October 5

How to Configure Secondary IP Address on the Wan Interface for a Different Subnet Devices

A customer has two group of devices.

Subnet 192.168.1.1/24 is connected to X0.  This group devices want to use WAN IP address 24.192.156.56 as the public IP address.

Subnet 172.16.50.1/24 is connected to X4.  This group devices want to use WAN IP address 24.192.156.57 as the public IP address.

X0 LAN ZONE

X4 LAN ZONE

note: you could use different zone, dmz, wlan or lan2, etc, the following steps might need to be adjusted.

Step 1

Create a Static ARP entry for the SonicWall IP/MAC address for the secondary subnet on the Wan interface. Make sure the public entry is checked.

Step 2 (no need in my test)

Create Static ARP entry for the Gateway IP/MAC Address of the secondary subnet. ( this entry might be already created when you assign an interface x4 to a subnet)

Step 3 (no need in my test)

Add a static route for the secondary subnet to the X1 Interface without any gateway specified.( I found out that I didn’t need to do this as it was created by default.)

Step 4 

Create the Address Object for the second WAN IP Address

Step 5

Create the NAT rule for the second WAN IP and to the Second Subnet 172.16.50.1/24 devices

Please use those two links below as references.

Link1 How to configure secondary ip address on the wan interface

Link2 configuring multiple wan subnets using static ART with SonicOs enhanced

 

September 22

Basic Cisco Command Q&A

  1. What is the use of no switch port command in L3 switch?

interface GigabitEthernet1/0/10

description  router port1

no switchport

ip address 10.10.20.1 255.255.255.0

The no switchport command puts the interface in L3 mode (known as “routed port”) and makes it operate more like a router interface rather than a switch port. The ip address command assigns an IP address and network mask to the interface.

  • show ip interface brief
  • show interfaces status
  • show int g1/0/1
  • clear counters g1/0/1
  • show power inline   
  • terminal monitor  (this can show with device is connected or disconnected to the port)Disconnection:

    Mar 9 20:46:53.580 SV: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/44, changed state to down

    Mar 9 20:46:54.594 SV: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/44, changed state to down

    Connection:

    Mar 9 20:47:02.311 SV: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/44, changed state to up
    Mar 9 20:47:03.311 SV: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/44, changed state to up

Conf t
int g1/0/1
power inline never    (stop supply power)

 

 

Category: Cisco | LEAVE A COMMENT
September 11

A Windows 7 PC Cannot Join Domain “the network path was not found”

Problem: A windows 7 computer cannot join domain. It says “the network path was not found”. All other computers can join the Domain with no problems.

Solutions:

I have searched online, none of the following suggestions works.

  • Check the DNS is pointed to domain controller.
  • Make sure  the TCP/IP NetBIOS Helper Service is running on the client computer
  • Disable firewall, or uninstall antivirus software.

It turns out that the client for Microsoft Networks has to be installed and checked.

 

 

September 7

Fix Workstation Network Card Connectivity Delays When Connecting to Cisco Switch

Problem: A desktop computer takes nearly a minute to connect to a Cisco switch.  The switch model is c3750e

Reasons: 

  • Spanning Tree Protocol (STP)
  • EtherChannel negotiation
  • Trunking negotiation
  • Link speed/duplex negotiation between the switch and the workstation

These four features are listed in order of the delay they cause. STP causes the greatest delay and speed/duplex negotiation causes the least delay.

Solutions: Disable STP

Configuration

2900XL#configure terminal
2900XL(config)#interface g1/0/1
2900XL(config-if)#spanning-tree portfast
2900XL(config-if)#exit
2900XL(config)#exit
2900XL#copy run start
Category: Cisco | LEAVE A COMMENT
August 29

How to Fix Mac Sierra “network accounts are unavailable”

Problem: A mac computer running mac os sierra can not have domain user log into the system. It displays “Network accounts are unavailable” 

Solutions:

I have tried to follow Timothy’s blog to troubleshoot this problem, but none of them works.

One “trick way” to get this problem fixed is to manually create mobile account.

1  follow Timothy’s steps to rebind macs to Active Directory first.

2 open terminal, run the following command:

Sudo  /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount –v –p samplpassword –n sampledomainusername

Here is more info about this command.

3 reboot Mac, this will fix the”network account are unavailable” problem. I tried this method on two macs, it all worked.

This command above doesn’t work  anymore. 

Here are the new steps,

1  rebind macs to Active Directory first.

2  log in as test1 user and create a mobile  account by press “create” button as show in the picture below.

Here is the link from apple

Please let me know if you find a working solution.

 

 

If none of above works, a temporary way to fix this issue (only if one user is logged into the Mac) is to

1 create a local account with the same domain user name and password.

2 a warning window will pop up, choose “use existing folder”

Since the new local account uses the domain user folder,  the domain user profiles (doc, pic, music,etc,)will be transferred  to this local account. When the domain user logs into this account, he/she is actually logging into the local account.

August 29

Create Mac Computer Mobile Account Manually

Open Terminal

Sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount –v –P –n networkusername

usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [-e] [-q] [[-x] | [-X]] [[-s] | [-S]] [-u syncURL] [-t urlPath] [-d] [-v]
-n username : user record name.
-h homepath : user home path; Default is “/Users/<username>”.
-p password : user password.
-P : prompt for user password. A user password is required to create a FileVault home.
-e encrypt : encrypt new home with FileVault.
-q quota : max size in bytes of FileVault home.
-x : create as external account on non-boot volumes. Default.
-X : create as mobile account account non-boot volumes.
-d : disable external account creation.
-s : set home sync on if home created.
-S : set home sync off if home created. Default.
-u syncURL : server target of home synchronization.
-t urlPath : additional path after syncURL.
-v : verbose output.
Examples:
createmobileaccount -n testname
createmobileaccount -v -P -n testname
createmobileaccount -vsxn jsmith -h /Volumes/HD3/jhome
createmobileaccount -vsxn jsmith -h /Volumes/HD3/jhome -u nfs:/server.apple.com/bigs/homes -t myusers/macos/jhome
Notes:
– createmobileaccount must run as root.
– If you do not specify a password, the account’s cached password will be created during the account’s first log in.

Category: MAC | LEAVE A COMMENT
August 3

Windows 10 Start Menu Not Working in One Account But Working on A New Created Account

Problem:  

One user can not use Start Menu and settings. So I created a test account, the test account has no problem use stat menu and settings

Solutions:

If a new created user account has no problem to use the start menu and settings, that tells me that the Windows system might be  OK. The “bad” user account might have a corrupted profile.

1: Log in as the new created user.

(You need to create a second Admin account to do this.) You need to enable “show hidden files….” and disable “Hide protected operating system files”

 

2: Go to c:\users\bad-user name\appdata\local\Microsoft\Windows find UsrClass.dat  rename it UsrClass-old.dat

3: Restart the computer

The problem should be resolved.

 

 

Category: Windows | LEAVE A COMMENT