In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
In order to improve the network security of the office area, all station ports are required to open 802.1x authentication, and clients that have not passed the authentication or have timed out of authentication will be assigned to the Guest VLAN isolated from the office network.
For machines that already have an operating system installed, you only need to turn on the relevant services, but there is a problem when you need to use MDT deployment services.
Normal MDT deployment process:
Insert the network cable-boot-select the network card to start-get the IP- from the WDS server get the startup image from the WDS service-enter the PE- select deployment sequence-deploy
Start the process after 1x certification:
Plug in the network cable-power on-select the network card to start-unable to get IP- to exit PXE Boot
You can see that after 1x authentication is turned on, because the machine is assigned to the Guest VLAN and cannot interact with the MDT properly, the network cannot be started, so how to solve the problem?
1: add the server address of MDT to the IP Helper-address of Guest VLAN
2: after the first step is completed, you can deploy the system using MDT. If you want to restrict Guest VLAN access to the server as much as possible, you can do the following:
Ip access-list extended guest-vlan / / create ACLpermit tcp any host eq 135for MDT server RPC service permit tcp any host eq 9800 / / for MDT server file transfer permit tcp any host eq 9800 / / for MDT server file transfer process monitoring permit tcp any host eq 9801 / / ditto permit udp any host / / MDT service UDP protocols are mostly dynamic ports
If the machines deployed by MDT need to add domains, you also need to allow the relevant ports required by adding domains in ACL.
Permit udp any host eq 42 / / WINS copy permit udp any host eq 53 / / DNSpermit udp any host eq 88 / / Kerberospermit udp any host eq 135 / / RPCpermit udp any host eq 137 / / NetBIOS name Service permit udp any host eq 138 / / NetBIOS Datagram Service permit udp any host eq 389 / / LDAP pingpermit udp any host eq 445 / / Microsoft-DS trafficpermit udp any host eq 1512 / / WINS parses permit tcp any host / / DC authentication TCP protocols are mostly dynamic ports
(PS: because the project has been completed, this article can only solve the ideas and notes for note-taking.)
-END
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
