Well, after much strife, we've figured out how to configure appropriate VLANs on a device running ClarkConnect. Since there are so few resources available for this online, we figured we'd do the IT world a little favor and post our findings here. We hope this helps others in their quest for network partitioning! (Please note, the instructions below are primarily for Linux n00bs.)
Configuration of VLANs with ClarkConnect
NOTES OF IMPORTANCE:
Read through this entire set of instructions carefully before beginning to make any changes to the ClarkConnect box. This is especially important if you're not familiar with text editors in Linux/UNIX. Research any terms in this document you're unfamiliar with before moving forward.
Follow these directions very carefully. Missing a single keystroke can add a lot of confusion and strife to your ClarkConnect experience.
These directions assume you already have a basic ClarkConnect v4.3 firewall set up. The ClarkConnect device also needs to be connected to the Internet at the time of performing the directions below.
You should not explicitly add VLAN 1 to the ClarkConnect device. This VLAN is already present, though you won't see it listed with your other VLANs.
Planning your VLAN IP settings and switch ports up front will save you hours of wasted effort and frustration. Have a firm plan for your entire LAN in hand prior to configuring switches or your ClarkConnect box. An hour or two up front could save you ten hours later. Make sure you know the IP addresses, subnet masks, and DHCP scopes you want to use for each VLAN before moving forward.
Your ClarkConnect device on the management VLAN will still be visible to all other VLANs. This is VLAN 1 by default. If adding other items to this VLAN, they will not be visible to devices on other VLANs, as long as you add the recommended entry to the rc.firewall.local file listed below.
On your switch or switches, the VLANed ports should have a status of "untagged" and the trunked ports should be "tagged" (AKA: 802.1q or dot1q) for all VLANs other than the management VLAN.
If you are creating a large number of VLANs for a network, it is advised to first create just a few VLANs using the steps listed below. Then, you should test the few you've created. Once you have a few up and running, then you can go back and move straight through creating the rest of your VLANs.
-------------------------------------------------------------------------------------------------Did you read all the notes above? If not, DO IT NOW! If you did, then you may proceed.
First, you should configure VLANs on your switch or switches. Methods for doing this are different for each brand of switch - consult the user guide from your switch for instructions on setting up VLANs with that specific device. After you've configured your VLANs on your switch or switches, you'll need to configure your ClarkConnect box to communicate on these VLANs and keep data separate, while providing DHCP and DNS services for each VLAN.
Once you've verified your VLANs and trunks from the switches are set up and communicating properly on the switches themselves, it's time to configure your ClarkConnect box. To do this, you'll want to have a monitor and keyboard attached to the ClarkConnect box (though you can get there via other methods). The initial screen you'll see is the ClarkConnect Main Console. Press Alt-F2 to go to the BASH shell (the Linux/UNIX equivalent to a Command prompt in DOS or Windows). Press Alt-F1 to return to the Main Console.
To configure VLANs, you'll need to use the Linux BASH shell, so press Alt-F2 and then follow these steps as appropriate; (everything inside "quotes" is what you'll type in, but don't include the quotation marks when you type unless specifically mentioned):
1. Login with the appriate username (root) and password.
2. Type "apt-get update" and press enter.
3. Allow the update to finish - it takes a few minutes.
4. Type "apt-get install vconfig" and press enter.
5. Allow the vconfig installation to complete - it takes a few minutes.
6. Type "cd /etc/sysconfig/network-scripts" then press Enter. This moves you into the /etc/sysconfig/network-scripts directory.
7. Type "vi ifcfg-ethx.y" (x is the LAN port you want to add VLANs to, and y is the VLAN ID you wish to add; E.G.- eth1.101), then press Enter and you will be presented with a blank file.
Press "i" to allow editing of the file and enter the following on each line, INCLUDING quotation marks, and changing variables as appropriate:DEVICE="ethx.y"VLAN="yes"ONBOOT="yes"USERCTL="no"BOOTPROTO="static"IPADDR="z.z.z.z"NETMASK="a.a.a.a"
8. Press Esc then type "ZZ" to save the file.
9. Type "ls" and his enter. You should now see a file named ifcfg-ethx.y listed in the /etc/sysconfig/network-scripts directory.
