Exchange 2007 Infrastructure Preparation

Exchange 2007 uses Active Directory for authentication, storing configuration data, recipient addressing, and message routing. Active Directory has three partitions (also referred to as naming contexts). Each partition holds different kinds of Exchange data.

Component	Description
Schema	The schema defines the rules for how objects are created (classes) and the properties and bounds for object properties (attributes). Installing Exchange 2007 extends (modifies) the Active Directory schema by adding the following: Classes to create Exchange-specific objects, such as agents and connectors. Attributes to configure the Exchange-specific objects as well as additional attributes for existing objects such as users and groups. Each domain controller and global catalog server in the forest holds a replica of the schema.
Configuration partition	The configuration partition stores data that includes information that includes AD site configuration, Exchange global settings, transport settings, and mailbox policies. Configuration information specific to Exchange is stored in a subfolder under the configuration partition's Services container. It includes the following: Address lists Address and display templates Client access settings Connectors Global settings E-mail address policies System policies Transport settings Each domain controller and global catalog server in the forest holds a replica of the configuration partition.
Domain partition	The domain partition holds all data for individual users, contacts, and mailboxes. As Exchange runs, it stores and modifies data in the domain. The domain partition stores the largest amount of information in a typical deployment. Each domain controller holds a replica of the domain partition for the domain for which it is authoritative while each global catalog server in the forest holds a subset of the information in every domain partition in the forest.

Before installing Exchange, make sure your Active Directory structure meets the following requirements:

• The domain controller that is the Schema Master must be running Windows Server 2003 SP1 (or later).
• In each site where Exchange Server 2007 will be installed, there must be at least one global catalog server running Windows Server 2003 SP1 (or later).
• In each domain where Exchange Server 2007 will be installed, there must be at least one domain controller that is running Windows Server 2003 SP1 (or later).
• For all domains in the Active Directory forest where Exchange 2007 is installed or where Exchange 2007 recipients exist, Active Directory must be in Windows 2000 native mode or higher. To place the domain in Windows native mode, you must remove any NT4 domain controllers.
• If the organization includes a previous version of Exchange, you cannot have any Exchange 5.5 servers, and the organization must be running in native mode.

Preparing and installing Exchange makes the following changes in Active Directory:

• Modifies permissions of existing Exchange 2000 or Exchange 2003 environments.
• Extends the schema to add Exchange classes and attributes.
• Creates the Exchange organization.
• Creates Exchange-specific objects and groups.
• Assigns permissions to groups used by Exchange.

Running the Setup wizard during the Exchange server installation makes all of the necessary Active Directory modifications as long as the account you use has the proper permissions. However, in large organizations, administrators with permissions to install Exchange servers typically do not have the permissions necessary to modify the schema or domain configuration. For the most granular control over the Active Directory preparation process, and to delegate these tasks to other administrators, run the Exchange server Setup.com program (with specific switches) in the following order, waiting for the changes to be propagated through Active Directory before proceeding to the next step:

1. If you have an existing Exchange 2000 or 2003 configuration, run Setup /PrepareLegacyExchangePermissions (or Setup /pl) to modify the existing Exchange 2000 or Exchange 2003 permissions.
   
    
   • If you are a member of the Enterprise Admins group, all domains will be modified.
   • To run this command for a single domain, include the domain name in the command. You must be delegated the Exchange Full Administrator role and you must be a member of the Domain Admins group.
   • Run the command on a Windows Server 2003 SP1 (or higher) server that can contact all other domains in the forest. 
   
   
2. Run Setup /PrepareSchema (or Setup /ps) to extend the schema.
   
   
   
   • You must be a member of the Schema Admins and Enterprise Admins group to perform this step.
   • Run the command on a computer in the same site as the Schema Master. 
    
3. Run Setup /PrepareAD /OrganizationName: Name (or Setup /p /on: Name) to create the organization, create global Exchange objects, and prepare the local domain. If the Exchange organization already exists, omit the /on switch.
   
   
   • You must be a member of the Enterprise Admins group to perform this step.
   • Run the command on a computer in the same domain and site as the Schema Master and that can contact all domains in the forest over port 389. 
    
4. Prepare each additional domain where you will have Exchange 2007 servers or recipients. Use one of the following methods to prepare additional domains:
   
   
   • Run Setup /PrepareDomain (or Setup /pd) on each additional domain. You do not need to run this on the domain where you ran /PrepareAD.
     
     
     • You must be a member of the Domain Admins group in the domain to perform this command if the domain that you are preparing existed before you ran Setup /PrepareAD.
     • You must be a member of the Exchange Organization Administrators group and the Domain Admins group in the domain if it was created after you ran Setup /PrepareAD.
   • Run Setup /PrepareAllDomains (or Setup /pad) to prepare every domain in the forest. You must be a member of the Enterprise Admins group to run this command.

Note: The computer that is used to run Setup must have the Microsoft .NET, Framework 2.0, and the Microsoft Command Shell installed.
Perhaps the biggest consideration in deciding how to prepare Active Directory is the permissions required to perform each specific task. The following table summarizes the permissions required for each:

Option	Required Permissions
/PrepareLegacyExchangePermissions	Enterprise Admins group membership to modify all domains. Delegated the Exchange Full Administrator role and Domain Admins group membership to modify a single domain.
/PrepareSchema	Schema Admins and Enterprise Admins group memberships.
/PrepareAD	Enterprise Admins group membership if the schema is already prepared. Schema Admins and Enterprise Admins group membership if the schema has not yet been prepared. In addition, you must be an Exchange Full Administrator if there are existing Exchange 2003 servers.
/PrepareDomain	Domain Admins group membership if the domain existed before you ran /PrepareAD. Exchange Organization Administrators group membership and Domain Admins group membership if the domain was created after you ran /PrepareAD.
/PrepareAllDomains	Enterprise Admins group membership.

