Installing URT

Before you install URT, review the planning information in Chapter 1, "Planning for User Registration." Because URT is integral to the overall functioning of your network, careful planning prior to installation is essential to successful URT deployment.

If you are already using URT, and are upgrading to a new release, follow the upgrade instructions in Appendix B, "Upgrading from URT 1.1."

Install the CWSI Upgrade and User Registration Tool (URT) Management Interface

The URT management interface installation includes modules that upgrade CWSI, and integrate URT into CWSI.

Before You Begin

Before you can install URT, you must ensure that CWSI is installed on the machine. The machine must be running Windows NT 4.0.

You must log into the machine with an account that has Administrator privileges.

Procedure

You are asked whether the installation program can stop the ANI process. You must stop the ANI process for the installation to continue.

The CWSI Campus upgrade modules and the URT management interface are installed, and URT is added to the CWSI program group on the Start menu, and the ANI process is restarted.

Tips

To start the URT management interface, select Start>Programs>CWSI 2.3>Start User Registration Tool. You are prompted to log into the ANI server when you start URT.
URT is installed in the CWSI directory.

Install the URT Server

The URT server maintains user-to-VLAN mappings for the logon process. It also acts as a VLAN Membership Policy Server (VMPS) for the switches on the network.

Before You Begin

Read the planning information in Chapter 1, "Planning for User Registration" before you install the URT servers. This will help you effectively deploy URT in your network.

Because the URT service is central to user logons, install it on dedicated machines to ensure satisfactory network performance.

You must gather this information to successfully complete the installation of the URT servers:

Name of the ANI server (the server used by CWSI Campus). You can determine the ANI server name by looking in the etc\cwsi\ani.properties file in the installation directory for CWSI Campus. The AniName property defines the name of the ANI server. For example,

NT name of the machine on which the ANI server is running.
UDP port number. The default UDP port is 15000. Check to ensure that ports 15000, 15001, and 15002 are not used. If any of these ports are used, choose an unused port number. (URT also uses UDP port 1589.)

To determine if a port is available, enter the netstat -a -n command at a DOS prompt. Used port numbers are shown after the colon (:) in the Local Address column.

Whether you want to continue to use media access control (MAC)-based VLAN associations (which are created using the CWSI Campus UserTracking application). You can change this setting after you install the server. By default, URT server installation disables the ability to create MAC-to-VLAN mappings.

You should only install the URT servers on machines that have fixed IP addresses (that is, you should not install them on a server that dynamically obtains an IP address from a DHCP server, unless the machine has an unlimited lease on a particular IP address). If the IP address of a URT server changes, you must reconfigure VMPS on every switch that uses the URT server.

You must log into the machine with an account that has Administrator privileges.

Procedure

Once the installation program starts, follow the on-screen instructions. Enter the information you gathered before starting the installation.

Create the Initial URT Configuration

After you finish the URT installation, you must configure URT in order for URT to be active and working correctly on the network. You must know how to use the URT management interface in order to complete these tasks; see Chapter 3, "Getting Started with User Registration" for information on using the interface.

Procedure

You do not have to create any (or all) of these associations to have a valid URT configuration. Any users, groups, or organizational units not associated with a specific VLAN use the logon VLANs defined in Step 1.

Step 4

Click the Save to Database button, or select File>Save to Database to save the URT configuration.

The configuration becomes active on your network. However, users are not affected until you configure the switches to use the URT servers in Step 6.

This is only necessary if you have created MAC-to-VLAN mappings for non-Windows machines, and you want to continue to use these mappings.

At this point, MAC-based dynamic VLANs use the URT servers to determine VLAN membership, but no user-, group-, or organizational unit-based VLANs work until you install the URT client and script in Step 8 and Step 9.

URT can only switch users on dynamic ports to an associated VLAN. URT does not affect users on static ports.

Windows 95 and Windows 98 machines install the URT client automatically when the user logs into the network.

After you update the logon script on the domain controller or NetWare server, user logons are processed by URT, and your user-, group-, and organizational unit-based VLANs become active.

Set Up a URT Logon VLAN

The URT logon VLAN is assigned to users during the initial stages of logon, before URT can determine the correct VLAN. If you do not associate a user to a specific VLAN, the user remains in the URT logon VLAN.

Procedure

Step 3 In the VTP Domain Configuration Dialog window, select the appropriate settings, as described in Table 2-1.

Table 2-1 VTP Domain Configuration Dialog

Field	Description
VTP Domain	Shows the selected VTP domain. The VLAN you select will be for this domain only.
Logon VLAN	Select the VLAN that should be used as the default logon VLAN.
Subnet/Mask	Displays the subnet and mask pairs (for example, 10.10.10.0/255.255.255.240) that are used on the VLAN. URT uses all of these pairs: it does not matter which pair is displayed in the field. Adding, Changing, or Deleting Subnet/Mask Pairs for a VLAN It is important that all of the subnet and mask pairs used on the VLAN are shown in this field. If a pair is missing, click Add. In the resulting VLAN Configuration Dialog window, enter the IP addresses for the subnet and mask that are missing, and repeat until all pairs are reflected in the VTP Domain Configuration Dialog window. If an existing pair is incorrect, select it in the Subnet/Mask field and click Edit. Change the subnet or mask as required. If there is an extra pair (one that is not used on the VLAN), select it in the Subnet/Mask field and click Remove.

Field

Description

VTP Domain

Shows the selected VTP domain. The VLAN you select will be for this domain only.

Logon VLAN

Select the VLAN that should be used as the default logon VLAN.

Subnet/Mask

Displays the subnet and mask pairs (for example, 10.10.10.0/255.255.255.240) that are used on the VLAN. URT uses all of these pairs: it does not matter which pair is displayed in the field.

Adding, Changing, or Deleting Subnet/Mask Pairs for a VLAN

It is important that all of the subnet and mask pairs used on the VLAN are shown in this field. If a pair is missing, click Add. In the resulting VLAN Configuration Dialog window, enter the IP addresses for the subnet and mask that are missing, and repeat until all pairs are reflected in the VTP Domain Configuration Dialog window.

If an existing pair is incorrect, select it in the Subnet/Mask field and click Edit. Change the subnet or mask as required.

If there is an extra pair (one that is not used on the VLAN), select it in the Subnet/Mask field and click Remove.

Tips

Do not use the management VLAN as the URT logon VLAN. The management VLAN includes the IP addresses of the switches, and is usually VLAN 1.
Be sure you select a VLAN that has a subnet with sufficient IP addresses for all the users in the VTP domain. Otherwise, users might have problems logging into and out of the network, because they might not be able to obtain an IP address.
Your changes do not take effect until you save them to the URT database.
The Cisco discovery protocol (CDP) must be running on the routers in the network in order for URT to automatically pick up the subnet and mask information for a VLAN. If you are not running CDP, you must directly enter the subnet and mask information into URT.
You can determine the logon VLAN for a VTP domain by selecting the VTP domain's folder in URT. The Logon VLAN list in the right-hand pane shows the details.

Add NT and NDS Domains to the URT Domain List

You must add the NT domains and NDS directory trees you want URT to manage to the NT/NDS Domains folder in URT.

Procedure

Step 2 In the Domain Name window, select the name of the NT domain or NDS directory that you want to add. If the domain or directory is not in the drop-down list, enter it into the field.

URT creates a folder for the domain or directory, and all users defined on the NT domain controller or NetWare directory are listed in the new folder.

Tips

If there are a large number of users, groups, or organizational units in the domain or directory, it can take several minutes for URT to download the list from the domain controller or NetWare server.
Users, groups, and organizational units that are not assigned to a VLAN are shown with grayed icons.
Users, groups, and organizational units assigned to a VLAN are shown with blue icons.
If you add an NT domain or NDS directory to your network, remember to add the domain or directory to the URT database.
If your NT user account does not have Administrator authority in an NT domain that you are adding, you are prompted for a user name and password that does have Administrator authority. Enter the user name in the NT_domain\username format.
If you are not logged into the NDS directory that you are adding, you are prompted to log in with a user account that has browse and read privileges. If you are logged into NDS with a user account does not have browse and read privileges to the directory, you must exit URT and log into the NetWare network with an appropriate account.

Associate Users, Groups, or Organizational Units to VLANs

By associating a user, group, or organizational unit to a VLAN, you ensure that the user connects to the network in the appropriate VLAN, even if the user logs in on different machines or through different switch ports (for example, if the user's machine is a laptop). Because the user always connects to the network in the same VLAN, you can create security policies based on VLANs and avoid MAC-address-based VLAN mappings.

If you do not create a VLAN association for a user, but you create one for a group or organizational unit to which the user belongs, the user uses the VLAN associated to the group or organizational unit.

Before You Begin

Determine how you want to map users, groups, and organizational units to VLANs. Although you can change VLAN mappings later, if you develop a plan for user-to-VLAN mappings now, you can simplify your network management tasks.

If a user is likely to connect to the network from different locations, consider creating a VLAN mapping for every VTP domain the user is likely to access. To simplify VLAN associations, you can associate groups or organizational units to VLANs instead of users.

Procedure

Select the user, group, or organizational unit name in the list and select Edit>Associate VLAN.
Select the user, group, or organizational unit name in the list and click the Associate VLAN with Users/Groups button.

If you are adding more than one user, group, or organizational unit, you must use the button or the menu command.

Step 2 In the Associate VLAN window, select the appropriate settings as described in Table 2-2.

Table 2-2 Associate VLAN Window

Field	Description
VTP Domain	Select the VTP domain that contains the VLAN to which you want to map the user, group, or organizational unit.
VLAN	Select the VLAN that you want the user, group, or organizational unit to use.

Tips

You can select a range of users, groups, or organizational units by using Shift+click, or multiple individual users, groups, or organizational units by using Ctrl+click. All names you select must be associated with the same VLAN.
You cannot drag and drop users to the desired VLAN.
If a user belongs to a group or organizational unit, the user's VLAN association overrides the group or organizational unit VLAN association.

For Microsoft Networking, if there is no user VLAN association, and the user belongs to multiple groups, the VLAN association for the user's primary group takes precedence. If there is no primary group or no association for the primary group, URT selects the VLAN association for the first group in the groups list, scanning from top to bottom, to which the user belongs.

For NetWare, if there is no user VLAN association, the VLAN association for the organizational unit that directly contains the user takes precedence. If there is no association for that organizational unit, URT goes up the NDS tree until an organizational unit is encountered that has a VLAN mapping.

If a user is assigned to a VLAN, the user icon is shown in blue.
When you select a user that is assigned to a VLAN, the details of that assignment are shown in the list pane. If the user is currently logged into the network, the Login Information list shows the machines the user is logged in on.
You can map a user to one VLAN per VTP domain. If a user connects to the network in a VTP domain for which you have not provided a VLAN mapping, the user is logged into the default logon VLAN for the local VTP domain. The user also remains in the default logon VLAN if the assigned VLAN is not defined on the switch.
Your mapping does not take effect until you save your changes to the URT database. If the user was already assigned to a different VLAN, the user is changed into the new VLAN the next time the switch polls the VMPS server.
If your NT user account does not have Administrator authority in an NT domain that contains users whose VLAN assignments you are changing, you are prompted for a user name and password that does have Administrator authority. Enter the user name in the NT_domain\username format.
If you are not logged into the NDS directory that contains users whose VLAN assignments you are changing, you are prompted to log in with a user account that has browse and read privileges. If you are logged into NDS with a user account does not have browse and read privileges to the directory, you must exit URT and log into the NetWare network with an appropriate account.

Related Topics

Coordinate User-to-VLAN and MAC-to-VLAN Mappings

You can use the CWSI Campus UserTracking application to map MAC addresses (the address on the network interface card in a machine) to VLANs. However, in general, you should not create MAC-based mappings for machines normally used by a user associated to a VLAN in URT. If a user mapped in URT logs in on a machine mapped in UserTracking, the URT VLAN association always takes precedence.

If you are combining MAC-based mappings with user-based ones, you must use URT to update the VMPS tables with the information from UserTracking. You cannot use UserTracking to update these tables for switches that are using the URT servers.

Procedure

Related Topics

Using URT with CWSI Campus UserTracking (Chapter 1)

Configure the Switches to Use the URT Server as the VMPS Server

In order for URT to put a user into the VLAN you designate, the switch to which the user's machine is attached must be configured to use the URT server as a VMPS server. Switches use the VLAN Membership Policy Server (VMPS) to obtain information about VLANs and the users and machines assigned to the VLANs.

Configuring the switches to use the URT server is a one-time event. However, you must configure a switch whenever:

You add a new switch to the network (you only have to configure the new switch)
You add a URT server (you must add the URT server as a primary or secondary VMPS server to all the switches that you want to use the new URT server)
You remove a URT server (you must remove the URT server from the configuration of all switches that use it)

Before You Begin

Do an ANI discovery in CWSI Campus. This discovery ensures that all switches in your network are reflected in ANI, which is required for them to appear in URT.

Procedure

Step 3

Click the Configure VMPS on Switch button, or select Configure>Configure VMPS.

Step 4 In the VMPS Configuration Dialog, enter IP addresses for the first, second, and third VMPS server, and select whether the switch should use the server as a Primary or Secondary server.

Step 5 Click Set VMPS on Switches in the VMPS Configuration Dialog window.

Verification

You can verify that URT configured the switch by connecting to the switch and using the switches commands. For example, for Catalyst 5000 switches, open a connection to the switch's console (for example, using Telnet), and enter the show vmps command. The command should show that VMPS is disabled (this only indicates that there is not a VMPS server on the switch). If VMPS is not disabled, use the set vmps state disable command to disable it. The show vmps command should also show the URT server's IP address being used for the VMPS domain server.

Tips

In order for URT to configure VMPS on the switch, you must first set up the correct SNMP write community string for the switches in CWSI Campus. See the CWSI Campus documentation for more information.
The switch only shows up in URT if you perform an ANI discovery in CWSI Campus before starting URT. If you perform the discovery while URT is running, refresh the URT switch list by selecting the Switch folder and selecting View>Refresh.
You can select a range of switches by using Shift+click, or multiple individual switches by using Ctrl+click. All switches you select are assigned the same URT servers for use as VMPS servers. If you want all switches to use the same VMPS configuration, you can select the Switches folder or the VTP domain folder rather than select individual switches.
The switch uses the primary VMPS server unless it is unavailable, in which case the switch uses the secondary servers in the order you specify. You can determine which server the switch is currently using by selecting the switch in the folder pane and looking at the VMPS Address column, where the current server is indicated by "(Current Server)".
If all the URT servers a switch is using for VMPS servers are unavailable (due to network connectivity problems, or problems with the URT server machines), users connected to that switch are left in the default VLANs defined on the switch's ports. Users are not prevented from logging into the network.
You can only designate one URT server as the primary VMPS server for a given switch.
The IP addresses of the installed URT servers are listed in the URT Servers folder in the folder pane. You can determine which switches are configured to use a particular URT server by selecting the server. URT list pane (right-hand pane) shows the IP addresses of each switch that uses the URT server as a VMPS server, whether the switch uses it as a primary or secondary server, and whether the switch is actively using the server for VMPS.
You can use the switch's commands to set the URT servers as the switch's VMPS servers if you prefer using the command line.
You can balance the load among a set of URT servers by assigning a given URT server to be a primary VMPS server for some switches, and a secondary server for other switches. Do not make a single URT server the primary VMPS server for all of your switches (unless you only have one URT server).
You can turn off VMPS on a switch by entering blanks in the VMPS fields and clicking Set VMPS on Switches.

Related Topics

Rules of Thumb for URT Configuration Design (Chapter 1)

Change Switch Port State to Dynamic

URT can only change the VLAN for users attached to a dynamic switch port. If the user's switch port is static, URT only updates the UserTracking database with the user's name: the VLAN is not changed.

If you want URT to dynamically change the VLAN for a user, you must change the port state for the switch port to dynamic. Use the CWSI Campus UserTracking application, CiscoView 4.2, or the switch's commands to change the port state for a switch. CiscoView can change the state on any switch port, but UserTracking can only change ports that have been discovered by the application.