11. If you have more than one VLAN to create, you can save yourself a ton of time by typing "cp ifcfg-ethx.y ifcfg-ethx.y2" to copy the ifcfg-ethx.y file you just created to a new file named ifcfg-ethx.y2, with y2 standing for your next VLAN ID. E.G.- cp ifcfg-eth1.101 ifcfg-eth1.102Do this for every VLAN you want to create.
12. After creating all your VLAN configuration file placeholders, you'll need to alter each one using the vi command as described in steps 3 and 4 above. Be careful to match up the changes to your VLAN configuration files to the filenames you've created and the IP settings you have planned for the VLAN you're configuring. This is an area where having your plan in hand ahead of time will be very valuable!
After finishing all your VLAN configuration files, you need to add your VLANs to the firewall configuration file.
1. Type "cd /etc" hit Enter.
2. Type "vi firewall".
3. Arrow down to the line starting with "LANIF=" then arrow over to the space between eth1 and ethx, then press "i" to edit. Now type in all your VLAN IDs, separating each with a space. E.G. - LANIF="eth1 eth1.101 eth1.102 eth1.103 ethx".
4. After all VLAN IDs are entered, press Esc then type "ZZ" to save the firewall file.
Now that we've enabled all our VLANs to be able to communicate on the network, we need to set up a firewall rule that stops traffic from being routed between our VLANs.
1. Type "cd /etc/rc.d" hit Enter.
2. Type "vi rc.firewall.local" hit Enter.
3. Press "i" to be able to edit the rc.firewall.local file.
4. Arrow down to a blank line and type "iptables -I FORWARD -i eth1.+ -o ! eth0 -j DROP". This line of code assumes eth0 is your WAN port and your VLANs are all attached to the eth1 LAN port. You will have to adjust this if your scenario is different.
5. Press Esc then type "ZZ" to save the local firewall rules file.
Now we need to reboot our system and verify all our ports are visible on the system. To reboot the system, just press Ctrl-Alt-Del. Watch the process carefully. You should see all your VLANs drop and come back up with a status of OK.
Next, we need to set up DHCP for our VLANs. After the system completes booting up, you will be back at the main console screen.
1. Enter the root password and hit Enter.
2. Choose the text interface (first choice) and hit Enter.
3. Enter the root password again, then hit Enter twice.
4. Verify all your VLANs are displayed in the menu.
5. Arrow down to "Configure DHCP Server" and hit Enter.
6. Arrow down to "Add" on a line for one of your VLANs and hit Enter.
7. You will be offered a DHCP scope and other IP options you can either modify or leave alone. In most cases, you'll want to accept the default settings.
8. Arrow down to "Confirm" and press enter.
9. Repeat steps 6 through 8 for each VLAN until you've configured them all.
10. Press "q" then "y" to quit and save your settings from the main console.
11. Arrow down to the "Reboot" option and reboot the system.
12. Watch the system reboot and verify your VLANs and the Firewall list a status of OK.
Now we're ready to test our configuration.
1. Plug PCs or laptops into various ports on various VLANs.
2. Verify you are getting DHCP addresses that match up to the VLAN configurations you'd set up for the port your device is plugged into.
3. Verify you can hit the Internet on each device (assuming your WAN port is configured and plugged into an active Internet connection).
4. Try to ping active addresses on other VLANs. If you've done everything right, you should not be able to see anything on any VLAN except your own and VLAN 1.
Congratulations! You've now finished setting up a ClarkConnect firewall for use in a VLANed environment. Please leave comments if this helped you, or if you have any other bits of advice that may be helpful to others. If this all seems a bit intimidating and you'd rather have us take care of it for you, give us a call at (616) 301-1791, or contact us through our website at http://www.delios.com.
Thursday, April 23, 2009
Tuesday, October 28, 2008
Creative BlackBerry Calendar Synchronization
Occasionally, we are asked to perform the impossible. Most recently, we were tasked with synchronizing a Public Calendar on Exchange with the calendar on a BlackBerry.
To the uninitiated, this may seem like it should be a simple process. So, what’s the problem?
Well, there are actually many problems with this. The first of which is the fact that none of the current batch of “smartphones” (including Windows Mobile, BlackBerry, and iPhone) will inherently synchronize with Public Calendars hosted on an Exchange server. So, we immediately have a need to either change how the organization handles its scheduling, or find a way to synchronize a Public Calendar with a Private Calendar automatically.
Rather than spend the time changing a business process the client has used for over six years, which would carry with it many hidden costs involved with training, we opted to find a way to synchronize a Public Calendar with a Private Calendar. To accomplish this, we used a product called Add2Exchange from http://www.diditbetter.com. This software runs on the server and we have it set up to automatically synchronize individual Public Calendars with individual Private Calendars.
Okay, so now we have our data from our Public Calendar visible in our Private Calendar through Outlook. If we were using a Windows Mobile device, we’d be all set!
D’oh! It’s a BlackBerry we need to set up, not a WinMobile device. Here’s where we get a nice little surprise from the world of the BlackBerry: you can’t wirelessly synchronize a Private Calendar in Outlook without a BlackBerry Enterprise Server. E-mail works just fine, and we can sync the calendar when connecting via a cable to the user’s computer. But this user needs changes synchronized when they’re out of the office! What to do?!?
Here we have three options: purchase and setup a BlackBerry Enterprise Server, accept that this “just can’t be done,” or find another way. Since this is for only one person, the costs involved with the BlackBerry Enterprise Server solution cannot be justified. We always want to make our clients happy, and to tell them at this point that we couldn’t accomplish the objective was not a pleasant thought. We had to find another way.
Enter Google Calendar (http://calendar.google.com). Google Calendar will synchronize with a BlackBerry Calendar. Google Calendar will also synchronize with an Outlook Private Calendar. We set up a Google Calendar account for the end-user, configured it to synchronize with their Outlook and their BlackBerry and - Viola! - we’ve got it! We now have all appointments added to the Public Calendar at their office visible on the user’s BlackBerry.
To recap, there are many hoops to jump through to synchronize a Public Calendar in Exchange with a BlackBerry calendar. In order to accomplish this, we now synchronize the Public Calendar to a Private Calendar. We then synchronize the Private Calendar to a Google Calendar. Finally, the Google Calendar synchronizes to the BlackBerry. The end-user sees all changes within 30 minutes of the time an item is changed in the Public Calendar.
If you’re currently using an external company to handle your company’s IT needs, are they willing to perform this kind of legwork to get you to your goal? Do they take the time to find a way to get the job done without offering up excuses? Do they react positively when facing adverse situations? If you answered “no” to any of these questions, you need to give us a call at Delios Computer Solutions and experience the difference we can make in your organization.
http://www.delios.com (616) 301-1791
To the uninitiated, this may seem like it should be a simple process. So, what’s the problem?
Well, there are actually many problems with this. The first of which is the fact that none of the current batch of “smartphones” (including Windows Mobile, BlackBerry, and iPhone) will inherently synchronize with Public Calendars hosted on an Exchange server. So, we immediately have a need to either change how the organization handles its scheduling, or find a way to synchronize a Public Calendar with a Private Calendar automatically.
Rather than spend the time changing a business process the client has used for over six years, which would carry with it many hidden costs involved with training, we opted to find a way to synchronize a Public Calendar with a Private Calendar. To accomplish this, we used a product called Add2Exchange from http://www.diditbetter.com. This software runs on the server and we have it set up to automatically synchronize individual Public Calendars with individual Private Calendars.
Okay, so now we have our data from our Public Calendar visible in our Private Calendar through Outlook. If we were using a Windows Mobile device, we’d be all set!
D’oh! It’s a BlackBerry we need to set up, not a WinMobile device. Here’s where we get a nice little surprise from the world of the BlackBerry: you can’t wirelessly synchronize a Private Calendar in Outlook without a BlackBerry Enterprise Server. E-mail works just fine, and we can sync the calendar when connecting via a cable to the user’s computer. But this user needs changes synchronized when they’re out of the office! What to do?!?
Here we have three options: purchase and setup a BlackBerry Enterprise Server, accept that this “just can’t be done,” or find another way. Since this is for only one person, the costs involved with the BlackBerry Enterprise Server solution cannot be justified. We always want to make our clients happy, and to tell them at this point that we couldn’t accomplish the objective was not a pleasant thought. We had to find another way.
