Ethernet Deployment In Metropolitan Areas To Access Networks
Jun 19, 2011
I hear a lot these days about ethernet deployment in metropolitan areas as access networks. Does this mean that there would be one big optical ethernet LAN (or MAN if you prefer) with fiber to the home connected by switches? Wouldn't this lead to massive spanning trees in large cities? One bad,configuration in the network would affect the whole network.Will all IP traffic have to travel to the core even if it is destined for an intra-MAN destination? I cannot imagine that a ARP broadcast in a large MAN is feasible.
We're installing ASR1000 series (ASR1001 and ASR1006) routers on a new WAN and have a requirement to enrypt the traffic between the EIGRP neighbors. Each ASR will be connected to the MOE with a gig interface and we will be using L3 on the interfaces with EIGRP as the routing protocol. We have advipservices-k9 IOS-XE
The ASR1006 is our datacenter WAN router and all remote sites have the ASR1001s. The ASR1006 WAN interface will be configured with L3 subinterfaces, one to each remote location, using a /30 mask.
What is the best method to encrypt the traffic between the ASR1006 WAN interface and the remote ASR1001 WAN interface?
We are looking into the possibility of putting in some public wireless access in the public areas of our organization. Its a fairly small building in terms of public access and it needs to span 3 rooms in total. We have a spare BT line into the building - ADSL 2+ - and so will utilize that instead of putting them on our network. We would like to run some router based content filtering on the router - but would use open dns if this isn't possible.I could do to find a good wireless router that will cover the 3 areas . Its not a large budget project as there isn't going to be very highly utilized. We are looking Cisco kit - and have drawn up a few options. Initially we were going to go with the 1140's - but these are access points and as per my understanding aren't going to work with the phone line - as it needs to be a wireless router.
The next area was the Linksys E series (E4200) - they do look really good, and they have the content filtering which we like. What the power and range of the E series is? The only issue we might have is its a fairly old building and so some of the walls are pretty thick - one of which is wooden lined.It has the 3x3 mimo antennas and so guess it would provide some pretty good range/power. If the hardware is cheap enough then we may be able to setup the routers in repeater mode - however I'm not sure if the home devices can work that way? - I think max would be £300 - but that will be decided when I have some better numbers.
An issue that we have run into is that on some of the machines, black areas appear over the screen at random times.These black areas disappear when the users mouse over and return when the mouse is moved back. The areas are usually small (about 30 pixels wide) and we have had to log the users off and on again.The machines that users are using are Thin Clients (HP and Wyse) and it seems to happen when certain programs are in use (Sage).
I am going to deploy Cisco ISE with WLC 5500. I have two kinds of users one for which I want to deploy just open access Wi-Fi network, without working with Cisco ISE and Second group of Users for which I want to deploy Cisco ISE services like advanced authentication, posture and profiling. For both users I have just one WLC. Is there any problem to just deploy two SSID one for open access (without Cisco ISE) and second Secure with Cisco ISE ?
We are starting to greatly increase our access point density throughout our floors and I am wondering if we are using the correct channel assignments. We are using LAP 1140's and 3500's. We have some locations that have have anywhere from 4 to 9 floors in one location. These are consecutive floors that have 8 to 11 APs per floor. There are also other businesses in these buildings that use wireless as well. We use 802.11a/n and 802.11b/g/n. Right now the channels are set to the default, (36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161 for 802.11a) and (1, 6, 11 for 802.11b/g/n). I was wondering that since we are increasing our density whether we should enable other 802.11b/g/n channels outside of 1,6,11. I know the other channels can overlap but with correct placement I am wondering if it would improve our wireless coverage since we wouldn't have 8 to 11 APs fighting for only 3 channels. Any experience with enabling other 802.11b/g/n channels?
I'd like to know if there is some easy-ish way to combine wifi and ethernet in a network.Since a picture says a thousand words, here's what I want to achieve:I use the desktop computer as a file and media server using windows home group.I have the laptop running windows 7 connected to the TV.So far I've been using just wifi, but when I try to stream movies from my desktop to the laptop I get freezes and glitches.I can't connect both my desktop and laptop wired to the ADSL router, since it's behind a wall I'm not allowed to drill trough.I have a spare network switch and cables, so I was thinking I could connect the ethernet adapters on the desktop and laptop together trough the switch, I'm just not sure how to configure the computers.
How can I make sure R11 is able to get the OSPF routes of all the areas. Make sure area-278 does not receive any ospf routes from other areas as well as from ASBR routes from other areas. At the same tim, area-278 should be able send successfully RIP routes that we receive from R2 to backbone area.
I recently inherited a Cisco 2911, that appears to have had Firewall rules imported into Externally Defined Rules. ACL's are currently allowing/disallowing traffic. However, there are no firewall rules configured. To meet compliance we need to have Packet Lavel Inspection (Firewalled) rules. There are two areas in the router, under ACL area, and under Security. What is the difference between these two Firewall areas?Are both areas providing packet level inspection?Can I build Firewall rules (within the Security area) to replace the ACL's?
I have two separate network with their own internet access as shown below I want to keep all setting of the left network unchanged. I can change the IPs and setting of the right side network.I want to be able to access all devices of the two network from my computer but in the same time the two network work as usual with no problems ( the same when they are sperate).One option is to set the LAN of modem 2 to 192.168.2.2 and connect one of the LAN port to LAN port of the Mkrotik router. Set the WAN of my private home router as
same Modem >> same switch >> router2 >> switch >> computer
Now I want to access computers from router 1 to router 2 computers.I opened the router 2 web page and forwarded it. I put service port no. 3389, ip address of a computer of router 2 network. Now I can access the specific computer via remote desktop from router 1 computers using public ip .But what I need is I want to access via mstsc all computers of the router 2 network. using service port, ip address of one computer, I can access only one computer.
i have Cisco 5505 and i configured a remote VPN clients. here is my scenario
Cisco switch 2950 === holds two private network 192.168.8.x and 192.168.4.x
vlan 2 outside interface - Eth 0/0 155.155.155.x
Vlan 1 inside interface -- Eth 0/1 192.168.8.180
VPN pool ip address = 192.168.8.100 --110
I drag i cable from my Cisco switch and put in to Eth0/1. and i want to access this two private networks 192.168.4.x and 192.168.8.x . Now i can access to 192.168.8.x . But i can't access 192.168.4.x ..
I am looking to create an office network with each person having internet access but on a private network. however everyone will need to be able to access a communal printer. would they be able to see it if they were all on a different subnet or would i need to set up vlans?
Why is there no DR/BDR concept in EIGRP multiaccess networks? If the purpose of a DR/BDR is to limit excess traffic when there is a change in the topology, why isn't there one in EIGRP? I understand that DR/BDR share LSAs and not routes but the concept is still the same: there is a change in the topology and the change gets flooded to all neighbors, those neighbors in turn flood it to their neighbors on the multiaccess network thus causing excess traffic.
I'm configuring an asa device for web access: SSL VPN service. I can have a user authenticate for web session with their active directory domain credentials (username and password). Once their web session has started, moving to the "browse networks" feature for a share viewing requires them to authenticate once again - "authenitcation required". I'd like to configure the device so that authenticating to the windows file share will be attempted using the previously entered credentials.
A customer has a ASA 5505 with a remote access vpn. They are moving their internal network to a new scheme and would like users who come in on the vpn to access both the exisiting and new networks. Currently the can only access the exisiting. WHen users connect to the remote access vpn, the asa gives them an address of 192.168.199.x. The current internal network is 200.190.1.x and they would like to reach their new network of 10.120.110.x.
I have an ASA 5520 8.2(3) and allowing my remote client-to-site-vpn clients to access resources directly connected to my ASA on separate lower security interfaces (not the outside) besides just clients on my internal networks. Someone mentioned to me configuring 'VPN on a stick' however from what I've read this seems to be only applicable when it comes to split-tunneling back out the outside interface (could be off on that). Is this possible on other lower security interfaces as well, and if so what would a mock config that accomplishes that look like (acl's, nat, etc)? Also, if I want internal users to be able to connect to these remote clients once they are active, are there any nat statements necessary (such as nonatting them) or are the vpn clients just seen as internal clients from the rest of the internal network's standpoint by default?
As of last night, I cannot connect to any of the wireless networks I use every day (my personal home network or my school's WPA2).
The signal strength is very good, but it says "Limited Access" next to the network name. Apparently "Limited" means "No" because I am not connected. Here's what happened:Lavasoft Ad-Aware was blocking a site that I needed to access. I haven't used Ad-Aware in months, and it did not even appear to be running. So uninstalled it with Add/Remove programs in the control panel. BUT, mid-way through the uninstallation, I got a blue screen and my computer restarted. When my computer booted back up, I could no longer connect to my home's wireless. I'm at school now and I cannot connect here either. Ad-aware is gone from the add/remove programs list, but there is still an Ad-Aware folder in Program Files. The folder still has a bunch of stuff in it, including adaware.exe. I dont see an uninstaller (but i havent really investigated that yet). so now i can't connect to any network. Here's What I've TriedRan troubleshooter. Useless. Turned off my netbook's wireless. turned it back on. Device manager says my Network Adapters are working fine. No yellow or red icons next to them. also tried resetting stuff with the command prompt. something about winsock and netsh. I don't know what I was doing though. just following instructions from other people on yahoo answers when i googled the problem.
I have access to network 10.3.1.0 /24 but I am not able to access 10.3.2.0/24 and other networks behind the Easy VPN server.I am using a software client to connect to the server.I have configured split tunnel to the network 10.3.0.0 /16 and it shows up in the route details too. I can ping 10.3.1.0 network but not 10.3.2.0 and so on.The Easy VPN server is configured on Cisco 861 with VPN module. [code]
I've been having this issue for quite some time on my Windows 7 SP3 x64 machine. It's a desktop, connected via ethernet to a TP-Link WR740N router, that also provides wireless coverage. My ISP is a local one (the country is Latvia), and it offers a decent 100 MBps up/down optical fiber internet service. Now for the problem - there is only one home network on my computer, that seems to work, and that is 'Network 2'. Whenever I have to reboot the router for whatever reason, it attempts to reconnect, but sometimes reconnects to a 'Network 3' and once even to a 'Network 4' and 'Network 5'. None of these other networks have internet access. I tried to run the diagnostics tool on the issue, and usually it told me that there's a problem with the default gateway. Additionally, twice I've had the issue of the computer completely freezing when connected to one of the Internet-less networks (eg 'Network 3'), and trying to disable the network adapter, forcing a restart that consequently caused a fail boot - from there on I had to use System Restore to actually get my PC to function.
The way I've been fixing it, apart from random rebooting, reconnecting, and hoping for the best (that it decides it wants 'Network 2'), is by putting in the Resource Mini CD that came with my router, and running the Wizard for the WR740N router. It has 4 steps, the 2nd of which is 'Installing the router' (configuring the network adapter), at which point, my internet starts to work (always connects to 'Network 2'). If, I however, decide to continue this process to the step 'Configure router', and attempt to set up my wireless connection, it will begin to reset itself, and once again connect to 'Network 3', leaving me without internet access.
I am having trouble connecting my device to certain WiFi networks. We work with hotels and we have a handful of devices that are just not able to connect to their network. Te device works fine in my office. When I get to the Setup page and do a site survey, it'll get to 100% and then display a "page can't be found" as oppose to showing me that it has been connected. We had the MAC address cleared in their network and still no luck. Firmware has also been updated.
I have five (5) sites all connected via static VPN tunnels. They are all using Cisco ASA 5510s running 8.4(4)1. Any internal IP on each site can ping any IP on a remote site, because of the static VPN tunnels. I have the external IP (routeable) addresses connecting to each other.
Site A: 10.1.0.0 /24 Site B: 10.2.0.0 /24 Site C: 10.3.0.0 /24 Site D: 10.5.0.0 /24 Site E: 10.10.0.0 /20
I have remote users who connect using Cisco AnyConnect 3.1 to Site E. They get a static IP within the 10.10.100.0 /24 subnet (vpnpool00) and can access anything in the 10.10.0.0 /20 subnet. So far, so good.No management wants users to access devices within the other sites, specifically Site A using teh same AnyConnect connection. In other words, they get an Ip address of say, 10.10.100.5 and now need to access a server on Site A's subnet or 10.1.0.5.I have checked my NAT statements and they appear to allow this, but so far when I do a ping I get the following: Routing failed to locate next hop for ICMP from outside: 10.10.100.5/1 to inside: 10.1.0.5/0 What am I missing? Is there a NAT statement that is wrong, or an access-list statement or possibly a static route?
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
I just bought a WRT54GL which is working perfectly. I needed it to extend my home network for my kids (I have not a very fast internet connection and my kids are eating all of it... With the WRT54GL I can choose how much they can have. So my own network has a netgear modem and a netgear wifi access point which is in this network : 192.168.0.x.
This network is not blocked in any way (just password protected). For my kids network, the WRT54GL gives addresses in this network : 192.168.1.x and is limited in speed. Everything is perfect, I have internet connection on both of my network, There is just the problem that I cannot access my printers, my servers, my computers.... that are on the 192.168.0.x network from 192.168.1.x. Is there a solution ? I already tried to force the WRT54GL to go to 192.168.0.x network but no more connection. Should I "bridge" the two networks ? How can I do it ?
I am currently testing Energywise deployment on LMS 4.0 with the 3 month evaluation. I am running into some issues and have some other queries that i cant find documented or on the forum.i have gone through the prep and upgraded 2 switches through lms which has been successful. i have created my domain, grouped some test endpoints and have been able to push this config out to the switches.I created a policy and have tried to push this out to endpoints but the job keeps failing. there is no error detail on the job failure task. i see that it uses protocol "EnergyWise Domain Query" and not netconfig which lms used to push out initial config? Is there somewhere in the logs i can check what is failing?I know i can apply this manually on the switch but i want to see if i can get lms to do this as i may be something one of our customers may use.
WDS allows you to capture and deploy images on a network to client pcs. I Was wondering how many images wds allows you to capture and deploy and if there were any work a-rounds that would allow you to deploy more.
We are currently using Cisco VPN Client. I'm looking to migrate to Cisco Any Connect. Our ASA 5520 has 750 IPSec and 2 SSL license. I also have approximately 40 IPSec site to site VPN's on this. ,Will anyconnect interfere with the site to site tunnels?,If I setup anyconnect with the IPSec instead of SSL do I still need to purchase the premium or essentials license?,Lets say if I do have to get the license and I get essentials will it cause any issues with the site to site VPNs?
I have a custom that needs to deploy a wireless solution, in attach plan, does not want a solution with WLAN controller.I proposed a solution with AIR-AP1024N-E-K9. What solution should implement in order to have a good coverage? Repeater, bridge point-to-point, point-to-multipoint, or something else ?
My customer has this OOOLD deployment where some AP1231 are still working they are upgrading part of the WLAN to LWAPP but may need to leave some AP in stan alone for a while.I need to configure a new SSID that needs WPA2 enterprise AES but it seems that this version does not support WPA2. If it doesn't, from what version on is supported?