+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 34
Wireless Networks Thread, To Vlan or not Vlan? in Technical; Originally Posted by ssiruuk2 Blacksheep - I'm sorry but I just dont get it. Are you sure you are currently ...
  1. #16

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,917
    Thank Post
    130
    Thanked 287 Times in 208 Posts
    Rep Power
    193
    Quote Originally Posted by ssiruuk2 View Post
    Blacksheep - I'm sorry but I just dont get it. Are you sure you are currently on a 240.0.0.0 mask (/4)

    You mentioned 1024 available hosts (/22) at the moment and moving to 4096 (/20) ? From your eariler post I thought your subnet mask was going from /4 to /20 so available hosts per subnet should be going down not up? That doesn't add up to me!

    Randomly a /4 mask gives you a whopping 268,435,456 available hosts on that network!! Whoever thought that was a good idea before you took this on?!
    I do appologise....I wrote my /# number down totally wrong

    /22 -> /20

    I've got lots of reading to do!

    Thanks ssiruuk, I might PM you about it in about 6 months!!

  2. #17

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    21
    No problem

  3. #18

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,917
    Thank Post
    130
    Thanked 287 Times in 208 Posts
    Rep Power
    193
    Thanks for the pointers people....


    *Setup scopes and created VLANS.
    *Sorted out the routing and LEA cisco router negotiation (involved putting it on its own VLAN).
    *Implemented A VLANS accross several switches for testing.

    This is also working over the 5304 wireless module.

    The main problem we had was the LEA involvement and the routers default gateway and creating another VLAN just for that.

    10 basic scopes/VLANS
    3 more to create later, but these are not essential.

    Just going through all 35 odd switches that has been a pain.

    Cheers again, I'll save ACLs for another time!
    Last edited by Theblacksheep; 4th August 2008 at 05:46 PM.

  4. #19

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,917
    Thank Post
    130
    Thanked 287 Times in 208 Posts
    Rep Power
    193

    Can't join domain

    Hi, wonder if anyone can help....

    A PC already on the network will pickup the network fine when on a subnet/VLAN. IP address get given out properly, no problems.

    However, machines that are not on the domain that are requesting to join the domain (ala CC3 build) or putting an Admin machines back on the domain on anything other than the default subnet VLAN, fail, everytime.

    Any ideas?? Trust relationships? DNS?
    Last edited by Theblacksheep; 6th August 2008 at 10:11 AM.

  5. #20

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by Theblacksheep View Post
    Hi, wonder if anyone can help....

    A PC already on the network will pickup the network fine when on a subnet/VLAN. IP address get given out properly, no problems.

    However, machines that are not on the domain that are requesting to join the domain (ala CC3 build) or putting an Admin machines back on the domain on anything other than the default subnet VLAN, fail, everytime.

    Any ideas?? Trust relationships? DNS?
    Hi,

    You need to have a dedicated vlan for rebuilding etc and then once the station is built it should pick up the iP from the correct vlan. Other than this you need to have 802.1x which will handle all this for you.

    Ash.

  6. Thanks to spc-rocket from:

    Theblacksheep (6th August 2008)

  7. #21

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,917
    Thank Post
    130
    Thanked 287 Times in 208 Posts
    Rep Power
    193
    Quote Originally Posted by ashok View Post
    Hi,

    You need to have a dedicated vlan for rebuilding etc and then once the station is built it should pick up the iP from the correct vlan. Other than this you need to have 802.1x which will handle all this for you.

    Ash.
    Cheers Ash,

    Bit of a pain not being able to do a 3and1 without removing the PC from the subnet and replacing it afterwards!


    RM workaround is: Put a DC on each VLAN/subnet. Awesome.
    Last edited by Theblacksheep; 6th August 2008 at 12:00 PM.

  8. #22
    Grommit's Avatar
    Join Date
    Sep 2006
    Location
    Weston-super-Mare
    Posts
    1,335
    Thank Post
    31
    Thanked 54 Times in 31 Posts
    Rep Power
    24
    Quote Originally Posted by localzuk View Post
    simple is not best. Having over a thousand machines on a single network is bad practice. VLANs are the way to go.
    Says who ?

    You seem to have too much time on your hands :-)
    Last edited by Grommit; 6th August 2008 at 12:50 PM.

  9. #23

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,526
    Thank Post
    513
    Thanked 2,404 Times in 1,861 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by Grommit View Post
    Says who ?

    You seem to have too much time on your hands :-)
    Says every person who is qualified to say so! 1000 machines on a single LAN/subnet leads to:

    1. Overly large amounts of broadcast traffic, such as ARP requests.
    2. A higher possibility of broadcast spread malware infecting a larger number of machines
    3. The possibility for all the machines to be affected if something bizarre happens (such as a loop or broadcast storm).

    I do not know of any university which now uses a single subnet for things. For example, Lancaster uni switched from a single vlan to a segmented network about 5 years ago for the very reasons mentioned above.

    The thing is, VLANs *are* simple.

  10. Thanks to localzuk from:

    Theblacksheep (6th August 2008)

  11. #24
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    Can't remember who said it now but if it helps someone then it'll have been worth saying.

    VTP is Cisco proprietary and is no longer supported by HP kit with newer firmware versions. GVRP is the thing you're after if you're looking at vlan pruning etc.

  12. #25
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Sorry to hijack the thread, but it is related, if a mod wants me to create a separate topic then please do let me know and I'll do that.

    I'm currently trying to move from a flat network to a vlan separated network to reduce broadcast traffic, I'd say we have about 500 nodes on the flat network.

    My plan is to have vlans for:
    Servers
    Switches
    Printers
    IP Cameras

    and then a VLAN for each cabinet location making 33 in total
    192.168.*.0 /24 with the * incrementing for each VLAN.

    We had someone come in the other day and walked me through the steps for setting these up and made the first 3 for me (VLANs for wireless classrooms), and now I've come to slowly work my way through the other locations. The plan being to do a location at a time, leaving the servers, printers and switches until last as there's the most room for error there.

    So this morning I set about this:

    Created the new VLAN on the network card of the DHCP server giving it a name of ITSupp_VLAN and and ID of 120. The ip address of the virtual network card is 192.168.12.252 subnet 255.255.255.0

    Created a new scope for the range 192.168.12.1 - 192.168.12.250 in DHCP with a lease time of 7 days. Set the options [Router: 192.168.12.254] [DNS servers: 10.0.0.3, 10.0.0.5] and [DNS Domain Name: monmouth.local]

    Then I tagged the port on the switch that the DHCP server connects to for VLAN 120, and the also the uplink to the main backbone switch.

    On the backbone switch I tagged the port the the server room switch connects to for vlan 120

    ...
    all so far so good?
    ...

    My computer (the test bed) connects directly into this backbone switch (HP procurve 4108), so I untagged the port I connect to for vlan 120. As soon as I do that I lose network connection and can't get an IP address.

    I've checked and rechecked the route, but can't see anything I've missed...

    Can anyone help please?

  13. #26

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,987
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by Andi View Post
    Created the new VLAN on the network card of the DHCP server giving it a name of ITSupp_VLAN and and ID of 120. The ip address of the virtual network card is 192.168.12.252 subnet 255.255.255.0

    Created a new scope for the range 192.168.12.1 - 192.168.12.250 in DHCP with a lease time of 7 days. Set the options [Router: 192.168.12.254] [DNS servers: 10.0.0.3, 10.0.0.5] and [DNS Domain Name: monmouth.local]
    Not sure that I can be much help with the hp configuration but I was just wondering about your setup of the VLANS.

    Is there any reason why you are not using a DHCP helper address on the VLAN ports that points to the location of an existing DHCP server with those extra scopes created. This would save you from having to create a large number of virtual interfaces on the DHCP server and prevent it from getting flooded by the broadcasts from all of your seporate VLANS as technically with that setup it would be directly connected to all of them.

    These two threads may be worth a read:
    http://www.edugeek.net/forums/networ...alns-help.html
    http://www.edugeek.net/forums/networ...-required.html

  14. Thanks to SYNACK from:

    Andi (7th August 2008)

  15. #27
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Well that's how the guy that came in and set it up did it. I'd be interested in hearing/reading up on that helper address though.

  16. #28

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,917
    Thank Post
    130
    Thanked 287 Times in 208 Posts
    Rep Power
    193
    for setting the IP helper-address on HP compatable equipment type:

    telnet <switch IP>
    config
    vl <number>
    ip igmp
    ip helper-address <ip of dhcp server>
    wr me


    You'll need to be using a port assigned to the DEFAULT VLAN. vl <number> is the number referring to your VLAN. Doing IGMP here is quicker than GUI. IP HELPER-ADDRESS will be needed for each VLAN. Like linux, hitting TAB fills in the command out of the choices available.

    After telnetting the device, type 'menu' and have a look around. Also type: SH RUN for your switch configuration and you can see how the other VLANS are setup.

    I'd advise having a good read of the switch manuals (you can look them up on the HP site) they are pretty good and explain alot.
    Last edited by Theblacksheep; 7th August 2008 at 03:04 PM.

  17. Thanks to Theblacksheep from:

    Andi (7th August 2008)

  18. #29

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,987
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by Andi View Post
    Well that's how the guy that came in and set it up did it. I'd be interested in hearing/reading up on that helper address though.
    The DHCP helper feature allow the switch to forward DHCP requests to a DHCP server on a different subnet which stops you from having to set up a dhcp server for every vlan or link your DHCP server into all of the vlans. As long as the switch is running routing or knows how to get to the ip address of the DHCP server that you specify it can pass along the request. As the request shows up as being from the network interface of the vlan in question the DHCP server knows which address range it is and is able to send back a responce to the client through the switch. This will also stop any leakage that may occour through the DHCP server.

    There is more information about it in the first of those two threads but the command to activate it is like this (source):
    Code:
    vlan 3
       name "CURRIC"
       ip address 192.168.56.1 255.255.252.0
       ip helper-address 192.168.0.3
       tagged 1-24
       ip igmp
       exit

  19. Thanks to SYNACK from:

    Andi (7th August 2008)

  20. #30
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    That looks really helpful, thanks.

    Presumably then, the ip helper tells the computer requesting an IP address where to find one, then the DHCP server works out which scope that it should assign from?

    So I can get rid off all the virtual LAN adapters from my DHCP server? In all honesty I was kind of worried about having a server with 30 plus network cards in it.

    Thanks again for that, but do you have any idea why I'm not getting an IP address for the new vlan I setup today? I believe that if I can sort that, and then implement the IP helper address I can get flying on structuring this network.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. VLAN Configuration
    By robknowles in forum Wireless Networks
    Replies: 1
    Last Post: 28th May 2008, 04:01 AM
  2. vlan and dhcp
    By Uraken in forum Wireless Networks
    Replies: 2
    Last Post: 17th March 2008, 11:18 AM
  3. VLAN creation
    By localzuk in forum Wireless Networks
    Replies: 19
    Last Post: 1st October 2007, 10:29 AM
  4. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  5. VLAN setup
    By dezt in forum Wireless Networks
    Replies: 4
    Last Post: 29th November 2006, 08:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •