+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 41 of 41
Wired Networks Thread, VLANs not seeing internet in Technical; ; J9299A Configuration Editor; Created on release #J.14.01 hostname "f2-2520-01" max-vlans 32 interface 1 name "User Access" exit interface 2 ...
  1. #31

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    ; J9299A Configuration Editor; Created on release #J.14.01

    hostname "f2-2520-01"
    max-vlans 32
    interface 1
    name "User Access"
    exit
    interface 2
    name "User Access"
    exit
    interface 3
    name "User Access"
    exit
    interface 4
    name "User Access"
    exit
    interface 5
    name "User Access"
    exit
    interface 6
    name "User Access"
    exit
    interface 7
    name "User Access"
    exit
    interface 8
    name "User Access"
    exit
    interface 9
    name "User Access"
    exit
    interface 10
    name "User Access"
    exit
    interface 11
    name "User Access"
    exit
    interface 12
    name "User Access"
    exit
    interface 13
    name "User Access"
    exit
    interface 14
    name "User Access"
    exit
    interface 15
    name "User Access"
    exit
    interface 16
    name "User Access"
    exit
    interface 17
    name "User Access"
    exit
    interface 18
    name "User Access"
    exit
    interface 19
    name "User Access"
    exit
    interface 20
    name "User Access"
    exit
    interface 21
    name "Diagnostic"
    exit
    interface 22
    name "User Access"
    exit
    interface 23
    name "User Access"
    exit
    interface 24
    name "To e2-2520g-01 23"
    exit
    ip default-gateway 172.17.2.240
    vlan 1
    name "DEFAULT_VLAN"
    untagged 23-24
    no untagged 1-22
    no ip address
    exit
    vlan 2
    name "NET"
    untagged 20-22
    ip address 172.17.2.20 255.255.255.0
    tagged 24
    exit
    vlan 3
    name "SERVER"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 4
    name "SECURITY"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 10
    name "A-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 20
    name "B-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 22
    name "B-VOIP"
    tagged 24
    voice
    no ip address
    exit
    vlan 30
    name "D-LAN"
    untagged 4,7,10-19
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 32
    name "D-VOIP"
    untagged 5,8
    tagged 24
    voice
    no ip address
    exit
    vlan 40
    name "G-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 50
    name "I-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 60
    name "P-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 62
    name "P-VOIP"
    tagged 24
    voice
    no ip address
    exit
    vlan 70
    name "S-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 5
    name "PRINTER"
    untagged 6,9
    tagged 24
    no ip address
    exit
    vlan 9
    name "ADMIN"
    untagged 1-3
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 80
    name "U-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 82
    name "U-VOIP"
    tagged 24
    voice
    no ip address
    exit
    vlan 90
    name "VCE-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 100
    name "ELC-LAN"
    tagged 24
    no ip address
    ip igmp
    exit
    vlan 101
    name "ELC-WIFI"
    tagged 24
    no ip address
    exit
    vlan 200
    name "WIFI200"
    tagged 20,24
    no ip address
    exit
    vlan 204
    name "WIFI204"
    tagged 20,24
    no ip address
    exit
    vlan 208
    name "WIFI208"
    tagged 20,24
    no ip address
    exit
    vlan 212
    name "WIFI212"
    tagged 20,24
    no ip address
    exit
    vlan 52
    name "I-VOIP"
    tagged 24
    voice
    no ip address
    exit
    fault-finder bad-driver sensitivity high
    fault-finder bad-transceiver sensitivity high
    fault-finder bad-cable sensitivity high
    fault-finder too-long-cable sensitivity high
    fault-finder over-bandwidth sensitivity high
    fault-finder broadcast-storm sensitivity high
    fault-finder loss-of-link sensitivity high
    fault-finder duplex-mismatch-HDx sensitivity high
    fault-finder duplex-mismatch-FDx sensitivity high
    timesync sntp
    sntp unicast
    sntp server priority 1 172.17.3.101
    sntp server priority 2 172.17.3.102
    snmp-server community "public" Unrestricted
    snmp-server location "F Block"
    spanning-tree
    spanning-tree 1 bpdu-protection
    spanning-tree 2 bpdu-protection
    spanning-tree 3 bpdu-protection
    spanning-tree 4 bpdu-protection
    spanning-tree 5 bpdu-protection
    spanning-tree 6 bpdu-protection
    spanning-tree 7 bpdu-protection
    spanning-tree 8 bpdu-protection
    spanning-tree 9 bpdu-protection
    spanning-tree 10 bpdu-protection
    spanning-tree 11 bpdu-protection
    spanning-tree 12 bpdu-protection
    spanning-tree 13 bpdu-protection
    spanning-tree 14 bpdu-protection
    spanning-tree 15 bpdu-protection
    spanning-tree 16 bpdu-protection
    spanning-tree 17 bpdu-protection
    spanning-tree 18 bpdu-protection
    spanning-tree 19 bpdu-protection
    spanning-tree 20 bpdu-protection
    spanning-tree 21 bpdu-protection
    spanning-tree 22 bpdu-protection
    spanning-tree 23 bpdu-protection
    spanning-tree bpdu-protection-timeout 300
    loop-protect 1-24
    loop-protect disable-timer 300
    password manager
    password operator

  2. Thanks to seawolf from:

    FragglePete (11th August 2013)

  3. #32

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by FragglePete View Post
    That is correct. I like Keeping It Simple and not have another box to worry about. I fully appreciate what people are saying though but I was just hoping to break up our allocation of addresses into subnets and use them. Our provision with SWGfL is a bit different from normal as the bearer goes to the LEA and is distributed by their network to each of the schools in the borough. I'll have to try and talk to the local network team at the borough, it's just getting in contact with them as I have to be seen to go through the proper channels. Grrrr.
    Aw crap, you definitely need to be using IP address ranges OTHER than that used by your WAN provider, and a firewall. Use a completely different internal IP addressing range, set endpoint switches to default route to core switch, core switch to default route to firewall, and firewall to default route to your WAN provider (LEA?).

    Yep that's a lot more changes than you were planning, but you're about to configure yourself into a bloody mess. I'd recommend backing it out, planning a network reconfiguration more carefully and breaking free from using the LEA IP addressing internally - that's not good to do from a security standpoint and MANY other reasons.

  4. Thanks to seawolf from:

    FragglePete (11th August 2013)

  5. #33

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,877
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    If Wiltshire is anything like Somerset, it's rare for a school to break away from the LEA provided IP range. We get our SIMS and finance support via their remote support systems and expect direct access.

    Moving away from their ranges introduces a big issue.

  6. Thanks to localzuk from:

    FragglePete (11th August 2013)

  7. #34

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by localzuk View Post
    If Wiltshire is anything like Somerset, it's rare for a school to break away from the LEA provided IP range. We get our SIMS and finance support via their remote support systems and expect direct access.

    Moving away from their ranges introduces a big issue.
    I don't see how it would as long as the default gateway is set right and the internal DNS server is set to forward lookups to the LEA DNS server(s).

  8. #35
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,541
    Thank Post
    362
    Thanked 263 Times in 215 Posts
    Rep Power
    100
    Quote Originally Posted by localzuk View Post
    If Wiltshire is anything like Somerset, it's rare for a school to break away from the LEA provided IP range. We get our SIMS and finance support via their remote support systems and expect direct access.

    Moving away from their ranges introduces a big issue.
    We get support in the same way, but we did exactly what seawolf said 6 years ago and we've never had an issue with it. They can't directly VNC straight into our computers anymore (and rightfully so!) but we provided them other means of connecting in and walked them through it, which works just as well. You just might need to educate them, but i sent our sims support an idiot sheet for connecting in and that has worked perfectly for years.

  9. #36
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    Quote Originally Posted by twin--turbo View Post
    I doubt it will make a difference, the LEA router is expecting all IP's to be on the same subnet/vlan. But 75% are now on other vlans and the LEA router has no idea that it needs a next hop IP to get to these other VLANS.

    TT
    I suspected that would be the case as it's the same for our setup but what I also thought is that there is no actual definition for the 48.x network on the switch but I have found it now

    Code:
    ip address 10.43.48.95 255.255.255.0
    I use PFSense with LEA default gateway and then just use one supernetted static route to reach all my VLANs but that is possible in my case because of my network numbers ie 10, 20, 30, 40 etc.

    Also I would like to know why a lot of you seem to have RIP configuration on your switches ? Do you have other routers to send routing updates to as well ?

  10. Thanks to ChrisH from:

    FragglePete (11th August 2013)

  11. #37

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by ChrisH View Post
    Also I would like to know why a lot of you seem to have RIP configuration on your switches ? Do you have other routers to send routing updates to as well ?
    If you're using your Layer 3 core switch to route traffic and aren't using a standalone router for this instead, then you have to enable RIP or OSPF. RIP is simple, has low overhead and is perfect for small to medium size LANs. OSPF is harder to configure, can have high overhead, and in the case of the ProCurves you have to pay for a premium license to support OSPF (or at least that was the case last time I checked). You wouldn't want to use RIP with multiple routers though...

  12. #38
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    Quote Originally Posted by seawolf View Post
    If you're using your Layer 3 core switch to route traffic and aren't using a standalone router for this instead, then you have to enable RIP or OSPF. RIP is simple, has low overhead and is perfect for small to medium size LANs. OSPF is harder to configure, can have high overhead, and in the case of the ProCurves you have to pay for a premium license to support OSPF (or at least that was the case last time I checked). You wouldn't want to use RIP with multiple routers though...
    I know about RIP and OSPF but my point is such protocols are for sending routing updates for advertised networks to other routing devices and that people sometimes seem to have some RIP configuration when they only have one router/layer 3 switch.

    I have had a Procurve 5406 routing my VLANs for 3-4 years now and it only needs

    Code:
    IP routing
    Enabled. This is why I ask about what other devices people are using with RIP on their networks with their Procurve.

  13. Thanks to ChrisH from:

    FragglePete (11th August 2013)

  14. #39

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,877
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    Indeed, I don't have rip enabled on my 5406zl. It's been happily routing vlan traffic for 5 years.

  15. Thanks to localzuk from:

    FragglePete (11th August 2013)

  16. #40

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by ChrisH View Post
    I know about RIP and OSPF but my point is such protocols are for sending routing updates for advertised networks to other routing devices and that people sometimes seem to have some RIP configuration when they only have one router/layer 3 switch.

    I have had a Procurve 5406 routing my VLANs for 3-4 years now and it only needs

    Code:
    IP routing
    Enabled. This is why I ask about what other devices people are using with RIP on their networks with their Procurve.
    With IP routing enabled, you can't use ip default-gateway in the config. RIP is dynamic and IP routing is static. IP routing is fine for simple LAN configurations. We have two campuses joined via fibre link and a more complex network. Using static routes would be far more prone to error and misconfiguration. Most of the examples HP provide on inter-VLAN routing make use of RIP for this reason. It's simple and more flexible than static routes.

  17. Thanks to seawolf from:

    ChrisH (8th August 2013)

  18. #41

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    887
    Thank Post
    280
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    Firstly, thanks for everybody's input on this; really appreciated.

    I backed out. Rolled things back and things are as they where with just so tidying up to do.

    The 'INSIDE' and 'OUTSIDE' bits were geographical references purely for how I intended the VLANs to be, nothing to do with Routing as such, ie. 'INSIDE' for inside the main building, 'OUTSIDE' for the buildings outside main building, etc, etc. Sorry if this confused. The 172.17.50.0/24 is what we have our phone system running on, I wanted it running on its own VLAN and knew it couldn't reach the SWGfL network being on this subnet but talks happily to internal devices via the switch as a number of users use the soft phone features of our Splicecom Kit, this is why PIM Dense is in place also as it needs to multicast over the VLANs. The other range is our 'admin' range which we actually use for BYOD for staff at present. The setup did have the VLAN's routing nicely together and I had this working (logging in via AD, CSE stuff working and Prism deploying, etc) - just no access on the VLANs except for the first (ie. 10.43.48.0/24).

    So, taking a step back, licking my wounds and preparing for introducing a firewall, router of some sort in the near future. I full appreciate the arguments of moving away from these Broadband Consortiums, and have indeed talked to other providers where the costs are about the same. Because of the unique way Swindon is routed via the LEA it obviously does have it's disadvantages, and this has highlight a big one, but on a plus side we are getting upgraded to 100Mbps in the near future with just an initial upfront cost to change a licence on our Point to Point uplink (dicussion for another day on that one).

    Thing is, I want to put something reliable in as a firewall which would allow me to do this VLANs with my own private address ranges now so don't want to have something so important running on an old PC that I've botched together. I did something similar years ago elsewhere using things like PfSense, MonoWall and ipCop which were great fun to play with but want something robust, well supported and not going to cost the earth. We also have services like Exchange, Frog and RemoteApps routing to internal IP addresses from SWGfL so would want to ensure that these remain working so keep this range of address in use along with my own set of private addresses on the other VLANs - just need to understand how to work out the gateway and routing with that one!

    Again, I really appreciate everyone's input and time taken on this; goes to prove just how useful this forum is and all those that take part. Thank you all!

    Pete

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. laptop not getting internet at home
    By mant01 in forum Windows
    Replies: 12
    Last Post: 2nd October 2008, 10:32 AM
  2. AD user not seeing home dir
    By torledo in forum Windows
    Replies: 3
    Last Post: 28th April 2008, 11:20 AM
  3. VLAN for guest internet access
    By plexer in forum How do you do....it?
    Replies: 3
    Last Post: 17th December 2007, 12:50 PM
  4. Clients Not Seeing RIS
    By thegrassisgreener in forum Windows
    Replies: 7
    Last Post: 22nd November 2007, 03:16 PM
  5. Adding vLAN not working on HP Procurve
    By mrforgetful in forum Wireless Networks
    Replies: 21
    Last Post: 2nd March 2007, 11:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •