|
Because all user logons to Windows NT domains or Novell Directory Services (NDS) directories use VLAN Policy Servers (VPSs), the VPSs must run smoothly and reliably. For web logons, VPSs authenticate users and use a web server to download the web logon page.
These topics describe how to manage your VPSs:
You can add VPSs to help balance the logon load and ensure better network performance.
Step 2 Click Add or select Edit>Add.
The Add URT VPS dialog box is displayed.
Step 3 Enter the IP address of the VPS and the appropriate port.
Step 4 Click Add.
URT displays a dialog box for each configured domain server or NDS NetWare server.
Step 5 To install the URT logon script on each domain server, click Yes in each dialog box.
To balance the logon load across all VPSs, you must decide which switches should be reconfigured to use the new VPS.
Step 6 Configure these switches to use the new server as a primary or secondary server by selecting the desired switches, then clicking Configure Device or selecting Customize>Configure.
Before you delete a VPS, you should reconfigure switches that use that server. After you delete a VPS, you must reinstall the URT logon script to make sure that clients do not try to use the deleted server.
Note If the deleted VPS was used for web logons and as a DNS, you must also change the settings on the DHCP server. |
Step 2 Configure those switches to use other VPSs.
For more information about configuring switches, see the "Configuring Switches to Use a VPS" section.
Tip To determine which switches use a VPS, select the server; switches for that VPS are displayed in the VPS Clients list on the right pane. |
Step 3 From the URT VPSs folder, select the server to delete.
Step 4 Click Delete or select Edit>Delete.
URT displays a dialog box for each configured domain server or NDS NetWare server.
Step 5 To install the revised logon script on each domain server, click Yes in each dialog box.
Note Reinstalling the logon script ensures that the URT Client Module does not try to communicate with the deleted VPS. |
If you prefer, you can use the switch command-line interface (CLI) to change the VMPS configuration on the switch.
VPSs are listed by IP address in the URT VPSs folder. You can view more detailed information about the servers or change configuration settings.
Tip To view the most recent entries in a VPS log file, select a server, then select View>Watch Server Log File. |
Table 3-1 describes the fields displayed in the configuration window.
Table 3-1 URT VPS Configuration Window
Step 2 Click OK.
Note For more information about the time the URT Administrative Server refreshes the VPS with user data, see the "Enabling Trace and Refreshing User Data" section. |
A log file is created for each URT VPS. By default, diagnostic and debugging information is included in the log file, but you can omit this information by disabling trace for the server.
You can open a Watch Server Log File window for each VPS. The VPS IP address is displayed in the title bar of the Watch Server Log File window.
For more information about enabling or disabling trace, see the "Viewing and Configuring VPS Characteristics" section.
You can view the most recent entries in the log files and monitor new entries as they are added.
Step 2 Select View>Watch Server Log File.
You can view the complete contents of a VPS log file.
Step 2 Select Server Configuration>Diagnostics>View Server Logs. (The log file for the VPS is UrtVpsServer.log.)
Note Interactions between the URT Administrative Server and the VPS are also logged. For more information, see the "Enabling Trace and Refreshing User Data" section. |
Before URT can place a user into a VLAN, you must configure the switch to which the user's system is attached to use the VPS as a VMPS. Switches use the VPS to obtain information about VLANs and the users and systems assigned to those VLANs.
You must configure a switch whenever:
When you configure switches to use a VPS, the VPS begins assigning users to VLANs. If the domain servers in the network have not yet been configured to run the logon script, users are assigned to MAC-based dynamic VLANs or the default logon VLAN.
For more information, see the "Setting Domain Logon Options" section.
You can use more than one VPS to provide fault tolerance. You can install two or more VPSs and configure the switches to alternate between the server that is used as the primary server and the server that is used as the secondary server.
Note You can designate up to two secondary VPSs for each switch. |
By using more than one server, you ensure network connectivity even if one server becomes unavailable.
Keepalive packets are sent to the VPSs every 60 seconds to determine if they are up and running. If all VPSs fail, users connected at the time of failure are not affected. Users who power up or try to log onto switches that use the failed servers are placed in the default VLAN defined on the switch (for static ports) or the VLAN to which they are currently connected (for dynamic ports).
If a user is connected to a dynamic port and restarts (or initially switches on) the workstation while all VPSs are down, that user cannot be connected to a VLAN.
Note This is the only situation in which URT can prevent a user from connecting to the network. |
Caution You must configure switches using the URT main window; do not use the switch command line. |
For URT to configure VMPS on a switch, you must first set the correct SNMP write community string for the switch.
Step 2 Select the switch to configure.
Tip |
Step 3 Click Configure Device or select Customize>Configure.
The Device Configuration dialog box is displayed.
Step 4 Select the IP address for the first, second, and third VPS.
Step 5 Select whether the switch should use the server as a primary or secondary server.
Step 6 In the Reconfirm Interval text box, enter a value of 60 minutes or less.
A reconfirm interval of 60 minutes reconfirms the VPS once each hour. Reconfirming more frequently puts more load on your switches.
Step 7 In the Retry Attempts text box, enter 3 (the default).
This is the number of times a switch retries to reconfirm before going to a secondary VPS.
Step 8 Click OK.
Note To determine which server the switch is using, select the switch, then look at the VPS Address column. |
Note Do not designate a single VPS the primary server for all switches unless you have only one VPS. |
To verify that URT configured the switch, telnet to the switch and use the show vmps command. The results should show that VMPS is disabled, indicating that there is no VMPS on the switch.
If the VMPS is enabled, use the set vmps state disable command to disable it. The show vmps command should also show the URT VPS IP address being used for the VMPS domain server.
Note For the appropriate commands, see your switch documentation. |
The retry attempts value is the number of times a switch retries a reconfirm before going to a secondary VPS. Three retries are recommended.
You can view and edit the reconfirm interval and retry setting for most switches. For more information, see the "Configuring Switches From the URT Main Window" section.
Note Some switches do not allow you to edit the reconfirm and retry settings. |
The VPSs refresh their lists of NT group members once a day at the time specified in the URT options. For information about setting the related options, see the "Enabling Trace and Refreshing User Data" section.
You can also check manually by clicking Refresh or selecting View>Refresh.
If you make many changes to NT group membership, those changes do not affect user logons until the VPSs refresh their lists.
You can enter a list of domain controllers for each domain to determine the order the Administrative Server should use during group refreshes. During a refresh, the Administrative Server checks the domain controllers in the order you specify. If the first controller in the list is unavailable, it checks the next one on the list, and so on. For more information, see the "Configuring Domain Options" section.
You can force URT to update the NT group lists.
Step 2 Select Configure>Update URT VPS Group Entries.
The VPSs update the group and organizational unit membership lists with the information currently in the domain servers.
Posted: Tue May 20 18:35:07 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.