+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 41
Wired Networks Thread, VLANs not seeing internet in Technical; what is the gateway set to on the INSIDE clients? Rob...
  1. #16

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    what is the gateway set to on the INSIDE clients?

    Rob

  2. #17

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by twin--turbo View Post
    what is the gateway set to on the INSIDE clients?

    Rob
    'INSIDE' clients are using 10.43.50.1 as their gateway as set via DHCP.

    I'm going to try and contact the LEA Network Team and see if I can talk directly to the engineers (I've dealt with them before) and see if I can get the change made today. Fingers crossed!

    Pete

  3. #18

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Spoken to Local Authority Network team and they are unwilling to make any change. Seems either I don't understand or they don't as he didn't really understand how our switch would do the routing and would need a router to make this work.

    Roll Back... !

    Pete

  4. #19

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,517
    Thank Post
    526
    Thanked 2,641 Times in 2,045 Posts
    Blog Entries
    24
    Rep Power
    923
    Quote Originally Posted by FragglePete View Post
    Spoken to Local Authority Network team and they are unwilling to make any change. Seems either I don't understand or they don't as he didn't really understand how our switch would do the routing and would need a router to make this work.

    Roll Back... !

    Pete
    That's stupid, go over his head - your switch is a router.

  5. #20

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by localzuk View Post
    That's stupid, go over his head - your switch is a router.
    Not sure how well that'll go down. I'm trying to find another school in Swindon that uses this approach and talk to them. I'm miffed. My network is currently stuck within one very small VLAN until I can either get this resolved, or roll back to how we were. I'm running out of time.

    Pete

  6. #21

    Join Date
    May 2012
    Posts
    168
    Thank Post
    21
    Thanked 26 Times in 17 Posts
    Rep Power
    10
    Quote Originally Posted by FragglePete View Post
    Not sure how well that'll go down. I'm trying to find another school in Swindon that uses this approach and talk to them. I'm miffed. My network is currently stuck within one very small VLAN until I can either get this resolved, or roll back to how we were. I'm running out of time.

    Pete
    u could always use a local proxy server as a temp solution.. i use a proxy for our internet on the vlans

  7. #22

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by victory2012 View Post
    u could always use a local proxy server as a temp solution.. i use a proxy for our internet on the vlans
    Appreciate what your saying - but clients use a SWGfL Proxy address already to access the internet, so would cause issues.

    I'm sitting here fuming, absolutely pi**ed off and in need of EduHobnobs. I'm waiting for a call back from the LEA Head of Children Services IT, but now thinking what my options are.

    What to use? Suggestions welcomed.

    Pete

  8. #23

    Join Date
    May 2012
    Posts
    168
    Thank Post
    21
    Thanked 26 Times in 17 Posts
    Rep Power
    10
    Quote Originally Posted by FragglePete View Post
    Appreciate what your saying - but clients use a SWGfL Proxy address already to access the internet, so would cause issues.

    I'm sitting here fuming, absolutely pi**ed off and in need of EduHobnobs. I'm waiting for a call back from the LEA Head of Children Services IT, but now thinking what my options are.

    What to use? Suggestions welcomed.

    Pete
    so does mine, as i set the lea proxy as the upstream proxy on our local proxy server then set the clients to the local proxy

  9. #24

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by victory2012 View Post
    so does mine, as i set the lea proxy as the upstream proxy on our local proxy server then set the clients to the local proxy
    Issue may arise when staff switch to the staff proxy and the upstream is 'hard wired' to the main proxy. What are you using for the proxy server?

    Pete

  10. #25

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    They need their router to have the subnet changed and then 3 further static routing entries for the 3 other vlans usign the core as the next hop address. Simple stuff but LEA's don't like to do it.

    We always used to hide behind our own firewall ( own internal IP ranges ) and just a single RBC address on the outside. Saved our bacon once when they got a virus out of control.


    Proxy with upstream proxy will work for soem stuff but anythign trying non standard protcols will not work.

    Rob

  11. Thanks to twin--turbo from:

    FragglePete (8th August 2013)

  12. #26

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    904
    Thank Post
    287
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by twin--turbo View Post
    They need their router to have the subnet changed and then 3 further static routing entries for the 3 other vlans usign the core as the next hop address. Simple stuff but LEA's don't like to do it.

    We always used to hide behind our own firewall ( own internal IP ranges ) and just a single RBC address on the outside. Saved our bacon once when they got a virus out of control.


    Proxy with upstream proxy will work for soem stuff but anythign trying non standard protcols will not work.

    Rob
    Recommendation on a firewall ?

    Pete

  13. #27

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    Quote Originally Posted by FragglePete View Post
    Recommendation on a firewall ?

    Pete
    back then it was a linux box, now we are on a cisco ASA5520 but you probably don't want one of them.

    Free - pFsense would do the job if you have an old PC with 2 NICS .

    Or you could use somethink like a Draytek 2830N which has a wan port ( well 3 actualy ) and 4 internal ports.

    Your probably going to have to change your internal IP adressing away from a clash with the LEA though.

    At least it gets you ready for teh day when you dump the LEA.

    Rob

  14. #28
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,006
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109
    Can you do a route print on the switch and paste it, I have a suspicion about something but I can't quite picture it looking at your config.

  15. #29

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    Quote Originally Posted by ChrisH View Post
    Can you do a route print on the switch and paste it, I have a suspicion about something but I can't quite picture it looking at your config.

    I doubt it will make a difference, the LEA router is expecting all IP's to be on the same subnet/vlan. But 75% are now on other vlans and the LEA router has no idea that it needs a next hop IP to get to these other VLANS.

    TT

  16. #30

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Just to take a step back, is your inter-VLAN routing working? There are some settings in your RIP config that appear unusual to me. Might want to go thought this doco just to double check:

    http://www.hp.com/rnd/support/config...l_portbase.pdf

    http://www.hp.com/rnd/support/config...ip_routing.pdf

    Your core switch config overall looks rather unusual to me as well. any reason you are using both 172.x.x.x and 10.x.x.x. IP addressing in your network? The whole "INSIDE" and "OUTSIDE" VLAN configuration has me a bit confused about what you are trying to do with your VLAN segmentation.

    Here is the config from our core switch and an endpoint switch. We use a lot of VLANs and routing and default gateway has worked perfectly for 4 years like this. You'll notice that the default gateway for the endpoint switch is the core switch IP address. The default gateway for the core switch is our firewall. We use an Ubuntu server as the DHCP server on our network and the only "ip helper-address" setting points to this server as you'll note.

    p.s. the endpoint switch config is in a following post, I reached the maximum length of a post with both it appears.

    ; J4850A Configuration Editor; Created on release #E.11.10

    hostname "a15-5304xl-01"
    snmp-server contact "ICT Manager"
    snmp-server location "Network Rack 1"
    max-vlans 48
    module 1 type J4907A
    module 2 type J4907A
    module 3 type J4878B
    module 4 type J4878B
    interface A1
    name "Server Access"
    exit
    interface A2
    name "User Access"
    exit
    interface A3
    name "User Access"
    exit
    interface A4
    name "User Access"
    exit
    interface A5
    name "User Access"
    exit
    interface A6
    name "User Access"
    exit
    interface A7
    name "Server"
    exit
    interface A8
    name "User Access"
    exit
    interface A9
    name "User Access"
    exit
    interface A10
    name "User Access"
    exit
    interface A11
    name "User Access"
    exit
    interface A12
    name "User Access"
    exit
    interface A13
    name "To a20-2610-01 26"
    exit
    interface A14
    name "User Access"
    exit
    interface A15
    name "Trunk To a15-4208vl-01 C2"
    no lacp
    exit
    interface A16
    name "Trunk To a15-4208vl-01 C4"
    no lacp
    exit
    interface B1
    name "Server Access"
    exit
    interface B2
    name "Server Access"
    exit
    interface B3
    name "Server Access"
    exit
    interface B4
    name "Server Access"
    exit
    interface B5
    name "Server Access"
    exit
    interface B6
    name "Server Access"
    exit
    interface B7
    name "Server Access"
    exit
    interface B8
    name "Server Access"
    exit
    interface B9
    name "Server Access"
    exit
    interface B10
    name "Server Access"
    exit
    interface B11
    name "Server Access"
    exit
    interface B12
    name "Server Access"
    exit
    interface B13
    name "Server Access"
    exit
    interface B14
    name "User Access"
    exit
    interface B15
    name "Trunk To a15-4208vl-01 D22"
    no lacp
    exit
    interface B16
    name "Trunk To a15-4208vl-01 D24"
    no lacp
    exit
    interface C1
    name "To s11-2810g-01 24"
    exit
    interface C2
    name "To b2-2520g-01 24"
    exit
    interface C3
    name "To i8-2810g-01 24"
    exit
    interface C4
    name "To d2-2520g-01 21"
    exit
    interface D1
    name "To u1-2520g-01 24"
    exit
    interface D2
    name "To elc-hp2520g-01 24"
    exit
    interface D3
    name "To g1-hp2510g-01 48"
    exit
    interface D4
    name "To vce-hp2520g-01 24"
    exit
    trunk A15-A16,B15-B16 Trk1 LACP
    ip default-gateway 172.17.2.254
    sntp server 172.17.3.35
    sntp server 172.17.3.101
    sntp server 172.17.3.102
    ip routing
    timesync sntp
    sntp unicast
    snmp-server community "public" Unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged C1-C4,D1-D4,Trk1
    no ip address
    no untagged A1-A14,B1-B14
    exit
    vlan 2
    name "NET"
    ip address 172.17.2.240 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 3
    name "SERVER"
    untagged A1-A3,A5-A14,B1-B14
    ip address 172.17.3.254 255.255.255.0
    tagged C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 4
    name "SECURITY"
    ip address 172.17.4.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 10
    name "A-LAN"
    ip address 172.17.10.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 20
    name "B-LAN"
    ip address 172.17.20.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 22
    name "B-VOIP"
    ip address 172.17.22.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    voice
    exit
    vlan 30
    name "D-LAN"
    ip address 172.17.30.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 32
    name "D-VOIP"
    ip address 172.17.32.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    voice
    exit
    vlan 40
    name "G-LAN"
    ip address 172.17.40.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 50
    name "I-LAN"
    ip address 172.17.50.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 60
    name "P-LAN"
    ip address 172.17.60.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 62
    name "P-VOIP"
    ip address 172.17.62.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    voice
    exit
    vlan 70
    name "S-LAN"
    ip address 172.17.70.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 5
    name "PRINTER"
    ip address 172.17.5.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 9
    name "ADMIN"
    ip address 172.17.9.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 80
    name "U-LAN"
    ip address 172.17.80.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 82
    name "U-VOIP"
    ip address 172.17.82.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    voice
    exit
    vlan 90
    name "VCE-LAN"
    ip address 172.17.90.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 100
    name "ELC-LAN"
    ip address 172.17.100.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    ip igmp
    exit
    vlan 101
    name "ELC-WIFI"
    ip address 172.17.101.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 200
    name "WIFI200"
    ip address 172.17.200.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 52
    name "I-VOIP"
    ip address 172.17.52.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    voice
    exit
    vlan 208
    name "WIFI208"
    ip address 172.17.215.254 255.255.252.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 202
    name "WIFI202"
    ip address 172.17.205.254 255.255.254.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 206
    name "WIFI206"
    untagged A4
    ip address 172.17.208.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 214
    name "WIFI214"
    ip address 172.17.216.254 255.255.255.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    vlan 216
    name "WIFI216"
    ip address 172.17.223.254 255.255.252.0
    ip helper-address 172.17.3.100
    tagged A13,C1-C4,D1-D4,Trk1
    exit
    fault-finder bad-driver sensitivity high
    fault-finder bad-transceiver sensitivity high
    fault-finder bad-cable sensitivity high
    fault-finder too-long-cable sensitivity high
    fault-finder over-bandwidth sensitivity high
    fault-finder broadcast-storm sensitivity high
    fault-finder loss-of-link sensitivity high
    fault-finder duplex-mismatch-HDx sensitivity high
    fault-finder duplex-mismatch-FDx sensitivity high
    ip route 0.0.0.0 0.0.0.0 172.17.2.253
    spanning-tree
    spanning-tree A1 bpdu-protection
    spanning-tree A2 bpdu-protection
    spanning-tree A3 bpdu-protection
    spanning-tree A4 bpdu-protection
    spanning-tree A5 bpdu-protection
    spanning-tree A6 bpdu-protection
    spanning-tree A7 bpdu-protection
    spanning-tree A8 bpdu-protection
    spanning-tree A9 bpdu-protection
    spanning-tree A10 bpdu-protection
    spanning-tree A11 bpdu-protection
    spanning-tree A12 bpdu-protection
    spanning-tree A14 bpdu-protection
    spanning-tree B1 bpdu-protection
    spanning-tree B2 bpdu-protection
    spanning-tree B3 bpdu-protection
    spanning-tree B4 bpdu-protection
    spanning-tree B5 bpdu-protection
    spanning-tree B6 bpdu-protection
    spanning-tree B7 bpdu-protection
    spanning-tree B8 bpdu-protection
    spanning-tree B9 bpdu-protection
    spanning-tree B10 bpdu-protection
    spanning-tree B11 bpdu-protection
    spanning-tree B12 bpdu-protection
    spanning-tree B13 bpdu-protection
    spanning-tree B14 bpdu-protection
    spanning-tree Trk1 priority 4
    spanning-tree bpdu-protection-timeout 300 priority 4 force-version RSTP-operation
    ip multicast-routing
    ip ssh
    router rip
    exit
    router pim
    exit
    vlan 3
    ip pim all
    exit
    vlan 9
    ip pim all
    exit
    vlan 10
    ip pim all
    exit
    vlan 20
    ip pim all
    exit
    vlan 30
    ip pim all
    exit
    vlan 40
    ip pim all
    exit
    vlan 50
    ip pim all
    exit
    vlan 60
    ip pim all
    exit
    vlan 70
    ip pim all
    exit
    vlan 80
    ip pim all
    exit
    vlan 90
    ip pim all
    exit
    vlan 100
    ip pim all
    exit
    loop-protect A1,A3,A5-A6,A8,A10-A14,B1-B14,C1-C4,D1-D4,Trk1
    loop-protect disable-timer 300
    password manager
    password operator


    ------------------–-----------



SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. laptop not getting internet at home
    By mant01 in forum Windows
    Replies: 12
    Last Post: 2nd October 2008, 11:32 AM
  2. AD user not seeing home dir
    By torledo in forum Windows
    Replies: 3
    Last Post: 28th April 2008, 12:20 PM
  3. VLAN for guest internet access
    By plexer in forum How do you do....it?
    Replies: 3
    Last Post: 17th December 2007, 01:50 PM
  4. Clients Not Seeing RIS
    By thegrassisgreener in forum Windows
    Replies: 7
    Last Post: 22nd November 2007, 04:16 PM
  5. Adding vLAN not working on HP Procurve
    By mrforgetful in forum Wireless Networks
    Replies: 21
    Last Post: 2nd March 2007, 12:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •