/22 -> /20
I've got lots of reading to do!
Thanks ssiruuk, I might PM you about it in about 6 months!!
No problem :)
Thanks for the pointers people....
*Setup scopes and created VLANS.
*Sorted out the routing and LEA cisco router negotiation (involved putting it on its own VLAN).
*Implemented A VLANS accross several switches for testing.
This is also working over the 5304 wireless module.
The main problem we had was the LEA involvement and the routers default gateway and creating another VLAN just for that.
10 basic scopes/VLANS
3 more to create later, but these are not essential.
Just going through all 35 odd switches that has been a pain.
Cheers again, I'll save ACLs for another time!
Hi, wonder if anyone can help....
A PC already on the network will pickup the network fine when on a subnet/VLAN. IP address get given out properly, no problems.
However, machines that are not on the domain that are requesting to join the domain (ala CC3 build) or putting an Admin machines back on the domain on anything other than the default subnet VLAN, fail, everytime.
Any ideas?? Trust relationships? DNS?
1. Overly large amounts of broadcast traffic, such as ARP requests.
2. A higher possibility of broadcast spread malware infecting a larger number of machines
3. The possibility for all the machines to be affected if something bizarre happens (such as a loop or broadcast storm).
I do not know of any university which now uses a single subnet for things. For example, Lancaster uni switched from a single vlan to a segmented network about 5 years ago for the very reasons mentioned above.
The thing is, VLANs *are* simple.
Can't remember who said it now but if it helps someone then it'll have been worth saying.
VTP is Cisco proprietary and is no longer supported by HP kit with newer firmware versions. GVRP is the thing you're after if you're looking at vlan pruning etc.
Sorry to hijack the thread, but it is related, if a mod wants me to create a separate topic then please do let me know and I'll do that. :getmecoat:
I'm currently trying to move from a flat network to a vlan separated network to reduce broadcast traffic, I'd say we have about 500 nodes on the flat network.
My plan is to have vlans for:
and then a VLAN for each cabinet location making 33 in total
192.168.*.0 /24 with the * incrementing for each VLAN.
We had someone come in the other day and walked me through the steps for setting these up and made the first 3 for me (VLANs for wireless classrooms), and now I've come to slowly work my way through the other locations. The plan being to do a location at a time, leaving the servers, printers and switches until last as there's the most room for error there.
So this morning I set about this:
Created the new VLAN on the network card of the DHCP server giving it a name of ITSupp_VLAN and and ID of 120. The ip address of the virtual network card is 192.168.12.252 subnet 255.255.255.0
Created a new scope for the range 192.168.12.1 - 192.168.12.250 in DHCP with a lease time of 7 days. Set the options [Router: 192.168.12.254] [DNS servers: 10.0.0.3, 10.0.0.5] and [DNS Domain Name: monmouth.local]
Then I tagged the port on the switch that the DHCP server connects to for VLAN 120, and the also the uplink to the main backbone switch.
On the backbone switch I tagged the port the the server room switch connects to for vlan 120
all so far so good?
My computer (the test bed) connects directly into this backbone switch (HP procurve 4108), so I untagged the port I connect to for vlan 120. As soon as I do that I lose network connection and can't get an IP address.
I've checked and rechecked the route, but can't see anything I've missed...
Can anyone help please?
Is there any reason why you are not using a DHCP helper address on the VLAN ports that points to the location of an existing DHCP server with those extra scopes created. This would save you from having to create a large number of virtual interfaces on the DHCP server and prevent it from getting flooded by the broadcasts from all of your seporate VLANS as technically with that setup it would be directly connected to all of them.
These two threads may be worth a read:
Well that's how the guy that came in and set it up did it. I'd be interested in hearing/reading up on that helper address though.
for setting the IP helper-address on HP compatable equipment type:
telnet <switch IP>
ip helper-address <ip of dhcp server>
You'll need to be using a port assigned to the DEFAULT VLAN. vl <number> is the number referring to your VLAN. Doing IGMP here is quicker than GUI. IP HELPER-ADDRESS will be needed for each VLAN. Like linux, hitting TAB fills in the command out of the choices available.
After telnetting the device, type 'menu' and have a look around. Also type: SH RUN for your switch configuration and you can see how the other VLANS are setup.
I'd advise having a good read of the switch manuals (you can look them up on the HP site) they are pretty good and explain alot.
There is more information about it in the first of those two threads but the command to activate it is like this (source):
ip address 192.168.56.1 255.255.252.0
ip helper-address 192.168.0.3
That looks really helpful, thanks.
Presumably then, the ip helper tells the computer requesting an IP address where to find one, then the DHCP server works out which scope that it should assign from?
So I can get rid off all the virtual LAN adapters from my DHCP server? In all honesty I was kind of worried about having a server with 30 plus network cards in it.
Thanks again for that, but do you have any idea why I'm not getting an IP address for the new vlan I setup today? I believe that if I can sort that, and then implement the IP helper address I can get flying on structuring this network.