When you use Setup to prepare Active Directory for Exchange server installation, be aware of the following special cases:

• If you run the Setup wizard with appropriate permissions, the following actions are performed: legacy permissions are modified, the schema is extended, the organization is created, and the local domain is prepared. This is the most efficient way to do the preparation and the installation if you have all of the necessary permissions.
• Running /PrepareAD modifies legacy permissions and extends the schema if those steps have not yet been performed (as long as you are a member of the Schema Admins and Enterprise Admins groups).
• Running /PrepareSchema modifies legacy permissions if that step has not yet been performed.
• Running /PrepareAllDomains is the most efficient way to prepare domains for Exchange installation, but requires membership in the Enterprise Admins group.
• Because you can only create a single organization in a forest, you must create a second forest to accommodate two organizations. Run Setup /PrepareAD /on in each domain to create the organizations.
• All domains with Exchange 2007 servers or recipients must be prepared. Domains are prepared for Exchange if you have run /PrepareAD or /PrepareDomain in the domain, or if you run /PrepareAllDomains.

In addition to preparing Active Directory, you must have a good DNS infrastructure prior to Exchange installation. Exchange Server 2007 uses DNS for the following:

• An Exchange server contacts DNS to get service locator records (SRV) to locate Active Directory domain controllers.
• An Exchange server contacts DNS servers to retrieve MX (mailbox) records and to locate SMTP domains. Edge Transport servers must be configured as follows:
  
  
  • The internal interface must be configured to resolve internal addresses.
  • The external interface must be configured to resolve Internet or public DNS names.
• An Exchange server uses DNS to resolve hosts names, especially when locating hosts on the Internet.

By Unknown with No comments

Exchange Management Shell Facts

The Exchange Management Shell (also referred to as the Exchange PowerShell) is the primary platform for all administration (the graphical interface is simply running atop of the command shell). You should know the following about the Exchange Management Shell:

• The PowerShell must be installed before Exchange 2007 is fully installed, then extensions are installed to the PowerShell during the Exchange 2007 installation to create the Exchange 2007 PowerShell environment.
• To manage your Exchange organization, make sure you load the Exchange Management Shell, not Microsoft Window's PowerShell.
• The Exchange.ps1 file includes setup for the PowerShell.

Management using the shell is done by typing cmdlets.

• Cmdlets use a verb + noun-based syntax, for example: Get-AcceptedDomain.
• Commands are followed by one or more options. Options are identified by a hyphen and are typically followed by data. For example, Get-Mailbox -Server Server1 returns a list of mailboxes on Server1.
• To see the options available with a command, type help followed by the command.
• To get help within an environment, type get-help. Use the -detailed option with this command to get even more information.
• The tab completion feature automatically points you to the most likely command if you only enter part of a command then press tab. If you're not sure what the command is, or only know part of it, use tab completion to see options starting with the letters you have typed.

The following table lists the basic set of Management Shell commands:

Command	Description
Set	Set modifies the properties of an existing Exchange 2007 object.
Get	Get retrieves information about a particular Exchange 2007 object. Pipe the command to the Format-List cmdlet to tell it to return verbose information when you run a command.
New	New creates a new Exchange 2007 object.
Excommand	Excommand lists all available commands that relate to Exchange Server 2007.
Move	Move relocates the specified Exchange 2007 object from one container or server to another.
Disable	Disable sets the Enabled status of the specified Exchange 2007 object to $False, which prevents the object from processing data even though the object exists.
Enable	Enable sets the Enabled status of the specified Exchange 2007 object to $True, which enables the object to process data.
Install	Install installs a new object or feature on an Exchange 2007 server.
Uninstall	Uninstall removes an object or feature from an Exchange 2007 server.
Remove	Remove deletes the specified Exchange 2007 object.
Test	Test tests specific Exchange 2007 components and provides log files that you can examine.

Use pipelining (also called piping) to string together the actions of two or more cmdlets. Output from the first cmdlet is fed into the second cmdlet (and so on). For example, the following cmdlet gets a list of mailboxes on a server, then moves all mailboxes to a new server:

Get-Mailbox -Server Mail1 | Move-Mailbox -TargetDatabase Mail2\Executives

When you execute a Get command, a default set of values is returned and the content is displayed in a specific order. Use the following cmdlets in combination with the Get command to format the output:

• Use Format-List (fl) to take input from the pipeline and output a vertical columned list of all the specified properties of each object. This option is similar to the verbose option for command prompt commands. You can also follow fl with a list of properties to show only the desired properties.
• Use Format-Table to display items in a table format with label headers and columns of property data.
• Use GroupBy to group output by a specified property.
• Use Property to specify which properties you wish to be displayed.
• Use Sort-Object to sort information using a specific order.

By Unknown with No comments

Exchange 2007 Management Console

The Exchange 2007 Management Console is a graphic interface used to manage an Exchange environment. It has been simplified from previous versions of Exchange so it now focuses only on the most commonly executed tasks. Additional tasks that could traditionally only be performed in REGEDIT or ADSIEDIT were also added to the Exchange Management Console to improve ease of use. You should know the following about the Exchange Management Console:

• In Exchange 2003, the information shown in the tree-pane was dependent on the configuration of your Exchange Server. This pane is now static in the Exchange 2007 Management Console so no matter how many servers you have, what options have been chosen, or what has been installed, the tree-pane will always be the same.
• Many tasks can't be performed through the Exchange Management Console, only through the Exchange Management Shell.
• The Exchange Management Console can filter views.

The console tree is organized into nodes and sub-nodes which can be expanded up to eight or more levels. The nodes in the console are as follows:

Node	Description
Microsoft Exchange node	The Microsoft Exchange node allows you to view the Finalize Deployment and End-to-End Scenarios tabs. These tabs help you to complete the required and optional configuration tasks for the server roles you deployed.
Organization Configuration node	The Organization Configuration node configures global and system-wide data for all servers and users in the Exchange 2007 organization.
Server Configuration node	The Server Configuration node configures the Exchange 2007 servers and their components such as protocols, databases, and messaging records management.
Recipient Configuration node	The Recipient Configuration node manages the recipients in the Exchange 2007 organization.
Edge Transport node	The Edge Transport node is visible only from a computer that has the Edge Transport server role installed and is used to manage your organization's perimeter network.
Toolbox node	The Toolbox node contains the following tools: Queue Viewer Exchange Server Best Practices Analyzer Database Recovery Management Database Troubleshooter Performance Monitor Performance Troubleshooter Mail Flow Troubleshooter Message Tracking

By Unknown with No comments

Exchange 2007 Administrator Roles

It is possible to have more than one Exchange administrator in your Exchange 2007 organization. To better facilitate the implementation of multiple administrators, Exchange 2007 provides predefined administrator roles that minimize manual permission configuration. The following table describes the predefined roles offered in Exchange 2007 to manage configuration data:

Role	Description
Exchange Organization Administrator	Users who are an Exchange Organization Administrators have the highest level of permissions within the Exchange organization, having full access to modify all Exchange properties and objects in the Exchange organization, including: Full control as owner over the Exchange organization data in the configuration container in Active Directory and the local Exchange server Administrator group. Full control as owner over the local Exchange server configuration data. Read access to all Active Directory domain users. Write access to all Exchange-specific attributes in all Active Directory domain user containers. You must be assigned as the Exchange Organization Administrator role to perform any task that will affect the entire organization, including: Creating the Exchange organization and installing the first Exchange server Changing any global configuration settings Deleting connectors Changing server policies You should know the following about the Exchange Organization Administrators role: Setup will add the Exchange Organization Administrators role as a member of the local Administrators group on the computer on which you are installing Exchange. If you install Exchange 2007 on a domain controller, the users in the Exchange Organization Administrators role will have additional Windows permissions that they do not have if you install Exchange 2007 on a computer that is not a domain controller.
Exchange View-Only Administrator	Users who are an Exchange View-Only Administrator have read-only access to: The whole Exchange organization tree in the Active Directory configuration container. All the Windows domain containers that have Exchange recipients.
Exchange Recipient Administrator	Users who are an Exchange Recipient Administrator can perform the following functions: Modify any Exchange property on an Active Directory object, including: Users Contacts Groups Dynamic distribution lists Public folder objects Manage Unified Messaging mailbox settings and Client Access mailbox settings. Additionally, Exchange Recipient Administrator role gives the following permissions: Membership in the Exchange View-Only Administrator role. Read access to all the Active Directory Domain User containers that have been prepared for Exchange 2007. Write access to all the Exchange specific attributes on the Domain User containers in Active Directory domains that have been prepared for Exchange 2007.
Exchange Server Administrator	Users who are an Exchange Server Administrator have permissions to server Exchange configuration data stored on the local server and in Active Directory. Members have the following permissions: Members of the Exchange View-Only Administrators role. Full control as owner over the local server configuration data. Local administrator on the computer on which Exchange is installed. When you assign this role, you designate the Exchange server(s) that the administrator is allowed to manage.
Exchange Public Folder Administrator	Users who are an Exchange Public Folder Administrator have administrative permissions to perform the following tasks related to public folders: Create and delete public folders Mail-enable public folders Manage public folder settings, such as: Replicas Quotas Age limits Administrative permissions Client permissions Note: Users who are an Exchange Public Folder Administrator cannot modify mail recipient-related properties on public folders, such as proxy addresses.

These Exchange Administrator roles (with exception of Exchange Server Administrators) are created in a new Microsoft Exchange security group Organizational Unit (OU).

By Unknown with No comments

Exchange 2007 Concepts

The following table lists some of the basic components that are used to organize and administer Exchange. You will learn more details about each throughout this course.

Object	Description
Organization	The organization is the top Exchange infrastructure object. The organization defines your messaging environment. It includes the following: Exchange server Domain controllers Global catalog server Users
Server role	A server role is a logical set of features and services that allow users to perform specific tasks. Exchange 2007 offers the following five server roles: Client Access Mailbox Unified Messaging Hub Transport Edge Transport
Mailbox	A mailbox is a logical storage location associated with a recipient. The mailbox is where all e-mail messages are stored. The inbox and all other associated folders make up the mailbox.
Recipient	A recipient is a mail-enabled Active Directory object to which Exchange can send messages. A recipient has Exchange attributes, but it does not have to have a mailbox. Examples of recipients include the following: Mailbox users Mail users Resource mailboxes Mail contacts Distribution groups Dynamic distribution groups
Store	A store is a database of Exchange information. The store contains individual recipient mailboxes. All mailboxes in the store share common configuration settings.
Domain controller	The domain controller is the server within the Windows server domain that responds to authentication requests such as logging in and permissions assignment. The domain controller is effectively a database server. It contains a file called NTDS.dit which contains: The NT Directory service The directory information tree which is part of the X500 directory naming standard.
Storage group	A storage group is a collection of stores. All stores in the storage group are held on the same physical server.
Queue	A queue is a temporary holding space for messages waiting to enter the next stage of processing. Each queue is a logical set of messages that an Exchange transport server handles in a specific order. Queues only exist on machines that have the Edge Transport or Hub Transport server roles installed.
Address lists	An address list is a list of recipients. The global address list is an address list that is automatically generated by Exchange and which includes all recipients in the Exchange organization. In addition, you can define custom address lists.
Outlook	Microsoft Outlook is the premier messaging and collaboration client for the Internet and Microsoft Exchange Server. Outlook: Helps users communicate with others through e-mail, telephone, group scheduling, and real-time Microsoft NetMeeting conferencing software. Allows users to share information with others via Internet connectivity, Microsoft Exchange Server, and electronic forms, and as a component of customized collaborative solutions. Integrates and organizes communications and shared information in one application.
Outlook Web Access	Outlook Web Access (OWA) allows clients to access e-mail, calendars, contacts, tasks, and other mailbox contents when access to the Microsoft Outlook desktop application is unavailable. OWA: Offers read-only access to documents stored in Microsoft SharePoint sites and network (UNC) shares. Is provided as part of Exchange Server 2007 to allow users to connect remotely via a Web browser. Can perform many of the functions of Outlook. Requires a network connection to function.
Public folder	A public folder is a repository for data that can be accessed by multiple users. A public folder is a recipient that can have an associated e-mail address. Users can e-mail or post content into the public folder. Content in the public folder is accessible through the Outlook clients.

Exchange 2007 uses the following protocols:

Protocol	Description
Simple Mail Transfer Protocol (SMTP)	SMTP is the Internet standard protocol for transferring e-mail messages between hosts. SMTP assumes that both host and client are constantly connected, but you can use both permanent and dial-up connections to an SMTP host.
Messaging Application Programming Interface (MAPI)	MAPI is a set of standard commands developed by Microsoft. Messaging services use these commands to communicate with other MAPI-compliant applications. In Exchange 2007, the Client Access Server is responsible for all MAPI access. The only protocol used to communicate to a Mailbox server in Exchange 2007 is the MAPI RPC protocol.
Post Office Protocol version 3 (POP3)	POP3 is a mail-drop protocol designed to work with clients that are not always connected to the network. It allows a mail server to receive mail messages and store them on a server until the client comes back online and requests them.
Remote Procedure Call (RPC)	Remote Procedure Calls are based on a client/server model in which one server runs processes on another server. Both servers assume the calls are local, when in reality they run over LAN connections and through software libraries on both servers.
Internet Message Access Protocol version 4 (IMAP4)	Like POP3, IMAP4 is a protocol that allows a client to download messages from a server. (It does not allow you to send messages.) IMAP4 is much more powerful than POP3. For example, with IMAP4, you can open all folders in your mailbox, not just the Inbox, as well as public folders on the server.

By Unknown with No comments

Exchange 2007 Server Roles

A server role is a unit that logically groups required components and features that are needed to perform functions within a messaging environment. During installation, you choose the role(s) that the server will play within the organization. The following table describes the different types of roles in an Exchange 2007 environment:

Server Role	Description
Mailbox server	The Mailbox server role in Exchange 2007 contains the mailbox and public folder databases. Mailbox servers provide services such as: Calculating e-mail address policies and address lists for recipients Enforcing managed folders. The Mailbox server interacts directly with the following: Active Directory directory service server Client Access server Hub Transport server Microsoft Outlook clients Unified Messaging (UM) server
Client Access server	The Client Access server role allows a variety of different clients to communicate with the Exchange server. The Client Access server role hosts the following client applications and protocols: Outlook Web Access Exchange ActiveSync Post Office Protocol version 3 (POP3) Internet Message Access Protocol version 4rev1 (IMAP4) You should know the following about Exchange protocols in relation to Client Access servers: In previous versions of Exchange, the back-end server could be accessed using MAPI or any Internet protocol (POP3, HTTP, IMAP4). The only protocol used to communicate to a Mailbox server in Exchange 2007 is the MAPI RPC protocol. In Exchange 2007, the Client Access server is responsible for all MAPI access. If a user wishes to use Outlook Web Access then they will use RPC/HTTP (Outlook Anywhere). If a user wishes to use POP3 or IMAP4, they will need to contact the Client Access server. At least one Client Access server is required in every Exchange 2007 organization. In addition, each site that has a Mailbox server also requires a Client Access server.
Edge Transport server	The Edge Transport server handles all Internet-facing ingoing and outgoing mail flow and provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange 2007 organization. You should know the following about Edge Transport servers: In past versions of Exchange, the Exchange server was a domain member but could still be face-to-face with the Internet. If the Exchange server were compromised, the entire domain could be compromised as well. For this reason, the Edge Transport server in Exchange 2007 does not require domain membership, but is designed to be deployed within a perimeter network. The Edge Transport server does not have access to the Active Directory service, but instead runs a service called the Active Directory Application Mode (ADAM) which is a scaled-down, read-only version of Active Directory that can be deployed on a single machine, but does not require the DNS services and the supporting infrastructure that a full Active Directory implementation requires. The Edge Transport server stores all of its configuration in a local database. Agents run on the Edge Transport server which provide protection against spam and viruses and apply rules to overall mail flow control. It is possible to install more than one Edge Transport server in a perimeter network to provide redundancy in case of server failure. The Edge Sync service makes it possible to set up Active Directory data synchronization between the Hub Transport server and the Edge Transport server. This allows the Hub Transport server to actually contact the Active Directory domain controller and global catalog server to retrieve information such as the recipients for the organization and the accepted domains and connectors, then it populates the information out to the ADAM instance on the Edge Transport server.
Hub Transport server	The Hub Transport server role is responsible for processing and delivering all messages within the Exchange Organization. The Hub Transport server role: Is deployed inside the Active Directory service. Is responsible for applying organizational policies. Uses the store driver to: Deliver mail to recipient's mailboxes within the organization. Retrieve messages from a user's mailbox and place them in the Submission queue. Determines the routing path for all messages in the organization and routes messages to recipient's mailboxes who reside outside of the organization. Uses the categorizer feature to perform recipient resolution, content conversion, and routing resolution for all messages within the organization.
Unified Messaging server	Unified Messaging allows users to access e-mail, voicemail, calendar information, and fax communications using an e-mail client such as Microsoft Outlook, Outlook Web Access, or a mobile device that has Microsoft Exchange ActiveSync. The Unified Messaging server allows the Exchange organization to connect to a Private Branch eXchange (PBX) system. Unified Messaging integrates voicemail, faxes, and calendars in the following ways: All e-mail, voicemail, calendar, and fax communications are combined into a single store which is available from a telephone or computer. All voicemails are converted to Windows Media audio files which are sent to the user's Mailbox server and stored as attachments in an e-mail. When a fax is received, the fax can be converted into a .tif file which is saved as an attachment in a user's mailbox. Users are provided with voice-based access to their mailbox through voice-prompts and queries. This allows users to perform the following tasks over the phone: Access voicemail. Listen to calendar information. Listen, reply, or forward e-mail messages. Access or dial contacts stored in the global address list or their personal contact list. Accept or cancel meeting requests. Set a voicemail out-of-office message. Set personal options and security preferences. The auto attendant feature allows external users to use the telephone keypad or speech inputs to navigate the Unified Messaging System to locate and/or call a user. It also allows the administrator to perform the following tasks: Create a set of menus that can be customized for external users. Define schedules for holidays. Explain how to search the organization's directory to connect either directly or by using their extension.

By Unknown with No comments

VLAN Trunking Command List

The following table lists important commands for configuring and monitoring trunking on a switch.

Command

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk encapsulation isl

Switch(config-if)#switchport mode dynamic auto

Switch(config-if)#switchport mode dynamic desirable

Switch(config-if)#switchport mode access

Switch#show interface trunk Switch#show interface fa0/1 trunk

Note: Two switches both configured to use desirable dynamic trunking will not trunk. At least one of the switches must be set to manually trunk or to use auto dynamic trunking.

By Unknown with No comments

VLAN Trunking Facts

By Unknown with No comments

VLAN Command List

To configure a simple VLAN, first create the VLAN, and then assign ports to that VLAN. The following table shows common VLAN configuration commands.

Example
The following commands create VLAN 12 named IS_VLAN, identifies port 0/12 as having only workstations attached to it, and assigns the port to VLAN 12.

switch#config t

switch(config)#vlan 12

switch(config-vlan)#name IS_VLAN

switch(config-vlan)#interface fast 0/12

switch(config-if)#switchport access vlan 12

By Unknown with No comments

VLAN Facts

A virtual LAN (VLAN) can be defined as:

Broadcast domains defined by switch port rather than network address
A grouping of devices based on service need, protocol, or other criteria rather than physical proximity
Using VLANs lets you assign devices on different switch ports to different logical (or virtual) LANs. Although each switch can be connected to multiple VLANs, each switch port can be assigned to only one VLAN at a time. The following graphic shows a single-switch VLAN configuration.



Be aware of the following facts about VLANs:

In the graphic above, FastEthernet ports 0/1 and 0/2 are members of VLAN 1. FastEthernet ports 0/3 and 0/4 are members of VLAN 2.
In the graphic above, workstations in VLAN 1 will not be able to communicate with workstations in VLAN 2, even though they are connected to the same physical switch.
Defining VLANs creates additional broadcast domains. The above example has two broadcast domains, each of which corresponds to one of the VLANs.

By default, switches come configured with several default VLANs:
VLAN 1
VLAN 1002
VLAN 1003
VLAN 1004
VLAN 1005
By default, all ports are members of VLAN 1.

Creating VLANs with switches offers the following administrative benefits.

You can create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service)
You can simplify device moves (devices are moved to new VLANs by modifying the port assignment)
You can control broadcast traffic and create collision domains based on logical criteria
You can control security (isolate traffic within a VLAN)
You can load-balance network traffic (divide traffic logically rather than physically)
Note: VLANs are commonly used with Voice over IP (VoIP) to distinguish voice traffic from data traffic. Traffic on the voice VLAN can be given a higher priority to ensure timely delivery.

Creating VLANs with switches offers the following benefits over using routers to create distinct networks.

Switches are easier to administer than routers
Switches are less expensive than routers
Switches offer higher performance (introduce less latency)
A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. Details of how VLANs are created and identified can vary from vendor to vendor. Creating a VLAN might mean you must use only that vendor's switches throughout the network. When using multiple vendors in a switched network, be sure each switch supports the 802.1q standards if you want to implement VLANs.

Despite advances in switch technology, routers are still needed to:
Filter WAN traffic
Route traffic between separate networks
Route packets between VLANs

By Unknown with No comments

Mercy Mini 280 Automatic

By Unknown with 4 comments

Mercedes Benz 190E 2.3-16 Cosworth

Soon to be classic car
better catch one while it avail..

By Unknown with No comments

Menghitung Subnetting IP Address

Penghitungan subnetting bisa dilakukan dengan dua cara, cara binary yang relatif lambat dan cara khusus yang lebih cepat. Pada hakekatnya semua pertanyaan tentang subnetting akan berkisar di empat masalah: Jumlah Subnet, Jumlah Host per Subnet, Blok Subnet, dan Alamat Host- Broadcast.


Penulisan IP address umumnya adalah dengan 192.168.1.2. Namun adakalanya ditulis dengan 192.168.1.2/24, apa ini artinya? Artinya bahwa IP address 192.168.1.2 dengan subnet mask 255.255.255.0. Lho kok bisa seperti itu? Ya, /24 diambil dari penghitungan bahwa 24 bit subnet mask diselubung dengan binari 1. Atau dengan kata lain, subnet masknya adalah: 11111111.11111111.11111111.00000000 (255.255.255.0). Konsep ini yang disebut dengan CIDR (Classless Inter-Domain Routing) yang diperkenalkan pertama kali tahun 1992 oleh IEFT.

Pertanyaan berikutnya adalah Subnet Mask berapa saja yang bisa digunakan untuk melakukan subnetting? Ini terjawab dengan tabel di bawah:

Subnet Mask Nilai CIDR 255.128.0.0 /9 255.192.0.0 /10 255.224.0.0 /11 255.240.0.0 /12 255.248.0.0 /13 255.252.0.0 /14 255.254.0.0 /15 255.255.0.0 /16 255.255.128.0 /17 255.255.192.0 /18 255.255.224.0 /19

Subnet Mask Nilai CIDR 255.255.240.0 /20 255.255.248.0 /21 255.255.252.0 /22 255.255.254.0 /23 255.255.255.0 /24 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.240 /28 255.255.255.248 /29 255.255.255.252 /30

SUBNETTING PADA IP ADDRESS CLASS C
Ok, sekarang mari langsung latihan saja. Subnetting seperti apa yang terjadi dengan sebuah NETWORK ADDRESS 192.168.1.0/26 ?

Analisa: 192.168.1.0 berarti kelas C dengan Subnet Mask /26 berarti 11111111.11111111.11111111.11000000 (255.255.255.192).

Penghitungan: Seperti sudah saya sebutkan sebelumnya semua pertanyaan tentang subnetting akan berpusat di 4 hal, jumlah subnet, jumlah host per subnet, blok subnet, alamat host dan broadcast yang valid. Jadi kita selesaikan dengan urutan seperti itu:

1. Jumlah Subnet = 2^x, dimana x adalah banyaknya binari 1 pada oktet terakhir subnet mask (2 oktet terakhir untuk kelas B, dan 3 oktet terakhir untuk kelas A). Jadi Jumlah Subnet adalah 2² = 4 subnet
2. Jumlah Host per Subnet = 2^y – 2, dimana y adalah adalah kebalikan dari x yaitu banyaknya binari 0 pada oktet terakhir subnet. Jadi jumlah host per subnet adalah 2⁶ – 2 = 62 host
3. Blok Subnet = 256 – 192 (nilai oktet terakhir subnet mask) = 64. Subnet berikutnya adalah 64 + 64 = 128, dan 128+64=192. Jadi subnet lengkapnya adalah 0, 64, 128, 192.
4. Bagaimana dengan alamat host dan broadcast yang valid? Kita langsung buat tabelnya. Sebagai catatan, host pertama adalah 1 angka setelah subnet, dan broadcast adalah 1 angka sebelum subnet berikutnya.

Subnet	192.168.1.0	192.168.1.64	192.168.1.128	192.168.1.192
Host Pertama	192.168.1.1	192.168.1.65	192.168.1.129	192.168.1.193
Host Terakhir	192.168.1.62	192.168.1.126	192.168.1.190	192.168.1.254
Broadcast	192.168.1.63	192.168.1.127	192.168.1.191	192.168.1.255

Kita sudah selesaikan subnetting untuk IP address Class C. Dan kita bisa melanjutkan lagi untuk subnet mask yang lain, dengan konsep dan teknik yang sama. Subnet mask yang bisa digunakan untuk subnetting class C adalah seperti di bawah. Silakan anda coba menghitung seperti cara diatas untuk subnetmask lainnya.

Subnet Mask	Nilai CIDR
255.255.255.128	/25
255.255.255.192	/26
255.255.255.224	/27
255.255.255.240	/28
255.255.255.248	/29
255.255.255.252	/30

SUBNETTING PADA IP ADDRESS CLASS B
Berikutnya kita akan mencoba melakukan subnetting untuk IP address class B. Pertama, subnet mask yang bisa digunakan untuk subnetting class B adalah seperti dibawah. Sengaja saya pisahkan jadi dua, blok sebelah kiri dan kanan karena masing-masing berbeda teknik terutama untuk oktet yang “dimainkan” berdasarkan blok subnetnya. CIDR /17 sampai /24 caranya sama persis dengan subnetting Class C, hanya blok subnetnya kita masukkan langsung ke oktet ketiga, bukan seperti Class C yang “dimainkan” di oktet keempat. Sedangkan CIDR /25 sampai /30 (kelipatan) blok subnet kita “mainkan” di oktet keempat, tapi setelah selesai oktet ketiga berjalan maju (coeunter) dari 0, 1, 2, 3, dst.

Subnet Mask Nilai CIDR 255.255.128.0 /17 255.255.192.0 /18 255.255.224.0 /19 255.255.240.0 /20 255.255.248.0 /21 255.255.252.0 /22 255.255.254.0 /23 255.255.255.0 /24

Subnet Mask Nilai CIDR 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.240 /28 255.255.255.248 /29 255.255.255.252 /30

Ok, kita coba dua soal untuk kedua teknik subnetting untuk Class B. Kita mulai dari yang menggunakan subnetmask dengan CIDR /17 sampai /24. Contoh network address 172.16.0.0/18.
Analisa: 172.16.0.0 berarti kelas B, dengan Subnet Mask /18 berarti 11111111.11111111.11000000.00000000 (255.255.192.0).

Penghitungan:

1. Jumlah Subnet = 2^x, dimana x adalah banyaknya binari 1 pada 2 oktet terakhir. Jadi Jumlah Subnet adalah 2² = 4 subnet
2. Jumlah Host per Subnet = 2^y – 2, dimana y adalah adalah kebalikan dari x yaitu banyaknya binari 0 pada 2 oktet terakhir. Jadi jumlah host per subnet adalah 2¹⁴ – 2 = 16.382 host
3. Blok Subnet = 256 – 192 = 64. Subnet berikutnya adalah 64 + 64 = 128, dan 128+64=192. Jadi subnet lengkapnya adalah 0, 64, 128, 192.
4. Alamat host dan broadcast yang valid 

Subnet	172.16.0.0	172.16.64.0	172.16.128.0	172.16.192.0
Host Pertama	172.16.0.1	172.16.64.1	172.16.128.1	172.16.192.1
Host Terakhir	172.16.63.254	172.16.127.254	172.16.191.254	172.16.255.254
Broadcast	172.16.63.255	172.16.127.255	172.16.191.255	172.16..255.255

Berikutnya kita coba satu lagi untuk Class B khususnya untuk yang menggunakan subnetmask CIDR /25 sampai /30. Contoh network address 172.16.0.0/25.

Analisa: 172.16.0.0 berarti kelas B, dengan Subnet Mask /25 berarti 11111111.11111111.11111111.10000000 (255.255.255.128).

Penghitungan:

1. Jumlah Subnet = 2⁹ = 512 subnet
2. Jumlah Host per Subnet = 2⁷ – 2 = 126 host
3. Blok Subnet = 256 – 128 = 128. Jadi lengkapnya adalah (0, 128)
4. Alamat host dan broadcast yang valid?

Subnet	172.16.0.0	172.16.0.128	172.16.1.0	…	172.16.255.128
Host Pertama	172.16.0.1	172.16.0.129	172.16.1.1	…	172.16.255.129
Host Terakhir	172.16.0.126	172.16.0.254	172.16.1.126	…	172.16.255.254
Broadcast	172.16.0.127	172.16.0.255	172.16.1.127	…	172.16.255.255

Masih bingung juga? Ok sebelum masuk ke Class A, coba ulangi lagi dari Class C, dan baca pelan-pelan
SUBNETTING PADA IP ADDRESS CLASS A

Kalau sudah mantab dan paham, kita lanjut ke Class A. Konsepnya semua sama saja. Perbedaannya adalah di OKTET mana kita mainkan blok subnet. Kalau Class C di oktet ke 4 (terakhir), kelas B di Oktet 3 dan 4 (2 oktet terakhir), kalau Class A di oktet 2, 3 dan 4 (3 oktet terakhir). Kemudian subnet mask yang bisa digunakan untuk subnetting class A adalah semua subnet mask dari CIDR /8 sampai /30.

Kita coba latihan untuk network address 10.0.0.0/16.

Analisa: 10.0.0.0 berarti kelas A, dengan Subnet Mask /16 berarti 11111111.11111111.00000000.00000000 (255.255.0.0).

Penghitungan:

1. Jumlah Subnet = 2⁸ = 256 subnet
2. Jumlah Host per Subnet = 2¹⁶ – 2 = 65534 host
3. Blok Subnet = 256 – 255 = 1. Jadi subnet lengkapnya: 0,1,2,3,4, etc.
4. Alamat host dan broadcast yang valid?

Subnet	10.0.0.0	10.1.0.0	…	10.254.0.0	10.255.0.0
Host Pertama	10.0.0.1	10.1.0.1	…	10.254.0.1	10.255.0.1
Host Terakhir	10.0.255.254	10.1.255.254	…	10.254.255.254	10.255.255.254
Broadcast	10.0.255.255	10.1.255.255	…	10.254.255.255	10.255.255.255

Mudah-mudahan sudah setelah anda membaca paragraf terakhir ini, anda sudah memahami penghitungan subnetting dengan baik. Kalaupun belum paham juga, anda ulangi terus artikel ini pelan-pelan dari atas. Untuk teknik hapalan subnetting yang lebih cepat, tunggu di artikel berikutnya


Catatan: Semua penghitungan subnet diatas berasumsikan bahwa IP Subnet-Zeroes (dan IP Subnet-Ones) dihitung secara default. Buku versi terbaru Todd Lamle dan juga CCNA setelah 2005 sudah mengakomodasi masalah IP Subnet-Zeroes (dan IP Subnet-Ones) ini. CCNA pre-2005 tidak memasukkannya secara default (meskipun di kenyataan kita bisa mengaktifkannya dengan command ip subnet-zeroes), sehingga mungkin dalam beberapa buku tentang CCNA serta soal-soal test CNAP, anda masih menemukan rumus penghitungan Jumlah Subnet = 2^x – 2


Tahap berikutnya adalah silakan download dan kerjakan soal latihan subnetting. Jangan lupa mengikuti artikel tentang Teknik Mengerjakan Soal Subnetting untuk memperkuat pemahaman anda dan meningkatkan kemampuan dalam mengerjakan soal dalam waktu terbatas.
Source Mas Rommy.

REFERENSI

1. Todd Lamle, CCNA Study Guide 5th Edition, Sybex, 2005.
2. Module CCNA 1 Chapter 9-10, Cisco Networking Academy Program (CNAP), Cisco Systems.
3. Hendra Wijaya, Cisco Router, Elex Media Komputindo, 2004.

Berikut soal latihan, tentukan :
a) Alamat Subnet Mask,
b) Alamat Subnet,
c) Alamat Broadcast,
d) Jumlah Host yang dapat digunakan,
e) serta Alamat Subnet ke-3

dari alamat sebagai berikut:
1. 198.53.67.0/30
2. 202.151.37.0/26
3. 191.22.24.0/22

Saya coba berhitung-hitung seperti demikian
1. 198.53.67.0/30 –> IP class C:
Subnet Mask: /30 = 11111111.11111111.11111111.11111100 = 255.255.255.252

Menghitung Subnet:
Jumlah Subnet: 2⁶ = 64 Subnet
Jumlah Host per Subnet: 2² – 2 = 2 host
Blok Subnet: 256 – 252 = 4, blok berikutnya: 4+4 = 8, 8+4 = 12, dst…
jadi blok Subnet: 0, 4, 8, 12, dst…
Host dan broadcast yang valid:

Maka dari perhitungan diperoleh:

• Alamat Subnet Mask: 255.255.255.252
• Alamat Subnet: 198.53.67.0, 198.53.67.4, 198.53.67.8, 198.53.67.12, … , 198.53.67.252
• Alamat Broadcast: 198.53.67.3, 198.53.67.7, 198.53.67.11, 198.53.67.15 … 198.53.67.255
• Jumlah host yang dapat digunakan: 64×2 = 128
• Alamat Subnet ke-3: 198.53.67.8

2.202.151.37.0/26 -> IP class C
Subnet Mask: /26 = 11111111.11111111.11111111.11000000 = 255.255.255.192
Menghitung Subnet:
Jumlah Subnet: 2² = 4 Subnet
Jumlah Host per Subnet: 2⁶ – 2 = 62 host
Blok Subnet: 256 – 192 = 64, blok berikutnya: 64+64 = 128, 128+64 = 192
Jadi blok Alamat Subnet: 0, 64, 128, 192
Host dan broadcast yang valid:

Maka dari perhitungan diperoleh:

• Alamat Subnet Mask: 255.255.255.192
• Alamat Subnet: 202.151.37.0, 202.151.37.64, 202.151.37.128, 202.151.37.192
• Alamat Broadcast: 202.151.37.63, 202.151.37.127, 202.151.37.191, 202.151.37.255
• Jumlah host yang dapat digunakan: 4×62 = 248
• Alamat Subnet ke-3: 202.151.37.128

3.191.22.24.0/22 –> IP class B
Subnet Mask: /22 = 11111111.11111111.11111100.00000000 = 255.255.252.0
Menghitung Subnet:
Jumlah Subnet: 2⁶ = 64 Subnet
Jumlah Host per Subnet: 2²– 2 = 2 host
Jumlah Blok Subnet: 256 – 252 = 4, blok berikutnya: 4+4 = 8, 8+4 = 12, dst…
Jadi blok Alamat Subnet: 0, 4, 8, 12, 16, dst…
Alamat host yang valid:

• Alamat Subnet Mask: 255.255.252.0
• Alamat Subnet: 191.22.24.0, 191.22.24.4, 191.22.24.8, …, 191.22.24.252
• Alamat Broadcast: 191.22.24.3, 191.22.24.7, 191.22.24.11, …, 191.22.24.255
• Jumlah host yang dapat digunakan: 2×64 = 128
• Alamat Subnet ke-3: 191.22.24.8

Mohon kalo’ ada yang salah, silahkan dikoreksi
Source from : http://mti.ugm.ac.id/~subura/?p=8

By Unknown with No comments

Default Container Windows 2008

When you install Active Directory, several default containers and Organizational Units (OUs) are automatically created. The following table lists the default containers and their contents:

Container or OU	Contents
Builtin	The Builtin container holds default serviceadministrator accounts and domain local security groups. These groups are pre-assigned permissions needed to perform domain management tasks.
Computers	The Computers container holds all computers joined to the domain without a computer account. It is the default location for new computer accounts created in the domain.
Domain Controllers	The Domain Controllers OU is the default location for the computer accounts for domain controllers.
ForeignSecurityPrincipals	The ForeignSecurityPrincipals container holds proxy objects for security principals in NT 4.0 domains or domains outside of the forest.
LostAndFound	The LostAndFound container holds objects moved or created at the same time an Organizational Unit is deleted. Because of Active Directory replication, the parent OU can be deleted on one domain controller while administrators at other domain controllers can add or move objects to the deleted OU before the change has been replicated. During replication, new objects are placed in the LostAndFound container.
NTDS Quotas	The NTDS Quotas container holds objects that contain limits on the number of objects users and groups can own.
Program Data	The Program Data container holds application-specific data created by other programs. This container is empty until a program designed to store information in Active Directory uses it.
System	The System container holds configuration information about the domain including security groups and permissions, the domain SYSVOL share, DFS configuration information, and IP security policies.
Users	The Users container holds additional predefined user and group accounts (besides those in the Builtin container). Users and groups are pre-assigned membership and permissions for completing domain and forest management tasks.

Be aware of the following when managing the default containers:

• Default containers are automatically created and cannot be deleted.
• The Domain Controllers OU is the only default organizational unit object. All other containers are just containers, not OUs. As such, you cannot apply a GPO to any default container except for the Domain Controllers OU.
• To apply Group Policy specifically to objects within a default container (except for the
  Domain Controllers OU), move the objects into an OU that you create, then link the GPO.
• The LostAndFound, NTDS Quotas, Program Data, and System containers are hidden in Active Directory Users and Computers. To view these containers, click Advanced Features from the View menu.

By Unknown with No comments