Procedure Using CiscoView

Tips when Using CiscoView

To change several ports at once, you can select multiple ports by using Ctrl+click, or by clicking and dragging the mouse to draw a box around the desired ports. Then, select Configure>Port, click the VLAN Port Admin Status box for each port, and select dynamic.

Procedure Using UserTracking

You can also get a list of switch ports by selecting Action>Discover>End User Nodes.

Step 4 For each port whose status you want to change, click the Port State column, and select dynamic. The port number is shown in the Port column.

Step 5 Select Action>Update Port States to change the port states on the switch.

Step 6 Any users active on ports whose status you changed must either reboot their workstations, or enter ipconfig /release and ipconfig /renew to update their IP address. On Windows NT machines, you must have Administrator authority to use the ipconfig command. On Windows 95 or Windows 98 machines, the command is winipcfg, and anyone can use it.

Install the URT Client Service on Windows NT Clients

You must install the URT client service on Windows NT clients (workstations or servers) for the machine to be managed by URT. The installation procedure is different for Microsoft Networking and NetWare clients, and they are described here separately.

Installing the Client Service on Microsoft Networking Windows NT Clients

If a Windows NT workstation is running Microsoft Networking, use this procedure to install the URT client. If the workstation is running both Microsoft Networking and NetWare networking, follow this procedure and the procedure in "Installing the URT Client on NetWare Windows NT Clients."

Before You Begin

Choose a time of day when most of the Windows NT machines should be up and running on the network (even if users are not logged onto the machine). You can only install the service on Windows NT machines that are running and connected to the network. Windows 95 and Windows 98 machines install the client service from the NT domain controller, so these machines do not need to be running when you install the client service. (Windows NT machines use a more restrictive security method, which prevents the client service from installing from the NT domain controller.)

For Microsoft Networking, you must have NT Administrator authority in an NT domain to install the URT client service on computers in that domain. If you are not logged in with an account with Administrator authority on the target NT domain, you are prompted for the user name and password. Enter the user name in the NT_domain\username format.

Procedure

A list of Windows NT clients is shown in the right-hand pane. The attributes are described in Table 2-3.

Table 2-3 NT Hosts: Right-Hand Pane (List Pane)

Field	Description
Name	The NT name of the client
Installed	The status of the URT client service on the machine: Installed. The service is installed. Installed Running. The service is installed and active. Query Pending. URT is waiting for a reply from the client. Service Query Error. URT could not determine the status of the service. This can mean: The machine is not currently running. The machine is running but does not have an IP address. This can happen if you are using the Release IP on logout option and no user is logged into the machine. The IP address for the machine has changed since the last time WINS was updated. After five to ten minutes, this problem should resolve itself. Not Installed. The service is not installed on the client.
Version	The version number for the URT client service, if it is installed.

Step 2 If you want to install the URT client service on all listed NT hosts, then do not select any hosts in the list. Otherwise, select the host on which you want to install the URT client service.

Step 3

Click the Install Client Service button, or select Configure>Install Client Service.

URT installs the service on the selected clients, and opens a message window so that you can follow the status of the installation.

Tips

You can only install the URT client service on machines that use DHCP. If a selected machine does not use DHCP, the client service installation fails with an appropriate message.
You can select multiple hosts by using Shift+click or Ctrl+click.
If you are installing the URT client service on all Windows NT machines in a domain, you can select the domain instead of the NT Hosts item in the domain folder, and click the Install Client Service button.
You must follow this procedure for every NT domain in your network.
You must reinstall the client service if you change the setting for Release IP address on logout on the Options dialog box. See "Ensuring that Logged-Out Users Do Not Hold an IP Address" in Chapter 4 for more information on this option.

Related Topics

Installing the URT Client on NetWare Windows NT Clients

If a Windows NT workstation is running NetWare networking, use this procedure to install the URT client. If the workstation is running both Microsoft Networking and NetWare networking, follow this procedure and the procedure in "Installing the Client Service on Microsoft Networking Windows NT Clients."

Before You Begin

For NetWare, you must have administrator or admin-equivalent authority to install the URT client service on computers defined in the NDS directory tree.

You must also have installed the Z.E.N. Works Starter Pack, and created the WINNT User Package and WINNT Workstation Package policy objects. These policy objects must be associated with the organizational object that contains the users and groups on whose workstations you will install the URT client. See the Novell documentation at http://www.novell.com for more information.

Procedure

Step 3 Double-click the WINNT Workstation Package in the NDS directory tree.

Step 5 In Create Schedule Action in the Create Scheduled Action window, enter a meaningful name for the action (for example, "Install URT") and click Create.

Step 6 Select the newly-created action in the Scheduled Action window and click Details:

Novellserver is the name of the server where you install the URT logon script. URT installs the client installation and uninstallation program on the server when the script is installed.

These settings will result in the URT client being installed the first time the user logs into the NetWare domain.

Tips

While you are creating the Install URT object, you might want to create an Uninstall URT object. This object would have the same properties described above, except the file name is \\Novellserver\sys\public\urt\UrtClientUninstall.bat. Ensure you deselect the Uninstall URT item in the Scheduled Action window, unless you are uninstalling the client. If you uninstall the client, ensure you deselect the Install URT object. See the Novell ZEN Works documentation for more information on uninstalling software from NetWare clients.

Related Topics

Install the URT Script on the Domain Controller

You must install the URT script on the domain controller or NetWare server, and update the domain controller's or NetWare server's logon script, in order for URT to intercept and handle user logons. You only need to do this once for each NT domain or NDS directory.

Before You Begin

When installing the script on Windows NT domain controllers, you must have NT Administrator authority in an NT domain to install the URT logon script on the domain controllers in that domain. If you are not logged in with an account with Administrator authority on the target NT domain, you are prompted for the user name and password. Enter the user name in the NT_domain\username format.

When installing the script on NetWare servers, you must have administrator or admin-equivalent authority.

Procedure

URT displays a list of NT domain controllers or NetWare servers found in the selected domain.

URT installs the URT script (urt.bat) on the domain controllers and NetWare servers, and displays a message dialog showing the status of the installation.

Tips

For Windows NT domain controllers, the urt.bat file is installed into the NETLOGON directory. This directory is %SYSTEMROOT%\system32\repl\import\scripts, where %SYSTEMROOT% is the root directory for the Windows NT operating system files. For example, if you installed Windows NT into the C:\WINNT directory, the NETLOGON directory is C:\WINNT\system32\repl\import\scripts.
You must repeat this procedure for every NT domain or NDS directory in your network.
If an NT domain or NDS directory is missing from the NT/NDS Domains folder in URT, you must manually add it. Select Edit>Add Domain and enter the name of the missing domain or directory.
If one of the backup NT domain controllers is unavailable during client installation, the logon scripts are copied to that controller if you have set NT replication to include logon scripts. If you are not using replication for logon scripts, you must update the logon script on all domain controllers.
Do not edit the urt.bat file.
To edit the logon script on the NT domain controller, you must log into the machine with an account that has Administrator privileges, or be able to connect to the drive containing the script from another workstation where you have logged in with Administrator privileges.
If you do not already have a logon script, you either must create one, or associate users directly with urt.bat as the logon script. To associate users with a logon script for Microsoft Networks, from the NT domain controller:

You must reinstall the URT script if:

You change the setting for Release IP address on logout on the Options dialog.
You add, remove, or move a URT server.

Detailed Example of Network Configuration for URT

This is an example of how you would set up the DHCP server, Windows NT and Novell NetWare domain controllers, routers, switches, and URT for a small network. This example will help you understand the interrelationship between these network elements. This example is taken from a working Cisco development network.

There are four subnets, each assigned to a separate VLAN.
There is one Windows NT domain controller and one NetWare directory.
There is one Windows NT domain, ENG_NMBU_UAN.
There is one NetWare directory, URT_TEST.
There is one router, which is a module in a Catalyst 5000.
There is one switch, a Catalyst 5000.
The one URT server resides on the same workstation as CWSI Campus. This is not recommended for production networks, however, because the URT server's performance is important for efficient network logons. In your production network, install the URT server on a dedicated machine.
The one DHCP server is the Cisco Network Registrar, and it resides on the Windows NT domain controller.

Procedure

Step 2 If you have not already done so, install a DHCP server following the instructions in the documentation for the product. When the DHCP server is installed, define the subnets required in your network, and assign an IP address pool for each subnet. In our test network, we have four subnets:

Vlan2, which covers addresses 10.10.10.0 through 10.10.10.254
Vlan3, which covers addresses 10.10.11.0 through 10.10.11.254
Vlan4, which covers addresses 10.10.12.0 through 10.10.12.254
Vlan5, which covers addresses 10.10.13.0 through 10.10.13.254

Figure 2-2 shows the properties of one of these subnets, Vlan2. This shows the range of addresses included in the scope of the subnet. The scope is called Vlan2 for convenience—there is no direct relationship between the VLANs defined on the switches and the DHCP scopes.

Figure 2-3 shows the Vlan2 scope policies, which define the router interface. In Vlan2, the router interface is 10.10.10.1.

Figure 2-4 shows how addresses are reserved in Vlan2. Instead of defining all reserved addresses, with Cisco Network Registrar, you can have the DHCP server ping an address before leasing it. If an address is already being used, as is the case with static addresses, Cisco Network Registrar does not try to assign the address to another user.

10.10.10.12 is the NetWare directory.
10.10.10.13 is the network management workstation, which runs CWSI Campus, URT, and the URT server.
10.10.10.14 is the Windows NT domain controller.

Subnet 10.10.11.0 uses 10.10.11.1 for interface Vlan3.
Subnet 10.10.12.0 uses 10.10.12.1 for interface Vlan4.
Subnet 10.10.13.0 uses 10.10.13.1 for interface Vlan5.

Step 3 If you have not already done so, create the required interfaces on the router. Here is the interface output from the show config command for the router on this sample network, with the first interface omitted:

Step 4 If you have not already done so, create VLANs on the switches using the CWSI Campus VlanDirector application (or the switch's command line). In this sample network, there are four VLANs:

vlan2, for subnet Vlan2 (10.10.10.0)
vlan3, for subnet Vlan3 (10.10.11.0)
vlan4, for subnet Vlan4 (10.10.12.0)
vlan5, for subnet Vlan5 (10.10.13.0)

Figure 2-5 shows how this looks in VlanDirector, with a few extra VLANs defined but not used on the example network.

Step 6 Complete the configuration steps described in "Create the Initial URT Configuration." These steps show the specific entries for this sample network:

Figure 2-6 shows the results of assigning vlan2 as the logon VLAN for the uan VTP domain. In the Subnet/Mask field of the VTP Domain Configuration Dialog window, you can see the subnet used by vlan2. This subnet was defined in DHCP in Step 2. If you click Add or Edit in this window, you can see the VLAN Configuration Dialog window (also shown in the figure) with the subnet and mask. You can add or change the subnet/mask pair if URT discovers the incorrect addresses.

After these steps are complete, user logons are directed through the URT servers during the Windows NT network logon. URT then resets the switch port to the VLAN you assigned the user.

Table of Contents

Installing URT

Install the CWSI Upgrade and User Registration Tool (URT) Management Interface

Before You Begin

Procedure

Tips

Install the URT Server

Before You Begin

Procedure

Create the Initial URT Configuration

Procedure

Set Up a URT Logon VLAN

Procedure

Tips

Add NT and NDS Domains to the URT Domain List

Procedure

Tips

Associate Users, Groups, or Organizational Units to VLANs

Before You Begin

Procedure

Tips

Related Topics

Coordinate User-to-VLAN and MAC-to-VLAN Mappings

Procedure

Related Topics

Configure the Switches to Use the URT Server as the VMPS Server

Before You Begin

Procedure

Verification

Tips

Related Topics

Change Switch Port State to Dynamic

Procedure Using CiscoView

Tips when Using CiscoView

Procedure Using UserTracking

Install the URT Client Service on Windows NT Clients

Installing the Client Service on Microsoft Networking Windows NT Clients

Before You Begin

Procedure

Tips

Related Topics

Installing the URT Client on NetWare Windows NT Clients

Before You Begin

Procedure

Tips

Related Topics

Install the URT Script on the Domain Controller

Before You Begin

Procedure

Tips

Detailed Example of Network Configuration for URT

Procedure