+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 33 of 33
Wireless Networks Thread, VLAN gotchas in Technical; Originally Posted by m25man This is defo the best vlan thread for a while keep up the good work and ...
  1. #31

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    Quote Originally Posted by m25man View Post
    This is defo the best vlan thread for a while keep up the good work and interesting read..

    However, not wanting to rain on your parade I would highly recommend you make financial provision for something like the good old LinkRunner as a minimum frontline tool for debugging and troubleshooting this lot!
    Its not cheap but I couldnt live without mine.
    Im a Fluke User and Evangelist, I do not work for or sell them, but as a network professional I make my living out of using them and they have paid for themselves countless times over..
    The Linkrunner Pro will make short work of diagnosing, documenting and debugging your VLan setups and you will soon learn never to step out of your office without it.
    Sorry to continue to de-rail, you say about the Fluke Link Runner Pro, what will that do to help us with VLAN'ing other than pinging and stuff which others do?

  2. #32
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    Sorry to de-rail the de-rail but seeing as this thread seems to be a bit more lively than another thread I had some VLAN bits in I'm going to be cheeky and cross-post...

    If designing an ACL to do something along the lines of...

    - allow traffic from client VLAN to access ISA server IP
    - allow traffic from client VLAN to access DHCP server (via DHCP-helper set on the VLAN)
    - deny everything else (HP does this by default but you can define it explicitly as well)

    Not sure how you'd want to do DNS for those clients, might just be better to set something like your ISP \ Google DNS for the public wifi clients so they never touch your internal DNS server? If you wanted to use the internal DNS just add another ip permit rule.

    As far as I've understood it the ACL would look something like this (assuming client subnet of 192.168.6.0/24)
    Code:
    ip access-list standard "PUBLIC_WIFI_ISOLATION"
    
    remark "ALLOW ACCESS TO DHCP SERVER 192.168.1.250"
    10 permit ip 192.168.6.0 0.0.0.255 192.168.1.250 0.0.0.0 
    
    remark "ALLOW ACCESS TO FIREWALL GREEN INTERFACE"
    20 permit ip 192.168.6.0 0.0.0.255 192.168.7.10 0.0.0.0
    
    30 deny any any
    And on the VLAN definition...
    Code:
    vlan 6
    name "WLAN_GUEST"
    ip address 192.168.6.254 255.255.255.0
    vlan 6 ip access-group "PUBLIC_WIFI_ISOLATION" in
    (then tag \ untag ports as required)

    If this looks wrong to anyone please correct me as it's only a theoretical design I've come up with after reading forums \ HP documentation!

    If that ACL is correct then my other idea for isolating classroom PCs should work on the same concept, but in this case it would be denying certain traffic then allowing everything else...

  3. #33

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,635
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    Quote Originally Posted by john View Post
    Sorry to continue to de-rail, you say about the Fluke Link Runner Pro, what will that do to help us with VLAN'ing other than pinging and stuff which others do?
    It fully supports 802.1x including setting vlan ID, has CDP LLDP so you can plug it in blind tell what vlans are available it will tell you which switch and port number you are connected to set your vlan I'd and watch the dhcp working....

    30 seconds to validate an outlet.... Now how much time will that save you in a lifetime

  4. Thanks to m25man from:

    john (28th April 2011)

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Windows 7 Gotchas/Tips/FYI
    By ZeroHour in forum Windows 7
    Replies: 28
    Last Post: 19th September 2013, 08:48 AM
  2. Removing ISA 2004 - Tips/Gotchas?
    By contink in forum Internet Related/Filtering/Firewall
    Replies: 13
    Last Post: 16th September 2010, 10:56 PM
  3. Any Gotchas When Ghosting W2K3 Server?
    By SYSMAN_MK in forum O/S Deployment
    Replies: 6
    Last Post: 13th March 2009, 02:27 PM
  4. To Vlan or not Vlan?
    By Theblacksheep in forum Wireless Networks
    Replies: 33
    Last Post: 19th August 2008, 03:22 PM
  5. Any gotchas when installing Citrix Presentation Server 4.5?
    By Geoff in forum Thin Client and Virtual Machines
    Replies: 6
    Last Post: 24th May 2007, 08:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •