How to treat your enterprise network in terms of security? Do you firewall between sites? Between subnets? I've been a little gung-ho with packet filtering, and the more the network is growing the harder is becoming to make that scalable and manageable. It's looking like a pretty good idea to just open up access to/from all my sites. I'm going to continue locking down user areas where we can't necessarily trust the boxes, but all our server subnets I think can be opened up to unfettered access.
Modem - (MODulator/DEModulator) This converts your xDSL analog signals into a digital format for use on your home network. A modem can also be part of a Router/Modem combination device.This device typically sits at the very edge of your network at your ISP's demarcation point (the point from where their responsibility for equipment ends).
Router - A router serves to 'route' information from network to network. I.e. A router will route information between the network 192.168.1.0 and 172.16.1.0. Generally your home routers will come as a modem/router/wifi access point package. It will basically route packets of information that are generated on your LAN (Local Area Network) to the internet, and in turn, route packets from the Internet to your LAN devices.
Wifi access point - Obviously provides a wireless Ethernet signal so that you can connect wireless devices to your home network. Typically, the wireless access points you will see will come as a combination of router/modem/wifi point. You can buy extra wireless access points (not wifi routers) and place them strategically throughout your home to increase signal coverage.
Switch - Uses hardware addresses to 'switch' packets through the LAN. Normally a domestic router will have 3 or 4 switch ports built into it. However, switches do come as standalone devices and can be used to increase the breadth and scalability of your home network by using the extra ports they provide to patch in more devices.
Host - A host is basically your PC, iPad, smart phone, laptop that is situated on your home network.
NAS Drive - (Network Attached Storage) Contains storage space that can be used as network a share by connecting it your home network.
NIC - (networt interface card) this is the component that allows your PC/Laptop to be hard wired into your router or switch. It will have an RJ45 jack so that you may connect Category5 and onwards patch leads into it from your router or switch. This talks with your computer's main motherboard and operating system to give you network connectivity.
MBs vs Mbps - MB = Mega Bytes (this measures file size) and Mbps = Mega bits per second (this measure network throughput).
I want to change the SSID on all my APs without it affecting the connected devicesThe users should possible not be affected with the connecttion to the wifi networkHow can I go about it?
So I have been tasked with setting up WPA2-Enterprise on the network. Right now for testing I have a single Cisco 1240AP, and a test Windows Domain. The Windows domain is at 2003 functional level, but has been extended to have the Wireless policies, and we have a 2008 DC in the test network also.
Is there any definitive guide to setting up a WPA2-Enterprise wireless network? Most of what I find is mostly client side. I am trying to get the Group Policy setup to push down to the client machines.
I have Users Connected via IPSec vpn using asa 5510 to my enterprise network,but i have seen that the user stay connected while he sleeping , now i need to tear down the tunnel if the inactivity is 15 mts,i mean if the user idle for 15 mts with any thing automatically disconnect him after 10 15 mts
After change my OS to Windows 7 Pro Enterprise my Dell E5430 missing the network controller driver. let me know the right driver to download and install.
I am currently working on a lab and simulating a scenario that I will have to implement into production in the future. I am trying to setup a Guest SSID on a WLC (5508). This Guest SSID is to display the a set of Terms & Conditions, which then a user is to accept and then they move forward onto having access to the guest network.
I am familiar with performing this step using WebAuth, but it seems like the T&C are extremely long. The WebAuth page comes back with a "text exceeded limitation", on top of that I do notice that I would have to have a username and password.
Is there a feature in the WLC that would allow this scenario to work? Or will I have to build or download a customized WebAuth page?
We have deploy a Cisco ISR 2921 to connect two ISP for internet access, Link 1 is fix public IP, link 2 is xDSL.And we configure dual link load-balance, the configure just like the famous DOC "[URL]" name:"dual internet links NATing with PBR and IP SLA". Inside network to internet is ok, and traffic was load-balance, Dual link can be redundancy. But there has some issue we don't realize.Most people interesting how the inside traffic load-balance outside, but ignore the traffic from outside issue.
I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
I am trying to connect to a Security-enabled wireless netowork. I have the key. My problem is that I can't seem to figure out how to enter it. When I try to connect I open the "view available networks"window. I see the network name and it shows a strong signal (all 5 green bars).
I'm used to seeing DWDM and muxes being used in the service provider world, but when and why would an enterprise want to use this kind of gear?The two basically lets you combine streams of signaling from many different physical sources into one media, but can't a VLAN trunk or a routed link, for example, do the same? Sure, they all operate at different layers of the OSI model, but in all cases you're still getting separate streams of data from Point A, putting it all on one wire, and sending it to Point B.
I have tried everything including removing the system, changing the network settings, using cmd.exe, ect. they all say access denied and theres no possible way to get around this.
Not sure if this belongs here on in a different section. We are in the process of purchasing a new ACS 5.x appliance. I would like to take a look at implementing WPA2 Enterprise with our Cisco APs.
if any of you are controlling iPhones within your organizations. I was hoping to use JUNOS Pulse licenses on my SA700 to control things, but all they offer for iOS devices is SSL VPN. I can do remote wipes with activesync, but I'm worried about cloud backups of corporate data on mobileme, and setting and enforcing security policies in a scalable way. I know I can manually deploy XML config from the iPhone configuration utility, but that's a bit of a PITA for remote devices (ie other countries) that I'llnever have physical access to.
I want to create a network with a bunch of routers and switches to be used as a test network for company employees to remotely login and learn networking.I don't want this network to interfere with the rest of the network in any way.I am basically trying to create a stub network or a passive network!!
Recently bought a laptop HP Pavilion DM4 with Windows 7 home premium 64 bit for use in a college wireless environment. The school insists on WPA2 Enterprise connection, which is supposedly the recommended Microsoft security protocol for Win 7. I have all the correct settings, such that I can routinely connect to the wireless network but on this model HP I consistently get speeds way under 10kbs, while if I use EXACT same settings on a different Lenovo, Dell, or other models of HP get speeds of over 5MG. Yes 500x faster.Of course HP wanted to blame the network, but after sending 2 technicians to visit on campus, they agreed it was their hardware, so they sent a replacement unit. Unfortunately, the replacement unit has the EXACT same problem. BTW the problem computers do connect flawlessly to other wifi networks at full speed, just not the WPA2 Enterprise network.
I want to reinstall the MSE image that was sent to me by Cisco TAC Team, however when I try to reinstall the MSE Application, however when I try to install it, the CD boots and show me the Red Hat enterprise image, then sends me black screen with the message "Kernel alive, Kernel direct mapping tables up to 480000000 @ 8000-1b000" and it stay there.
OPTEMAN: 3 routers connected via a private subnet (/29) over the OPTEMAN: Site A, Site B, and HQ. Site A is a 3560 that is the gateway for two subnets: siteA1 and siteA2. SiteB is a 2621, and HQ is a 6509 w/ MFSC.
HQ also connects to 4 other sites via MPLS: SiteC, SiteD, SiteE, and Site F.
HQ has the server subnet, Internet connection, and connection to other services via MPLS.
I have basic EIGRP setup on HQ, SiteA, and SiteB. So far only siteA and HQ are updating each other. Not sure why. I am looking for the best practice example of how I should setup my enterprise EIGRP. I currently use static routes between the sites. I would prefer to be able to setup EIGRP in parallel, the remove the static routes.
I'm looking for documentation on the Enterprise mesh solution based on 7.0 MR1...In this release e.g 802.11n APs are supported and clean air for the client radio etc...The current Cisco Mesh Access Points, Design and Deployment Guide is based on the previous 7.0 release.Apart from the configuration guide I can't find any additional guides.
I currently work for an enterprise that want to deploy wireless network (6AP for now) and I'm the one who will manage and install it.I had initially planed to deploy Ubiquiti network because I've heard lot of good thing about them. But they did not wait me and bought (crappy?) HP access point (MSM410)
What do you think about HP wireless network ? They did not yet buy the access point controller and I'm not sure they want to buy one.I can't find any review on the HP solutions it looks like no one is using it.
Do you recommend me to continue with the HP solution and buy a HP controller or go with Ubiquiti and rebuy the access points (no so much expensive in comparison with the price of the HP controller alone)
I have a new dell computerMy problem is the computer doesn't start-up and instead he pop-up the error message "BOOTMGR is Missing"I tried to install "windows 7 enterprise" but no success the problem has back again.
Since SBS can't do trusts, and there are about 50-75 user and computer accounts in AD for this project, I will probably have to do a lot of manual work for the migration process to Server 2008 R2. Any checklist, or some links, that would be useful for this (e.g., staging migration, best practices)? I'd like to make the less amount of problems for myself in the long run.
Some notes:
1. All servers will be virtualized, with the exemption of one of the two DCs being a physical server.
2. Exchange 2003 will be going on its own Windows Server 2008 R2 server, and I believe Exchange Server 2007 or 2010 will be installed.
3. Will probably use robocopy to move data from the old shared folders to the new shared folders (but without permissions).
4. Folder structures and NTFS permissions will be done manually...(unless there's a nicer way of doing this, similar to ADMT?)
I have a Cisco 2811 running Advance Enterprise v 15.1-2. I've just configured it using ccp for internet access (on 2 lines) and a firewall. The configuration is pretty much all default and I used the ccp wizard to create a 'medium-secure' firewall. I have 2 blocks of public IP addresses for my internal network and for the DMZ. The 2800 is configured as follows:
- 2 x default routes. one to each dialer.
- 6 zone pairs as follows: - ccp-zp-self-out (seems to mostly work... I can ping any IP address from a console but not a hostname) - ccp-zp-in-out (works fine, both interfaces seem to be in use) - ccp-zp-in-dmz - which by default set to ccp-permit-dmzservice - which inspects ccp-dmz-traffic - which matches group dmz_traffic and has a class map dmz-traffic
- cnc-zp-dmz-out which is set to ccp-inspect. (my own zone pair to allow systems in the DMZ zone to see the internet. This works fine.)
- ccp-zp-out-dmz (works fine. I can see my web server from any system outside my own network)
- ccp-zp-out-self (which, I guess allows anything permitted to get to the 2811)
Internet works from within the DMZ and in-zone. The outside can access my dmz servers. The inside can access most things on the outside using the firewall rules.
1) Although I have the zones set up to allow the same access from in->dmz as I do from out->dmz and out->dmz seems to work, I cannot seem to access anything in the dmz from the inside.
2) When setting up the firewall I ticked the box for 'allow PPTP clients to make connections from the inside' (or something like that). I cannot seem to make a PPTP connection from my workstation.
I have scoured the internet for guides, looked through these forums & the cisco configuration guides and experimented all day but still cannot figure this out.Do I need a special route between the inside and dmz? I have seem references to static routes on ASA firewalls but the command 'static (inside,dmz)...' does not work on a 2800 series router.
I lost my network connection after installing Microsoft office 2010.. what can I do to get it back ? I know it is this as i have been fussing with my computer all day.. I created a system restore point just before I installed it.. had network connection.. installed office 2010 and now once I rebooted I dont.. I am running Win 7 enterprise.
if i have just DCNM-N7K-K9 (DCNM for LAN Enterprise License for one Nexus 7000 Chassis) installed on a server, i can manage all nexus switches like 5k and 2k??
Is Cisco WCS mandatory when deploying an outdoor enterprise mesh solution?If I am goin to use the 1552E purely as an outdoor access point ,do I really need the Cisco WCS?
We have 3 x WAP4410N at new office setup in Singapore. Customer asked us to setup those 3 AP to make client auth against an ACS 4.2 sitting in US office. All the user notebooks were joined to Windows domain in US office, before sent out to Singapore office. We configured APs with WPA2 Enterprise Mixed mode and entered radius server address and secrects correctly. Logging from ACS shows that users are authenticated successfully but, on the user notebooks, authentication never seems successful and keeps authenticating.