Enter Google Calendar (http://calendar.google.com). Google Calendar will synchronize with a BlackBerry Calendar. Google Calendar will also synchronize with an Outlook Private Calendar. We set up a Google Calendar account for the end-user, configured it to synchronize with their Outlook and their BlackBerry and - Viola! - we’ve got it! We now have all appointments added to the Public Calendar at their office visible on the user’s BlackBerry.
To recap, there are many hoops to jump through to synchronize a Public Calendar in Exchange with a BlackBerry calendar. In order to accomplish this, we now synchronize the Public Calendar to a Private Calendar. We then synchronize the Private Calendar to a Google Calendar. Finally, the Google Calendar synchronizes to the BlackBerry. The end-user sees all changes within 30 minutes of the time an item is changed in the Public Calendar.
If you’re currently using an external company to handle your company’s IT needs, are they willing to perform this kind of legwork to get you to your goal? Do they take the time to find a way to get the job done without offering up excuses? Do they react positively when facing adverse situations? If you answered “no” to any of these questions, you need to give us a call at Delios Computer Solutions and experience the difference we can make in your organization.
http://www.delios.com (616) 301-1791
Tuesday, July 22, 2008
Exciting Phone Option for Small Businesses
Despite what the Microsoft haters of the world may think, every now and then Microsoft comes out with something amazing. This time it's an awesome new phone system called Response Point. Words alone will not do this system any justice - it's something you must experience to really appreciate. To boil it down, it's the most user-friendly phone system for the small business sector we've ever seen.
Afraid of replacing your current phone system because you don't want to spend a ton of time re-learning which buttons perform each function? Worry not! Microsoft Response Point relies on ONE main button. This one button gives you access to your voicemail and contacts and allows you to transfer or park calls. The core of this system relies on voice-recognition prompting, so nearly anything you'd want to do can be handled by verbally telling the system what you'd like it to do.
Afraid of being frustrated by less-than-stellar performance of voice-recognition software? Don't be. The technology has come a long way, and as long as you're not in an extremely noisy environment, the system won't miss a beat.
But what if you forget what to say? That's an easy one - just ask the system, "What can I say?"
Afraid such a modern phone system will cost you an arm and a leg? Not this time! The entry point for this system is under $2,000.00. If you've dealt with business phone systems in the past, you know how quickly you can triple or quadruple this amount.
Want to take advantage of full VoIP service options? VoIP support is built into the system. Say goodbye to per-minute fees for long distance!
Afraid of poor VoIP quality? The quality has improved tremendously over the past couple of years. If you are basing your opinion on an experience with Vonage in 2003, it's time to give it another shot.
Want to experience this system for yourself before committing to a purchase? Call Adam @ (616) 301-1791 to arrange a demonstration.
This is just another example of how Delios Computer Solutions continues to find the right solutions for the small businesses of West Michigan.
http://www.delios.com
Afraid of replacing your current phone system because you don't want to spend a ton of time re-learning which buttons perform each function? Worry not! Microsoft Response Point relies on ONE main button. This one button gives you access to your voicemail and contacts and allows you to transfer or park calls. The core of this system relies on voice-recognition prompting, so nearly anything you'd want to do can be handled by verbally telling the system what you'd like it to do.
Afraid of being frustrated by less-than-stellar performance of voice-recognition software? Don't be. The technology has come a long way, and as long as you're not in an extremely noisy environment, the system won't miss a beat.
But what if you forget what to say? That's an easy one - just ask the system, "What can I say?"
Afraid such a modern phone system will cost you an arm and a leg? Not this time! The entry point for this system is under $2,000.00. If you've dealt with business phone systems in the past, you know how quickly you can triple or quadruple this amount.
Want to take advantage of full VoIP service options? VoIP support is built into the system. Say goodbye to per-minute fees for long distance!
Afraid of poor VoIP quality? The quality has improved tremendously over the past couple of years. If you are basing your opinion on an experience with Vonage in 2003, it's time to give it another shot.
Want to experience this system for yourself before committing to a purchase? Call Adam @ (616) 301-1791 to arrange a demonstration.
This is just another example of how Delios Computer Solutions continues to find the right solutions for the small businesses of West Michigan.
http://www.delios.com
Monday, June 9, 2008
Trusted Advisor or Mechanic?
