiation fails, and STP re converges. If re-convergence does not occur rapidly enough, the segment will goe down until STP reconverges.  
  In an effort to prove my point further, I would like to propse a risk management related question:
  Q: Would you rather have an outage that affects 254 users or 1024?
  A: You tell me?
  Q: What are implications to wireless subnets that are 1024 or larger?
  Q: What size subnet would you deploy for your WLAN's and WHY?
  Aside from what I have already thought of, I would like to here from other experts 
  Thanks,
  Christian

  Duplicate posts.  :P
  Go here:  http://supportforums.cisco.com/discussion/12153216/vlan-design

• Non-profit needs Dreamweaver design help

  Small non-profit serving homeless veterans and veterans in crisis needs design help with Dreamweaver website.  The website was created as a school project by university students but there are some design issues that we are not able to correct.

  It appears to be template driven so the basic layout is inside your site folder's Templates directory -- main.dwt.   This file drives the site wide elements such as navigation, common headers, footers and sidebars. 
  Child pages created from that main.dwt file contain editable regions for content that will change from page to page.  Only content in these editable regions are editable from child pages.
  Whoever will be responsible for updating content should get familiar with CSS & HTML code.  This is required knowledge to work with Dreamweaver.
  Start here:
  HTML & CSS Tutorials - http://w3schools.com/
  Code validation tools
  http://jigsaw.w3.org/css-validator/
  http://validator.w3.org/
  Also thoroughly read DW's Help docs (F1) under working with DW Templates. 
  It looks like the students did a pretty fair job of building the basic site for you.  Now it's up to your org to swap out the generic stuff with relevant content.   I don't advise you to alter the basic layout or structure.  It's all there.  You just need to get up to speed on how to work with it.
  Nancy O.

• Need some design help

  Well "overall" design help. This project MUST be open source so it does ensure i am very efficent in my design
  Basically my system is going to be a bunch of work stations that tunnel into a server to send the data.
  Now the big issue is, each work station must encrypt its own data and save it on its HD, but it must send data to the server for the server to save it and encrypt it (redundency).
  The big issue is sending data to the server. the keys, how do i securely send them to the server so they can decrypt the stream? everything will randomly generate its key whenever the user (or the system) decides it is time to for the sake of not resuing keys.
  basically we are going to use linux, lock down all ports but one to use sockets to communicate with the server (and vice versa). this adds an extra layer just so we can authenticate with the server machine (and client machines when the server sends it a request)
  help? more info needed?

  I know (next to) nothing about system security (well,
  not enough to be advising people, anyway) - but the
  key distribution problem is typically solved by using
  Public Key Cryptography to exchange a Session Key.
  Have you thought about using an existing system like
  SSL or Kerberos?eh SSL won't really work... i a mgoing to pick up "Cryptography Decrypted" apparently it is a good book to pick up some of the things i need

• Design help to the forms

  Hi gayes
  I need your help in designing help to any any working screen such that when the user push F1 buttons , click the right buttons of the mouse and choose help from the popmenu,or choose help from the menu bar . It must give him the correct help.
  Also this "help screen" how could I make it,and connect it to the help of windows98 to work.
  Thanks

  Hi Kimberg Howe,
  You have several alternatives to generate a .hlp file. You can do it manually in words and save the file as a rich-text-format (.rtf), and then use the Microsoft Help Workshop (a Free Program obtainable from www.microsoft.com site) but realize that you will have to code all the Winhelp engine commands and that's some task. However, you can investin some WYSWYG winhelp file generators. I guess it is not appropriate to suggest any in this forum, but you can do a search on any search engine for keyword "Winhelp", or you can also search on www.download.com
  What this program will do for you is to allow you design your help file and then generate the .hlp for you, some of these programs can also allow you to generate html files that is suitable for web forms.
  I hope this help.

• Design Help / Education

  Does anyone know if Adobe offers any design education
  I need some basic design help using Dreamweaver (as I am
  having issues migrating from Go Live)
  If not Adobe, are there any experienced DW users out there?
  thanks

  Experienced DW users? Well, yeah.
  What do you need?
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  ==================
  "golfingdad" <[email protected]> wrote in
  message
  news:gefblj$2pt$[email protected]..
  > Does anyone know if Adobe offers any design education
  >
  > I need some basic design help using Dreamweaver (as I am
  having issues
  > migrating from Go Live)
  >
  > If not Adobe, are there any experienced DW users out
  there?
  >
  > thanks
  >

• Design Help! Add new lines

  Hi All,
  I need a design help for adding extra lines on an existing order.
  I have a page with 2 subtabs, first one is for order header info inputs and second one is for line info inputs. The line subtab base on user selection may generate mutile lines in lineVO (multiple rows). After user clicked an apply button on line subtab, a header row will be committed into header table and line row(s) will be in line table.
  I was trying to have another button to allow user enter extra lines after committed existing header and line VO. After user click the "add extra line" button, I retain AM to keep header VO but flush out line VO, with this way, framework will try to delete lines in line table.
  Since there are lots logic requirements, I can't keep adding lines after line VO.last() without committing first round line entering.
  How can I keep Header VO, clean line VO, then enter new line(s) info as ADD but not DELETE/UPDATE? any suggestion??
  Thanks & Regards,
  KJ

  Hi Shreya,
  I am not sure about giving new line in each and every page, but there is an alternate. You can show all data in one single page. That is how much ever records you have, they will be shown on one single page, instead of spanning across multiple pages. You can achieve this by changing the property "Number of Data rows displayed at once" from default 100 to 0.
  Hope it helps.
  Regards,
  Arunan.C

• WAN Load-Balancing and multi VLAN design

  Hello,
  I need some help to define the design of a specifi LAN-WAN network.
  1) There are 2 independant WAN entries (they have their own ISP-managed router)
  2) I need to load-balanced the requests over the 2 WAN
  3) If possible, the load-balancer must be redundant (GLBP ?)
  4) On the LAN itself, there must be 15 different VLAN
  5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
  What do I need to implement this configuration ?
  And is it possible to configure with as much GUI as possible ?
  Thanks in advance for your help.

