« Wedding Planning? Use our spreadsheet as a starter. | Main | More Diamond Opinion »
January 19, 2005
Long Time No Blog
Problem is, I've been working too much. I've been working on the school's new web page and firewall. You can see the web page at http://www.interamericano.edu.gt and I would love your feedback!
And on the firewall front, the non-IT world can stop reading here -----> . Why can't I publish a static ARP entry (not bound) for another IP on the same subnet? I'm migrating users to a new gateway with DHCP. Gateway used to be .211 now it will be .1 - so I wanted to publish a static ARP entry that mapped .211 to the same MAC as the physical interface .1. The manual says this should work for *different* subnets on the same interface (so each subnet can point to the same MAC as a gateway). Is there some rule about ARP? Should I do this with a 1-2-1 NAT (is that even possible?)
I'm frustrated with Microsoft Server 2000 DHCP implementation, why can't you import a list of IP reservations? And because I don't have VLAN capable switches and I don't want to rewire the entire school, I have to use one DHCP server for the entire network. I was hoping to do so much more with different zones/interfaces on the device.
And if the firewall supports authentication against RADIUS servers and Active Driectory, why is it impossible to just detect the currently logged-in wondows user as a basis for my authentication instead of requireing another sign-on?
Mad props to Blake. While he respects my pivot tables, I will always idolize him for his Cisco CCIE and Apple ][e S/<i11Z.
Posted by Jeff at January 19, 2005 06:52 AM
Comments
>RUN REPLY
0: CLS
10: PRINT
ARP: I can't think of a reason why it shouldn't work. Sounds like a device limitation. You can clear arp cahces on most devices w/o a reboot. Windows can do it! Might be easier than persisting static arp entries.
DHCP: VLANs may actually break DHCP unless you enable DHCP relaying. DHCP is broadcast based, and broadcasts don't leave subnets. If your switches support relaying then you can happily segment your LAN and use one DHCP server. Or setup the DHCP Relay Agent on servers in each subnet.
AUTH: You are a Single Signon Nazi.
Do you remember creating our own ProDOS enumlator apps via HELLO? Ahh yes, the good old days in Mrs. Irwin's Class. "I am Yoda, You are my Children" on the overhead TV -- "Well, I'm Mrs Irwin and I am your teacher!! BLAAH!!"
Posted by: Blake at January 24, 2005 06:51 PM