Hello business owners! Let’s face facts – most of you are not technologically gifted. Most of you don’t particularly like technology, but recognize it as a necessity of doing business. Many of you make the mistake of looking only for the cheapest solution through technology, rather than the right solution for your business. As we all know, sometimes being cheap can be VERY expensive. We often run into situations where business owners have purchased a cheap solution and discovered it did not accomplish the goals desired. This is a perfect example of why business owners need a trusted advisor to assist with their technology needs.
Unfortunately, many business owners interact with their technology consultant the same way as they do their car mechanic – only when something breaks. Too rarely do they discuss their needs in advance with their consultant. Too often, they purchase inadequate solutions, then expect their consultant to make it work the way they want it to. Too often, we are asked to make a Kia Rio beat a Ferrari in a race. And too often are we delivering explanations on why the five-hundred-dollar solution can’t meet the performance of the five-thousand-dollar solution.
These business owners are not taking full advantage of having a technology consultant they can rely on to be a trusted advisor. One of the best parts of having a trusted advisor for technology is the minimization of wasted dollars on technology. A simple conversation with your consultant can save hundreds or thousands of dollars in misplaced spending, not to mention the large amounts of wasted time as a result of purchasing the wrong solution. In the case of Delios Computer Solutions, most of these conversations (depending on the depth and duration) would be absolutely free. It doesn’t make sense to go into territories we don’t understand without a guide. You wouldn’t perform your first skydiving jump without an instructor, would you? So what would it hurt to run your ideas past your technology consultant? They will often have the right solution available. When they don’t have an immediate solution, they’re much more apt to find the right solution for you. It just doesn’t make sense to go it alone.
You understand your business. We understand how technology interacts with it. Let’s work together toward your success!
Delios Computer Solutions, Inc.
(616) 301-1791
http://www.delios.com
Unfortunately, many business owners interact with their technology consultant the same way as they do their car mechanic – only when something breaks. Too rarely do they discuss their needs in advance with their consultant. Too often, they purchase inadequate solutions, then expect their consultant to make it work the way they want it to. Too often, we are asked to make a Kia Rio beat a Ferrari in a race. And too often are we delivering explanations on why the five-hundred-dollar solution can’t meet the performance of the five-thousand-dollar solution.
These business owners are not taking full advantage of having a technology consultant they can rely on to be a trusted advisor. One of the best parts of having a trusted advisor for technology is the minimization of wasted dollars on technology. A simple conversation with your consultant can save hundreds or thousands of dollars in misplaced spending, not to mention the large amounts of wasted time as a result of purchasing the wrong solution. In the case of Delios Computer Solutions, most of these conversations (depending on the depth and duration) would be absolutely free. It doesn’t make sense to go into territories we don’t understand without a guide. You wouldn’t perform your first skydiving jump without an instructor, would you? So what would it hurt to run your ideas past your technology consultant? They will often have the right solution available. When they don’t have an immediate solution, they’re much more apt to find the right solution for you. It just doesn’t make sense to go it alone.
You understand your business. We understand how technology interacts with it. Let’s work together toward your success!
Delios Computer Solutions, Inc.
(616) 301-1791
http://www.delios.com
Monday, April 14, 2008
Dealing with the new technology learning curve
Let’s face it: most business-people don’t care about the ins and outs of technology. They just want something that works as advertised and relieves a pain-point or improves productivity in some fashion. Therefore they, unlike the geekiest among us, loathe the aspect of having to change their habits as technology changes. In most instances, there is the thought of “why fix what isn’t broken?”
Office 2007 is a good example of this. For years, business-people on the frontlines have been honing their skills with Office, learning how to use the advanced features it presents to increase productivity and the professional image of their organizations. Then, Microsoft came out with Office 2007, with a completely redesigned interface and a perplexingly large number of new, and sometimes complex, features to learn.
This has sent some business owners and managers into fits of rage over not understanding why software continuously changes, not to mention the increased costs of training and reduced productivity during the learning process. Unfortunately, just sticking with the old software you already know is usually not a viable option because you need to keep up with the technology of your vendors and customers.
There are tricks, however, to overcoming some of the anguish over dealing with new technology:
- View it with an open mind
People who approach new technology with an open mind are more likely to see the benefits of new software more quickly than those stuck in their ways. This inevitably leads to realizing an increase in productivity much sooner. - Commit to learning the new technology
Whenever a new piece of software is released, books on how to use the new software are released along with it, often before the actual software is available. It’s much less frustrating to approach new software from an educated stance than to go headlong into it without a clue as to what you’ll be facing. - Have a technology consultant available
Consultants generally have a passion for technology that few non-geeks can understand. We truly enjoy digging into new software to discover the new gems available in the new versions of the software you’re using and we’re more than happy to assist you with learning to put these new features to good use.
We at Delios Computer Solutions have been helping translate geek into English for the SMB sector of Grand Rapids and West Michigan for over a decade. We love this stuff, and can help you find a way to love it too! OK, we know that may be stretching too far, but we can at least help you get past the desire to toss your workstation out the window. Give us a call at (616) 301-1791 or visit www.delios.com to see our full service offerings.
Monday, March 17, 2008
Finding Real Value
At Delios Computer Solutions, we understand the high financial price of technology. You want to know when you're paying somebody for assistance that they are delivering value to you. This value can be found not only in the resolution of a problem you're experiencing, but also in the speed a resolution is delivered and ongoing consultation on the future plans for your network.
Too often, we run into situations with new clients in which they've been working with another company who feel it's appropriate to deliver a resolution to an outage two to three days after reporting the outage. To us, this is completely unacceptable. We guarantee our contracted clients on-site service within two hours for outages. We've been able to deliver on this guarantee for over a decade and we plan to only get better as time moves forward.
Another sad experience for us is when we walk into a business and find their previous service provider taking shortcuts and using temporary solutions ("band-aids") consistently instead of finding real resolutions. Most of the time these are put into place to save money. But without the proper hardware and software in place, these businesses end up losing money in the long run as the shortcuts and band-aids begin to accumulate. We always push for our clients' best interests and aim for the highest value solution.
If your current solution provider is just a "computer fixer" and they're not working with you to find the right technology for your business needs, they are not providing you with the best value for your money. If you'd like to experience the difference between a computer fixer and a technology consultant, give Delios a call at (616) 301-1791 or visit our website at http://www.delios.com.
Too often, we run into situations with new clients in which they've been working with another company who feel it's appropriate to deliver a resolution to an outage two to three days after reporting the outage. To us, this is completely unacceptable. We guarantee our contracted clients on-site service within two hours for outages. We've been able to deliver on this guarantee for over a decade and we plan to only get better as time moves forward.
Another sad experience for us is when we walk into a business and find their previous service provider taking shortcuts and using temporary solutions ("band-aids") consistently instead of finding real resolutions. Most of the time these are put into place to save money. But without the proper hardware and software in place, these businesses end up losing money in the long run as the shortcuts and band-aids begin to accumulate. We always push for our clients' best interests and aim for the highest value solution.
If your current solution provider is just a "computer fixer" and they're not working with you to find the right technology for your business needs, they are not providing you with the best value for your money. If you'd like to experience the difference between a computer fixer and a technology consultant, give Delios a call at (616) 301-1791 or visit our website at http://www.delios.com.
Monday, February 25, 2008
Smarter personal organization with smartphones
Anyone interested in becoming successful has had to deal with the issue of personal organization. How can we possibly keep track of all our business and personal appointments or tasks without some sort of system to help us? Traditionally, this has led people to use paper desk calendars or portable personal organizers (paper and electronic). Over the last few years, we've seen a massive migration to the use of smartphones.
Whether it's the affectionately termed Crackberry (Blackberry), a Windows Mobile-enabled phone, or a standard cellphone with calendar application, people are keeping their lives organized more and more through the use of their cellphone. We at Delios have been in the business of configuring electronic personal organizers since the days of the original Palm Pilot.
Give us a call at (616) 301-1791 to discuss how we can help you optimize your time through the proper configuration of your smartphone.
Whether it's the affectionately termed Crackberry (Blackberry), a Windows Mobile-enabled phone, or a standard cellphone with calendar application, people are keeping their lives organized more and more through the use of their cellphone. We at Delios have been in the business of configuring electronic personal organizers since the days of the original Palm Pilot.
Give us a call at (616) 301-1791 to discuss how we can help you optimize your time through the proper configuration of your smartphone.
Subscribe to:
Posts (Atom)