WLAN clients in different subnet
Hi all
I was using the setting of the current with WLC2106 and 2 rounds. So far, the management and the ap-Manager interface where on the same subnet (192.168.0.x). I was using a static IP address for wireless clients, also on the 192.168.0.x. If far so good and everything was up and running. Now, I wanted wireless clients to get an IP address from the DHCP server in the 192.168.0.x subnet. Leased IP addresses will be on another network - 192.168.7.x. I tried to change the ap - manager for and IP address on the reseau.7.x and set DHCP server on both interfaces. However, I can't customers aren't being associated with it, and when I try and give a static IP address on the reseau.7.x, I can't ping anything customers. The routing is not the problem as I have confirmed that it works well.
Should I change the management interface (as the WIFI network is associated with this interface, and I can't choose the ap - manager)? Or do I have to use a dynamic interface?
Thank you
Tiziana
Hello Tiziana,
In order to remove the clients on a different subnet / VLAN other than on your AP-Manager interfaces and management, you will need to deploy a new dynamic interface on the WLC. Also make sure that the trunk on the vlan again at the WLC. Here is an excellent guide that explains how to accomplish this.
VLANs on the example of Configuration of wireless LAN controllers
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
I hope this helps.
See you soon,.
Drew
Tags: Cisco Wireless
Similar Questions
-
Not able to deploy images on different subnets
Hi guys,.
I'm having a problem of image deployment of T5565 for thin clients on a different subnet.
The first message that I got, was "the subnet of the device (s) in red color is not the same thing with its device management gateway. You want to send the task anyway".
I selected Yes, and finally the deployment will timeout with the following error: "job failed. Task become invalid before being sent".
I am able to update the agents on these thin clients with success, however, and these devices are discoverable.
Any help will be much appreciated.
Kind regards
Remo
This has been sorted guys. I had tried to deploy the image by using PXE.
Image without PXE deployment now works fine.
Kind regards
Remo
-
Mobility groups, failover on different subnets
I have read up on 5.1 and wonder how and if real failover on subnets is an option.
I understand controllers mg even customers roaming on different subnets.
How it works if your main "anchor" isn't alive to replicate the DB entry on the controller off-subnet? Say if die of my local WISN and the backup is in the next State, how the HA will maintain connectivity?
Thank you!
Yes, but tha ap will be the new configuration of the WLC. Also, users will get tunnelees to the wlc and be thrown out of this subnet. Then make sure you understand the ssid and ip clients will get when they associate to of different wlc. That should do it.
-
ASA 5505: VPN access to different subnets
Hi All-
I'm trying to understand how to configure our ASA so that remote users can have VPN access to two different subnets (Office LAN and LAN phone). Currently I have 3 VLAN configuration - VLAN 1 (inside), VLAN 2 (outside), VLAN 13 (phone LAN). Essentially, remote users must be able to access their PC (192.168.1.0/24) and also have access to the office phone system (192.168.254.0/24). Is it still possible? Here are the configurations on our ASA,
Thanks in advance:
ASA Version 8.2 (5)
!
names of
name 10.0.1.0 Net-10
name 20.0.1.0 Net-20
name phone 192.168.254.0
name 192.168.254.250 PBX
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 3
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 13
!
interface Vlan1
nameif inside
security-level 100
192.168.1.98 IP address 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
address IP X.X.139.79 255.255.255.224
!
interface Vlan3
No nameif
security-level 50
192.168.5.1 IP address 255.255.255.0
!
interface Vlan13
nameif phones
security-level 100
192.168.254.200 IP address 255.255.255.0
!
passive FTP mode
object-group service RDP - tcp
EQ port 3389 object
object-group service DM_INLINE_SERVICE_1
the purpose of the ip service
EQ-ssh tcp service object
vpn_nat_inside of access list extensive ip Net-10 255.255.255.224 allow 192.168.1.0 255.255.255.0
access-list extended vpn_nat_inside allowed ip Net-10 255.255.255.224 phones 255.255.255.0
inside_nat0_outbound list extended access permits all ip Net-10 255.255.255.224
inside_access_in of access allowed any ip an extended list
Split_Tunnel_List list standard access allowed Net-10 255.255.255.224
phones_nat0_outbound list extended access permits all ip Net-10 255.255.255.224
outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_1 Mac host everything
pager lines 24
Enable logging
timestamp of the record
record monitor errors
record of the mistakes of history
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 phones
mask IP local pool SSLClientPool-10 10.0.1.1 - 10.0.1.20 255.255.255.128
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global interface (10 Interior)
Global 1 interface (outside)
global interface (phones) 20
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (10 vpn_nat_inside list of outdoor outdoor access)
NAT (phones) 0-list of access phones_nat0_outbound
NAT (phones) 1 0.0.0.0 0.0.0.0
inside_access_in access to the interface inside group
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 X.X.139.65 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA authentication enable LOCAL console
the ssh LOCAL console AAA authentication
LOCAL AAA authorization command
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = not - asa .null
pasvpnkey key pair
Configure CRL
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
lifetime 28800
VPN-sessiondb max-session-limit 10
Telnet timeout 5
SSH 192.168.1.100 255.255.255.255 inside
SSH 192.168.1.0 255.255.255.0 inside
SSH Mac 255.255.255.255 outside
SSH timeout 60
Console timeout 0
dhcpd auto_config inside
!
dhcpd address 192.168.1.222 - 192.168.1.223 inside
dhcpd dns 64.238.96.12 66.180.96.12 interface inside
!
a basic threat threat detection
host of statistical threat detection
Statistics-list of access threat detection
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
AnyConnect essentials
SVC disk0:/anyconnect-win-2.5.2014-k9.pkg 1 image
SVC disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2 image
enable SVC
tunnel-group-list activate
internal SSLClientPolicy group strategy
attributes of Group Policy SSLClientPolicy
WINS server no
value of 64.238.96.12 DNS server 66.180.96.12
VPN-access-hour no
VPN - connections 3
VPN-idle-timeout no
VPN-session-timeout no
IPv6-vpn-filter no
VPN-tunnel-Protocol svc
group-lock value NO-SSL-VPN
by default no
VLAN no
NAC settings no
WebVPN
SVC mtu 1200
SVC keepalive 60
client of dpd-interval SVC no
dpd-interval SVC bridge no
SVC compression no
attributes of Group Policy DfltGrpPolicy
value of 64.238.96.12 DNS server 66.180.96.12
Protocol-tunnel-VPN IPSec svc webvpn
attributes global-tunnel-group DefaultRAGroup
address-pool SSLClientPool-10
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
NO-SSL-VPN Tunnel-group type remote access
General-attributes of the NO-SSL-VPN Tunnel-group
address-pool SSLClientPool-10
Group Policy - by default-SSLClientPolicy
NO-SSL-VPN Tunnel - webvpn-attributes group
enable PAS_VPN group-alias
allow group-url https://X.X.139.79/PAS_VPN
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
privilege level 3 mode exec cmd command perfmon
privilege level 3 mode exec cmd ping command
mode privileged exec command cmd level 3
logging of the privilege level 3 mode exec cmd commands
privilege level 3 exec command failover mode cmd
privilege level 3 mode exec command packet cmd - draw
privilege show import at the level 5 exec mode command
privilege level 5 see fashion exec running-config command
order of privilege show level 3 exec mode reload
privilege level 3 exec mode control fashion show
privilege see the level 3 exec firewall command mode
privilege see the level 3 exec mode command ASP.
processor mode privileged exec command to see the level 3
privilege command shell see the level 3 exec mode
privilege show level 3 exec command clock mode
privilege exec mode level 3 dns-hosts command show
privilege see the level 3 exec command access-list mode
logging of orders privilege see the level 3 exec mode
privilege, level 3 see the exec command mode vlan
privilege show level 3 exec command ip mode
privilege, level 3 see fashion exec command ipv6
privilege, level 3 see the exec command failover mode
privilege, level 3 see fashion exec command asdm
exec mode privilege see the level 3 command arp
command routing privilege see the level 3 exec mode
privilege, level 3 see fashion exec command ospf
privilege, level 3 see the exec command in aaa-server mode
AAA mode privileged exec command to see the level 3
privilege, level 3 see fashion exec command eigrp
privilege see the level 3 exec mode command crypto
privilege, level 3 see fashion exec command vpn-sessiondb
privilege level 3 exec mode command ssh show
privilege, level 3 see fashion exec command dhcpd
privilege, level 3 see the vpnclient command exec mode
privilege, level 3 see fashion exec command vpn
privilege level see the 3 blocks from exec mode command
privilege, level 3 see fashion exec command wccp
privilege see the level 3 exec command mode dynamic filters
privilege, level 3 see the exec command in webvpn mode
privilege control module see the level 3 exec mode
privilege, level 3 see fashion exec command uauth
privilege see the level 3 exec command compression mode
level 3 for the show privilege mode configure the command interface
level 3 for the show privilege mode set clock command
level 3 for the show privilege mode configure the access-list command
level 3 for the show privilege mode set up the registration of the order
level 3 for the show privilege mode configure ip command
level 3 for the show privilege mode configure command failover
level 5 mode see the privilege set up command asdm
level 3 for the show privilege mode configure arp command
level 3 for the show privilege mode configure the command routing
level 3 for the show privilege mode configure aaa-order server
level mode 3 privilege see the command configure aaa
level 3 for the show privilege mode configure command crypto
level 3 for the show privilege mode configure ssh command
level 3 for the show privilege mode configure command dhcpd
level 5 mode see the privilege set privilege to command
privilege level clear 3 mode exec command dns host
logging of the privilege clear level 3 exec mode commands
clear level 3 arp command mode privileged exec
AAA-server of privilege clear level 3 exec mode command
privilege clear level 3 exec mode command crypto
privilege clear level 3 exec command mode dynamic filters
level 3 for the privilege cmd mode configure command failover
clear level 3 privilege mode set the logging of command
privilege mode clear level 3 Configure arp command
clear level 3 privilege mode configure command crypto
clear level 3 privilege mode configure aaa-order server
context of prompt hostname
no remote anonymous reporting call
Hello
Loss of connectivity to the LAN is not really supposed all remove this command UNLESS your network is using another device as their gateway to the Internet. In this case configuration dynamic PAT or political dynamics PAT (as you) would make sense because the LAN hosts would see your VPN connection from the same directly connected network users and would be know to traffic before the ASA rather than their default gateway.
So is this just for VPN usage and NOT the gateway on the LAN?
If it is just the VPN device I'd adding this
global interface (phones) 10
He would do the same translation for 'phones' as he does on 'inside' (of course with different PAT IP)
-Jouni
-
I set up a test server ESXi4 and spin various Windows 2003/XP clients and a guest of Vyatta VC5 as my core router. This has been a strange problem that all traffic to the guests and also are very good, but I can handle only the host with the VI client on the same subnet. If I can host on a different subnet (even if I leave the cable connected to the same port and vlan), then it becomes unusable. Many things time out including just trying to download the VI client from the host https page. Anyone seen this before?
I have 2 configured vSwitches, one on one vlan isolated to my iSCSI traffic to my storage, and the other as a trunk with the VLAN network management and guest vm on it. My management network is in the same vlan as one of my comments to VLAN.
Thanks in advance.
Yes try to change the e1000 nic,
-
Unable to connect to storage as "different subnet."
Have just updated my LenovoEMC device to the latest version of the software (4.1.114.33421) and now get the message
"Unable to connect to the storage because it is in a different subnet.
but I can go to the Admin in the usual way, through devices and can change anything, as all the mapped drives as if it worked and all the data is visible?
Reset the system and all users etc., verified that DHCP is select rather than fixed, tried fixed without result.
Someone has an answer that works or is a reset?
Got it finally - works had to install a new version of Storage Manager - Version 1.4.8.33485
After installation, restart the PC only and ran it Storage Manager - it took forever, but she finally found my nas and created links to explore.
Can't believe that they a D A M N blip! in my previous post - AR even if you ask me.
-
Target subnet mask and the gateway in different subnets and clock error
Hi all:
Need help. I have a standalone PC operating a direct VI on a CFP with a crossover ethernet cable (developed on my laptop, compiled and installed as a standalone on the PC). When the VI runs on standalone PC version, everything works (click the button, analyzers are read), but the time being pulled from the CFP is wrong, and infact resets to December 1969, a default value. I am error checking, and no error is marked with the CFP, slaughter programmes. When I go to the MAX function, the time playing of the CFP is the funky time. Looking at the IP addresses, I generally use a very standard protocol (192.168.000.001 for the PC, 192.168.000.002 for the CFP currently running on the subnet for the pc and the PSC 255.255.255.000). However, when I apply this Protocol on the CFP through max, it gives the error "the subnet mask you entered puts the target and the entry door to different subnets." I am not versed enough well understand this, and what I read in 2 postings here, I tried to harmonize the IP numbers and the subnet, and they do not seem to help. When I put intentionally in false numbers IP or subnet default time synchronization time correct (pc), but functions block (as expected). It is certainly not an issue of PC zone.
Anyone can offer any guidance?
Currently runnig LV 8.2 with drivers of 2009. PSC 1804 with MAX 4.6.
I appreciate all help.
Best regards;
GIS.
OK, I solved it. FYI: for those who are not aware of the IP: IP of the host and default gateway server to the same value. My work for the host computer are 192.168.000.001 and subnet masks can stay 255.255.255.000. The CFP has been set to 198.162.000.002 with a 90.00.00.03 DNS. Time server has been blocked by the Norton 2009 Firewall (even with an exception) and thus the cruxt of this issue together. I had to uninstall completely from this "software". I hope this helps.
-
Install MX922 on 2 different subnet?
I have a LAN into 2 separate LAN or subnets. 1 LAN is 192.168.1.x and LAN 2 is 192.168.2.x. I installed a MX922 installation method using the network on all computers on the LAN 1 without problem. The MX922 is located on LAN 1.
I tried to install the printer on a PC on the LAN 2 but install fails, claiming that he cannot find any printer on the network. My guess is that he is only looking on the scheme even the installation of PC is on AND the installation of the software does not allow you to set the IP address to make it look like the printer.
I know that all firewalls are disabled and 1 LAN 2 LAN communication is very good because this printer is replacing another printer set up exactly the same way and this printer set up is still workng fine.
I was thinking about putting the PC in question 'temporarily' on LAN 1 to install the printer and then back to LAN 2 and then manually reconfigure the port to address different IP, but when I try to configure the printer port on a PC on the LAN 1 where the printer is already installed it gives the error that there are no configurable parameters for the port. So I don't think I'd be able to configure the port once it was back on LAN 2.
I can't be the first person to try to install one of these printers in an office environment where there are several subnets that all need to print to a central printer so I think there must be a solution, but we don't find where in the documentation or on this site that I can see. If anyone can help me please?
Thank you.
Solved!
It can be done even if I emailed Canon support and their response stated that Canon printers are not able to work on multiple subnets.
The solution is:
1. change the PC concerned to the same LAN as the printer so they are both on the same subnet. At the time of installation, the printer and the PC must be on the same subnet.
2. then install the printer normally.
3. after the printer is in place and works very well on the given PC, then return to the original subnet that it is supposed to be on.
That's all!
There is a workaround solution. For a computer that has many PC on several different subnets, it would be a huge task. For an additional House with 1 or 2 subnets and a few PCs, it is a pain.
-
Mac, WRT 54 G, can I access a MFC9320 brother on two different subnets?
(domestic use) I have a USB Server that I can access my USB printer on two different subnets and I was wondering if I can do the same thing on the WRT54G. I use 192.xxx.xxx.x for internet use and 198.xxx.xxx.x for each thing, like file sharing of multiplayer games, etc. Only, I named the 'locations' to 'Internet' or 'Games' (with games being used for everything else). With the USB Server set to "ZerocConfig" I could access USB printers on both. I could set up the printer with a static IP printer 'Place' and then change location every time we wanted to print to it, but I would like to save a step. It's not that big a deal for me, but have to "Remind" everybody whenever they wanted to print something on it, would get old. Don't want to hang the brother to the USB Server if I have the wireless. It is not the smallest thing in the world to find a place for it in any case.
I guess my other question would be, taking the other subnet is it safer (from the internet) using this way he or she is just in my mind. I did the on a third location of 'White', the family put their computers (no IP #) when they are just playing games, homework, etc..
Thank you
I don't think it's possible to run the USB printer on two different subnet. There is no such feature on the router.
-
Replication of different subnet
I need to configure the replication of an existing EQ group which has all of its interfaces on a subnet that is not routed; a newly staged group who will live in a different subnet. Initially, the two groups will be co-located for staging, but the new group will be moved to a remote site, but retains the private address that it is affected.
What is the best practice to configure replication? I just need to allow the routing on the iSCSI networks?
Yes, you need get the subnet that is connected to a router that will reach the remote site. You set up default GW for iscsi is what is used for replication. Replication between groups EQL is made via the port 3260 in an iSCSI session.
Kind regards
-
WLC and AP on different subnets
I want to add a new access point to my existing controller. Currently I have about 15 AP is connected to one vlan separate mgt for the AP, vlan 10. It's shared resources for the controller and the other VLAN user as Private, Public, etc. WVoIP. I already started to implement EIGRP network instead of having a large layer 2 vlan would be network. In one of the more recent places I'm routing, I have a new AP to connect. I'm trying to make sure that this design will work before I implement. So I have a 3560 connected to my core 4506 with a 3 layer connection. EIGRP works as well. I intend to have the 3560 intervlan routing with vlan voice, data and wireless. The problem I see is how can I get the AP to speak with the controller as they are on different subnets, more a metro E 'WAN '? Any suggestion would be great.
As long that the ROUND was started locally first, this TOUR will be the ip address of the WLC. If you want to fix the ROUND on a different subnet from L3, then configure ip helper-address the ip address of each wlc management. then configure the ip forward-Protocol udp world 12222 & ip forward-Protocol udp 12223 on the router of L3. This with the help of intellectual property, will allow the s TURN to join the WLC on the other end.
-
RV180W ping hostname between VLAN &; different subnets
Hello
I had a RV180w with 1.0.3.10 closes. According to the name of position, I'm not able to resolve host names between different VLANS which affected to different subnets, for example, allows said I have the following hosts:
CASA:
192.168.241.100/25 (wired - VLAN 1)
Router: 192.168.241.1
DNS: 192.168.241.1
XBMC: 192.168.242.100/25 (Wi - FI - VLAN 2)
Router: 192.168.242.1
DNS: 192.168.242.1
If I try to ping from two sources to one of the two destinations, the only one I get is a message 'impossible '.
Authorized additional information routing between vlans & proxy DNS and if I try to look at the hostname under the 'nslookup' command, I could not resolve the host name, but if I do a "ping - a 192.168.241.100 ' it is said ' response from CASA (192.168.241.100) blah blah blah."
So what I'm missing here?
Hi Bruno, you can usually solve different subnet host name because the host does not know the subnet that treats it as a security measure.
Disable the firewall feature on your computers and which must fix, otherwise you will probably have to change the lmhost files.
-Tom
Please mark replied messages useful -
With the help of several NIC in Win 7 - different subnet
Can someone tell me the best way or the right way to configure two 2 Gigabit NIC in Windows 7 Ultimate?
Map NETWORK 1 is currently used to access the INET and my FreeNAS server via a 192.168.0.x subnet. I would like to set up a 2nd NETWORK card to maintain a "static route" between this box (Win 7) and box of FreeNAS (OPT 1 is configured as a secondary NIC on the side of FreeNAS already).
The static route will use the subnet 192.168.x.x with FreeNAS is 192.168.1.100 on the secondary card. The Win 7 box, I'm going to say... 192.168.1.3 for the static route NIC w / the same thing for GW and DNS.
Is it possible that way, as mentioned above, or what I need to dig a little deeper. The static route will allow me to exploit the full potential (at least I hope) between 2 machines with regard to flow by a X-Over cable. This way I can put both sides higher than regular LAN depending on the parameters.
I don't need to work, but rather a bit more than the flow of 20 MB/s when xfering large files recording studio. Yes... I know that FTP is not the best for xfering... I'm looking into SSH w/patch, SMB/CIFS or NFS
Tim
Your plan should work fine. Specify a subnet mask of 255.255.255.0 on both network adapters to 192.168.0.x and 192.168.1.x different subnets.
You do not need to specify GW and DNS on the secondary NETWORK, and you don't need to create a static route.
To access the box of FreeNAS on secondary NETWORK map, use his IP (192.168.1.100), and not its NetBIOS name.
Owner, Boulder computer Maven
Most Microsoft Valuable Professional -
HA AEC in two different subnets.
Hello
I have to configure two ACS 1113 ver 4.1 (4) high reliability in two places different and two different subnets.
A device will be required to manage an office, the second the other office, but if one goes down the other is responsible for the entire network.
Two subnets are accessible from all devices.
Will set up the RADIUS server on all systems.
The ACS are connected to Active Directory to authenticate users.
My question is, can I create a profile ACS are replicated to the other, even if they are on two different subnets? Can I do a HA on two different subnets?
Thank you.
Sorry for my bad answer above. I corrected to provide you with the information you need
Yes. Replication should work if two s ACS server on different subnets.
See the example in config also, it will help you: http://tiny.cc/g04rkw
HTH
Amjad
Rating of useful answers is more useful to say "thank you".
-
Setting up a virtual computer on a different subnet?
How to set up this configuration is all new to me.
Current context:
Internal subnet: 192.168.1.x
2 - 5.5 ESXi hosts. Each with 4 physical NETWORK adapters
Configuration is attached.
I have a physical server I want to virtualize but is in a different subnet.
Replacing the subnet: 192.168.10.x.I reason assuming that I'll need to add a physical NETWORK card to each host and assign this NETWORK adapter on the computer virtual requiring a different subnet? Or am I way off?
Thanks in advance!
If your physical switches supports VLAN's then I would say you think to reconfigure the ports for the ESXi host and tag/trunk ports to the VLAN necessary. And create groups of ports VM with the differnet VLAN-ID on the ESXi host. In this way, you can use different subnets on the ESXi host without the need for having dedicated physical rising for each subnet.
André
Maybe you are looking for
-
Maybe 1 out of 10 maybe youtube videos works. My Favorites, including music videos have been working very well and now only a couple work. I cleaned my cache, restarted the computer, update flash and nothing worked. Installed chrome, did not work. I
-
CNU90813MW: password for CNU90813MW
Could someone tell me what is the password of reset thing?
-
How to write 0s in the hard drive
Hello! Is it possible to write 0s on the ssd or hard drive, in order to destroy any possible file? It's important when you re-install the operating system. Some corrupt files can damage the new facility. A drive full of 0 is like new. My old apple al
-
I have a HP 3125 with a bios password I forgot that the disabled system code is 72750261. Can someone help me get rid of the password of the bios so I can use my computer again?
-
Cannot access router EA3500 to change settings
I would like to make a few changes to the configuration of my router, but can't access the configuration screens. I tried Smart Wifi and myrouter.local. After entering my password, it hangs on "Waiting."... "and I never have to the configuration scr