Adding A Second DC To The Forest Root Domain?
Feb 27, 2013
I have installed Windows Server 2008R2 on a virtual machine and have setup AD and a domain name called nuggetlab.com and is the first DC. I've created another VM and again installed Windows Server2008r2 and want to add a second DC to the forest root domain. When i run dcpromo and at the option 'Choose deployment conifiguration' wizard i select Existig forest >Add a domain controller to an existing domain > Next, the next screen appears and i type in the domain as nuggetlab.com but when i enter the credentials under 'Alternatate credentials' and enter the admin username and password, i receive an error saying that it cannot be contacted. When i press the details button i can see the description[CODE]
View 5 Replies
ADVERTISEMENT
Dec 28, 2011
I have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:I have 3 domains.
[URL]
Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains. I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent. I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1. I looked to see if I could see domain 2 and domain 3 users and found none. I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2. Instead, it shows domain1 users as domain2user1. I also configured another adserver in the ASA to search ldap on domain 2 to no avail.The cisco documentation states the following:•Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine). Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.Reading that it sounds like it should just work. I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains.
View 1 Replies
View Related
Jul 11, 2011
adding/removing/re-adding a workstation to a domain and Active Directory. We use DHCP at work for our addressing scheme. The problem I had when naming a new workstation the same as the one I am replacing on the domain was that I noticed the new pc with that same computer name as the previous pc was still trying to use the IP address that was assigned to the workstation before by dhcp, so the new workstation was not showing it assigned an IP address. I would try pinging the computer name but there was no reply because it was still showing the ip address of the computer disconnected that had the same name.
- remove the faulty workstation from the domain to workgroup, then restart
- then from Active Directory do I need to reset the Computer name
- then do a ipconfig /release on faulty workstation that has been removed from the domain to release the leased ip address in dhcp
- then disconnect the faulty PC and connect the PC I am using to replace the previous PC
- Name this workstation the same as the one I just disconnected and removed from the domain
-Add this PC to the domain and restart
View 1 Replies
View Related
May 3, 2013
We have a problem with a Cisco 1400 Bridge. This equipment can not bridge to the other root or not root mode. I can see a message "Interface Dot11Radio0 Radio transmit power out of range" and the MAC Address of Dot11Radio0 appears with 0000.0000.0000.I set the local power to 18 but the MAC Address is still in 0000.0000.0000.
View 1 Replies
View Related
Oct 18, 2011
i got the problem with 1300 bridges,root bridge with omni antenna and non root with sector antenna , it can associate and can pin each other , but whenever i try to browse several web pages its get timed out and radio was down.
View 5 Replies
View Related
Jul 18, 2011
Any working configuration between two BR1310's in Root/Non-root mode? The documentation is vary vague and i can't find anything more secure than WEP. Is it possible to use WPA with radius authentication?
View 1 Replies
View Related
Aug 24, 2011
Domain A (Forest 1) <--Two Way Trust--> Domain B (Forest 2)
ACS is joined to domain A.
My question is AD integration (Not LDAP) supported between 2 domains in different forests?
View 1 Replies
View Related
Apr 24, 2012
Can I associate the non-root bridge model 1310 to the root bridge model 1400? Is there any problems on the configuration I need to be aware of?
View 7 Replies
View Related
Mar 22, 2012
how can I root my Toshiba thrive 31.5.003 without messing anything up cuz I'm tablet eleterate an its brand new
View 1 Replies
View Related
May 5, 2011
is it possible to join the ACS 5.1 to a rootdomain (AD) with a subdomain and to authenticate against the subdomain? Or do I need different ACS' for the root and the subdomain?
View 2 Replies
View Related
Jun 23, 2012
I am currently working on an example for a CCNP Spanning Tree Protocol example.I have some lectures on video and getting confused with an example they have provided. It has me baffled as I have compared it against numerous other websites, trawled forums and tried to get other examples to compare it against.Anyway, I have posted screenshots of the topology. They are as follows:
1) topology showing links so can assign costs (100mbps = STP cost 19, 1000mbps = STP cost 4)
2) topology show priority and MAC addresses (priority left at default so root bridge elected by lowest MAC address)
3) topology showing elected root ports **which I do not agree with for switches E & F**
4) topology showing subsequent blocked ports **which I do not agree with for switches D & F, even if I accepted the previous given root port election*** I understand for same cost paths to root bridge that lowest bridge ID wins. So here are my queries:
1) switch E has 2 equal cost paths to root bridge (A):
-via: E > D > A (4 + 19)
-via: E > C > A (4 + 19)
so I think pick the next hop switch with lower bridge ID. Switch C right? In this example it says pick port going to switch D. I am confused! Why pick port going toward switch D?
2) switch F has 2 equal cost paths to root bridge (A):
-via: F > C > A (4 + 19)
-via: F > D > A (4 + 19)
so I think pick the next hop switch with lower bridge ID. Switch C right? In this example it says pick port going to switch D. I am confused! Why pick port going toward switch? tell if the example in the diagram (topology 3) is wrong? If it is correct explain why?Now on to issue number 2...If I accept the root port election given in the topology, I go through the process of assigning designated ports and blocked ports.I understand for each link there is at least 1 designated port. If it is a redundant link, one side will be designated, one side blocked. The designated port will be on the side of the lowest bridge ID (priority + MAC address). So here are my queries:
1) there is a redundant link between switch C and switch F
-one side must be designated
-one side must be blocked
-pick the side with lowest bridge ID (priority + MAC address) for designated port
-switch C has same priority as switch F, so based off MAC address, switch C wins i.e. designated port on switch C side, blocked port switch F side.
-In this example it says port from switch C is blocked and port from switch F designated. I am confused! Why pick port going from switch F as designated?
2) there is a redundant link between switch D and switch C
-one side must be designated
-one side must be blocked
-pick the side with lowest bridge ID (priority + MAC address) for designated port
-switch C has same priority as switch D, so based off MAC address, switch C wins i.e. designated port on switch C side, blocked port switch D side.
-In this example it says port from switch C is blocked and port from switch D designated. I am confused! Why pick port going from switch D as designated?
View 1 Replies
View Related
Sep 16, 2012
I am trying to configure repeater mode on an AP, but the authentication is not working.It seems the authentication is seen as EAP-TLS on the ACS 5.2, but im trying to do LEAP.
Relevant config root AP:
!
dot11 ssid Auto3
authentication open eap eap_methods
authentication network-eap eap_methods1
guest-mode
infrastructure-ssid
[code].....
View 8 Replies
View Related
Feb 10, 2013
I have a very problematic situation here.I have configure on a Cisco 2960 the vty line in a wrong manner and now I am stock.To configure those vty to enable ssh I have typed :
line vty 0 4
login local
password xxxx
line vty 5 15
login local
password xxxx
exit
Problem, I work remotely (I was on telnet while doing this). I have no username configure as I thought that root user would work.Now when I issue an ssh to my switch, I always failed authentication.how I could recover access to my switch without being physically there ? I have write the config in memory, otherwise it would have been too easy.
View 5 Replies
View Related
Oct 20, 2011
I'm currently trying to set up a new infrasturcture with PEAP.
So, i've got redundant CA routers (c1921), an ACS server and 1262 AP's. Everything is working fine and as i want it to.Certificates are autoenrolled and so on, but if the CA root certificate expires, how to tell the AP to get the new root CA cert.
The root-certs are made by auto-rollover, and rolled on the CA router, but I got no change to get this root-cert on the AP.Is there a way to get them in an automated way, like rollover or enrollment?
View 3 Replies
View Related
Oct 16, 2012
I've not found much detail regarding election of a root port other than "The root port is the switch port with the lowest path cost to the root bridge" they also expand on this a bit more for the case below, (italics)." When there are two switch ports that have the same path cost to the root bridge and both are the lowest path costs on the switch, the switch needs to determine which switch port is the root port. The switch uses the customizable port priority value, or the lowest port ID if both port priority values are the same".They explain that on S2, F0/1 is root port because it's lower than F0/2 but don't go beyond this.My understanding is that the following order is true with regards to priority of criteria (in this case), am I right?:
1. Lowest cumulative path cost back to the root bridge
2. In case of tie, the device with lowest Bridge ID
3. In case of tie, the port with the lowest received priority #
4. In case of tie, the port with the lowest local ID #
So, shouldn't this demonstration factor in the BIDs of S3 and S4 before the port priority and IDs of S2 ? For instance, if the BID of S3 was lower than that of S4, wouldn't F0/2 on S2 become the root port? I'm hoping I'm correct in this? Also I've not actually seen these four bullets in any of my official material for STP which I thought was a bit odd. I wondering if anyone else who has seen this before, considered the bridge ID aspect.
View 9 Replies
View Related
Apr 19, 2012
I am trying to confirm which of my cisco switch is the spanning-tree root. I know which I prefer to hold the spanning-tree and I ran the command spanning-tree vlan 1 root on this switch,I would now like to check that this command has worked and so I ran the command 'show spanning-tree root active' and received the detail below.To make sense of this and determine which port the mac address references (From this I take it that 00b0.d0f5.cf31 is the root, how can I determine which port this is).
View 15 Replies
View Related
Feb 18, 2013
Region : UnitedKingdom
Model : TD-W8968
Hardware Version : V1
Firmware Version :
ISP :
Another query regarding diagnostic test and Test DNS Root. It always fails why?
View 4 Replies
View Related
Feb 22, 2012
I have been getting overrun errors on 3 different ASA 5550 HA pairs with traffic rates less than 100Mbps total. I was told by one TAC guy to split the traffic between the two slots so that traffic comes in one and exits the other to maximize throughput because the 5550 was designed to work that way. Another TAC guy told me to enable ethernet flow control to alleviate the overrun errors because the traffic was bursty, but this doesn't seem to address the root cause of the problem to either. TCP traffic is bursty by nature and has it own flow control mechanism. I can't seem to find any detailed info on why traffic needs to be split for 100Mbps when the marketting throughput number is 1.2G. Is this a design flaw or limitation? Is there a way to alleviate overrun errors?
View 25 Replies
View Related
Apr 14, 2013
if the Cisco 3502p AP can run as a root mesh access point ?
View 4 Replies
View Related
Sep 18, 2011
The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.
How to set/find the root password?
View 2 Replies
View Related
Dec 31, 2011
On a production 6509, I am seeing this:
RTR-01#sh spanning-tree int gi2/3 rootVLAN0001 0VLAN0010 0VLAN0011 0VLAN0012 0VLAN0013 0VLAN0014 0VLAN0015 [ code]....
Now I thought the command "sh spanning-tree int gi2/3 root" showed cost to the root bridge. So with everything being zero, its implied this the root, which it is but not for vlan 111 and actually all 1XX Vlans have a different root. Why does vlan111 show its root as out int gi 2/3 but the root cost shows zero?
Issue is we have a issue where a 2950 is acting as root bridge for our wireless vlans, wrong....it should be the 6509, but before I change it over, was wondering about the root port/cost question.
View 1 Replies
View Related
Apr 4, 2011
This is troubling and I don't know why it is happening. For some odd reason files seemingly related to my DIR-655 are being put in the root directory of my hard drive on my Power Mac G5 running Leopard 10.5.8. Two preference files and a folder named ''D-Link'' and another folder named ''Shareport.''Why is this happening? I have given D-Link/DIR-655 no access to my hard drive.Furthermore, why this is only happening on that machine while my MacBook Pro running Snow Leopard 10.6.7 is not being ''invaded.''
View 12 Replies
View Related
Oct 16, 2012
I have a setup where - I have a cisco stack (4X SGE2010 Switches) trunking over to a 3COM switch. Both switches believe to be the "ROOT" of the network. Note The 3COM is running RSTP as opposed to the Cisco Stack which is running normal STP. To my understanding of STP - Essentially STP is not functioning! Both switches believe to be the "ROOT" so they don't shut ports down. (We are currently having major issues with ports going up and down for seconds at a time on both switches)
View 3 Replies
View Related
Feb 16, 2013
I config vlans 21-23 on 3750 A and B switches.I config B switch to be Root Bridge for all vlansspanning-tree vlan 1,21-23, priority 4096 sh span tree on B switch 3750B# sh spanning-tree.
View 18 Replies
View Related
Apr 9, 2012
I want to connect two buildings. Let's call them Building A (main) and Building B.
„A“ is the main building and provides a wired LAN to an AAA server (192.168.1.2) and the WAN gateway (192.168.1.1). There I placed a 1262N with the IP 192.168.1.3 connected to the wired LAN and configured it as Root-Bridge. Let's call it AP01.
„B“ is a pretty large building and has a wired LAN from one end to the other end.
So I placed two 1262N there, each at one end.
The first 1262N is configured as non-root Bridge (AP02) and connects to the Root Bridge (AP01). The IP address of AP02 is 192.168.1.4.
The second 1262N is configured as Access Point (AP03) and connects to the non-root Bridge (AP02) via the wired LAN. The IP adress of AP03 is 192.168.1.5
My Questions:
1. Do I need tell AP02 about the AAA Server in Building A or acts AP01 like a AAA Proxy for AP02 because of it Root Bridge functionality?
2. How Do I tell AP03 that it should use AP02 as a gateway to building A?
View 2 Replies
View Related
Feb 11, 2013
I have two 6509s both with single FWSMs running in transparent mode with bridged Inside and Outside VLANs.I have my Core A set to STP priority of 8192 and Core B set to 16,384 to make Core A the root for all VLANs.Problem I have is when I look at spanning-tree on Core A for Inside VLAN 324 it states to get to the Root go via PO100 (Cost of 9) and that the Root also has a Priority of 8192, but as the designated Root has a lower MAC address it's pointing to the etherchannel. PO100 is L2 Etherchannel between the Cores.Moving accross PO100 to Core B and running the show spanning-tree command I can see that to get to the Root Bridge I need to go via PO272. PO272 is the internal Etherchannel to get to the FWSM on the Core B Switch. This shows a cost of 6 to get to the Root and a mac address of the Root Bridge which resides on Core A (Outside VLAN 124)To give some perspectibe,theoutside VLAN of the pair has it's STP ROOT on the Core A switch as intended?
View 1 Replies
View Related
Jan 18, 2012
I have an Extremely Old switch that I need to connect to my network. Because it is so old I don't want it to become the Root Switch.
what is the command to change the priority. (Honestly I don't remember if it has to be a lower number 1 or a higher number ). Always get that mixed up. I've read about root guard, but I would like to prevent it manually. (It is a small network after all)It is a Cisco 2950.
View 3 Replies
View Related
Jun 30, 2011
We have a root AP whose status light is showing solid red. We power cycled it and it still shows solid red. According to the Cisco documentation, this indicates a firmware failure. Unfortunately, we did not get Smartnet with this access points and instead opted for the limited lifetime warranty.
My question is: is there any way to fix the firmware via console? Whether it be through xmodem or what not. I ran debugs on the controller and can confirm that the AP is not communcating with the controller.
It is also weird that the mesh APs that were previously connected to this root AP show a solid red on their status lights and green for their RF LEDs. Shouldn't the status LED be flashing green-amber-red?
View 1 Replies
View Related
Jan 12, 2012
I have 2 3550 12G switches that I use as core fiber switches. Switch 1 is the primary for 1/2 the V LANs and Switch 2 is the primary for the others using MST with 2 instances (I am not including the default 0 instance). I am using HSRP to provide redundancy. So far so good.
Recently a tenant in my building would like to use their own switch for data but still needs access to a V LAN on mine for voice. Again not a problem as I can configure a trunk port and give them what they need. My concern is that if they try to configure STP on their switch can they take down mine. Are there some preventions that I can put into place, such as root guard, that work with MST? What happens if they too set up MST can they kill mine?
Switch 1 is the root for 1/2 the v lans and Switch 2 is the backup root. The scenario is flipped for the other 1/2.
View 3 Replies
View Related
May 27, 2013
i have 2 1260 Access points one is in root mode , one is wgb mode. Authentication is EAPFAST. There are 5 devices connected via WGB bridge to the rest of the network.
- If clients are sending some data , then WGB AP announces this client mac via IAPP to root AP and rest of the network sees them correctly
- If clients are "passive" , then after WBG AP announces them to root AP , they timeout after 6 minutes on root AP and obviously they are not pingable from the rest of the network. The only way to restore connectivity is to ping that device from WGB AP, then WGB AP announces via IAPP to root AP , then and only then they become visible from the rest of the network.
My question is related to this 6 minute timeout on root AP . Is it normal behaviour ?
View 5 Replies
View Related
Dec 19, 2011
how to configure Cisco 1252-AG-A-K9 Access Point Root and Repeater?
View 9 Replies
View Related
Apr 1, 2013
I have two locations DC and Corp connected to each other via Point to Point Circuit. I have forced the two core switches setup as GLBP pair to be primary and secondary for certain VLAN's including VLAN1.I have a switch in our Corporate office 3750 which is where the point to point circuit terminates. VLAN1 SVI is manually shut on that switch. Also the priority on VLAN1 is increased manually like this, "spanning-tree vlan 1 priority 28672".
Now the issue is that the Primarey Root Bridge in the DC is the root bridge for VLAN 1. But this other switch 3750 in our corporate office also is a root bridge for VLAN1. [code]
View 17 Replies
View Related
Dec 15, 2012
in my LAN the all access layer switchs/stacks are connected directly to core backbone switch (cisco 6509) via sfp fiber-optic, i want to protect my spanning tree setup with the "root guard" command.
1. where would i set this ? on uplink ports on access layer switches ? or on core backbone ports to which the access layer swithes connect to?.
2. can this be set on active (production) ports without downtime?
View 5 Replies
View Related