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• WAAS Design Help Needed - URGENT!

  Hi,
  I am currently designing and implementing a WAAS solution for s client in their Data Center. It is deployment of a single Accelerator and one CM.
  It has been decided that the WAAS accelerator (7341) will have its two NICs connected to two of their core switches (both 6500). The two core switches have a Layer 3 Etherchannel link between them and are running OSPF for network convergence (i.e. Layer 2 connectivity is not used).
  I am facing a problem in the design, since I know that the Active/Standby configuration for the accelerator would require a redundant gateway via HSRP (at least) but this is not possible in a routed environment in the core switches. Furthermore, I am to run WCCPv2 for redirection.
  Therefore, I am confused as to how to proceed in such a case considering that I can only configure one default gateway on the accelerator when I need high availability on two different subnets.
  Please assist at your earliest.
  Thanks.

  Amir,
     Considering your question below
  "I am facing a problem in the design, since I know that the Active/Standby configuration for the accelerator would require a redundant gateway via HSRP (at least) but this is not possible in a routed environment in the core switches. Furthermore, I am to run WCCPv2 for redirection."
  Do WAE is configured for Standby interface and is this your Primary Interface as well? If answer is yes then see below
  You will need a common VLAN for WAAS on both 65K swicthes in order for Active / Standby interface to work properly.
  1: When using OSPF make sure your tcp flows has both ingress and egress flows transit from same switch
  2: Use Generic GRE method for Egress under WAAS intercept configuration.
  Since you are running WCCP each swicth will be able to redirect its TCP traffic via GRE Tunnel to WAAS and WAAS will send the packet back to the same swicth. This will ensure packet path is not modified when WAAS / WCCP is introduced.
  Also make sure that you do not have any WCCP redirect on Layer 3 connection between 2 swicthes. Let me know if this helps.
  Ahsan Khan

• Design Help - Firewall/DMZ

  Hi,
  I am about to purchase two 5515-X next generation firewalls and I need to decide what to do as far as the design goes so I need some help from the experts. This appliances seem to come with 6 1Gbps ports which is enough. In our LAN, we have two 6500 running on VSS mode and we are also going to get our second ISP. Doing the obvious which is cross-connect each firewall with the two 6500s and possibly with the internet routers. Is it something else you recommend?
  Planning to trunk a couple interfaces and connect them to a DMZ switch; however, how do I make that one switch redundant? Some of the vendors currently connected do not offer a redundant link in case of failure.
  I'll be deploying the devices as active/standby and this is because I have VPNs configured which it is my understanding that both devices can't be active with this type of configuration. Can someone advise on this matter? However, the company wants to use them both at the same time.
  Using two ISPs, how do I deal with the Public-Internal NAT?
  Any help is greatly appreciated. Thanks.

  Planning  to trunk a couple interfaces and connect them to a DMZ switch; however,  how do I make that one switch redundant? Some of the vendors currently  connected do not offer a redundant link in case of failure.
  Well, you could use the 6500s if you have enough free interfaces on it.  Create the DMZ VLAN on the 6500s as well as on the new DMZ switch.  On the 6500 and the DMZ switch configure the ports as trunk but only allow the single VLAN on that trunk.  Create a subinterface on the ASA and place that subinterface in the new DMZ VLAN and give it an IP.
  I'll be deploying the devices as  active/standby and this is because I have VPNs configured which it is my  understanding that both devices can't be active with this type of  configuration. Can someone advise on this matter? However, the company  wants to use them both at the same time.
  What the company wants isn't always what is the best solution and they should be told that, from time to time.  However, it is possible to configure the ASAs in an Active/Active setup.  This will require that the ASAs are configured in multiple context mode.  On one ASA context 1 is active while context 1 on the second ASA is in standby mode. then on the second ASA context 2 is the active context and on ASA context 2 is in standby mode.  This setup will alow the use of both ISP connections and be able to maintain VPN connections.  Keep in mind that the VPN connections will not be active on both ASAs.  It wil only be active on the active context, but will failover to the standby context if a failure occurs.
  Using two ISPs, how do I deal with the Public-Internal NAT?
  the ASA does not support two active default gateways, and therefore support for two ISPs is not supported in single context mode.  So if you have a requirement to use both ISP connection simultaneously then you need to have multiple contexts. Each context is a virtual firewall and completely seperate from eachother.
  So, back to the active contexts.  context 1 on ASA1 is the active context and is connected to ISP1.  context 2 on ASA2 is the active context and is connected to ISP2.  You would perform NAT in the exact same way as you would in a single context ASA no hocus pocus.  The only difference is that the traffic that goes towards each context and subsiquently each ISP are not from the same subnet.  They need to be seperated and then diveded between the two contexts.
  So, context 1 would have traffic for VLANs 1, 3, 5, 7, 9 and context 2 would have traffic for VLANs 2, 4, 6, 8, 10.
  here is a link on how to configure active/active failover.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_failover.html#wp1163513
  Please remember to rate and select a correct answer