IP address schemes and VLANs
I'm in the middle of working on Re-IPing a network for a client and wanted to clarify a couple of concepts before I got started:
First of all, the current setup is that all 50 sites use identical VLAN ID's at each site to relate to the same services (I.e. VLAN 10 - Data, VLAN 20 - VOIP, etc.).
However, I have had read some discussions that seem to suggest that using completely unique VLAN's at each site would be better practice.
Can someone confirm or deny this, and elaborate as to why this is/isn't best practice?
Secondly, if I'm using a /16 format as a template for each site, and referencing a pre-assigned device ID as the second octet (10.[site ID].x.x/16), would it be best to assign the subnets contiguously from bottom to top, starting with the biggest subnet, or is there a better approach?
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you're sites are tied together with L3, I would suggest reusing the same VLAN numbers for the same VLAN purposes.
Regarding your /16, that's a rather large (IPv4) allocation. Your sites are very large? If not, you might want to use a smaller reservation per site, or even different reservations for different site tier sizes.
When it comes to allocating IP space, I would recommend you try to preserve large blocks for future allocations. This can be accomplished by keeping the binary nature of address space allocations in mind.
This can be accomplished by keeping track of the binary tree "above" the allocated network block. Only allocate similar or related network blocks from within the same "parent" tree.
For example, if your first allocation is a /30, anywhere within your /16, you now still have an available /15 and /14. However, where you allocate your second allocation, another /30, could lose your /15 or the /14. Consider if the two /30s were sequentially allocated, the one at the last /30 of the top /15 and the other at the first /30 at the top of the bottom /15.
Similar Messages
-
I have two questions:
1.Can a 3005 concentrator with a Private interface on a 10.10.10.0/24 subnet provide a pool of addresses to clients that are on a 10.10.50.0/24 subnet?
I tried this and could not communicate with anything. I received an address, but could not ping anything on the remote network.
All needed routes were in the concentrator.
2. If a concentrator is providing addresses from a pool (all on the same subnet, concentrator private and clients),and I wanted to VLAN the subnet,
Is all that is needed to make sure the concentrator Private interface is in the VLAN?1. Yes, you can achieve this as long as Private interface knows how to reach the 10.10.50.0/24 subnet, i.e route is known/available via router/L3 switch.
Make sure you allow icmp on the filter on the Public interface.
2. You can either put the Private interface to/under that Vlan, or you have a L3 device (router/L3 switch) that enable inter-vlan routing.
HTH. Pls rate all useful post(s).
AK -
Years ago I setup my addressing scheme using 192.168.1.x. Now I
sometimes have users connecting to our network over a VPN. And
frequently their local network (home wifi, hotel wifi, etc) are also
using 192.168.1.x. This ends up causing connection problems. I have
had a couple users change their home networks to something else and
their problems went away. Short of me re-doing all my network
addresses, is there something I am missing that would solve this
problem? Some way to handle VPNs so the PCs don't confuse their local
IPs with my IPs?
Thanks,
Ken> Years ago I setup my addressing scheme using 192.168.1.x. Now I
> sometimes have users connecting to our network over a VPN. And
> frequently their local network (home wifi, hotel wifi, etc) are also
> using 192.168.1.x. This ends up causing connection problems. I have
> had a couple users change their home networks to something else and
> their problems went away. Short of me re-doing all my network
> addresses, is there something I am missing that would solve this
> problem? Some way to handle VPNs so the PCs don't confuse their local
> IPs with my IPs?
I hate this problem, for the same reasons you've mentioned. Personally,
if I had a company network, I'd put it randomly somewhere in the 10.x.x.x
range just to avoid this since most home networks take the 192.168.0.x or
192.168.1.x space. Some hotels may use 172.16.x.x or 10.x.x.x, but with a
random range of your own hopefully it'll work out.
Alternatively, maybe push out explicit routes to what they need so while
they can keep their own network operational any attempts to reach
192.168.1.37 (a specific server they need to access) will have an explicit
route on their machine pushed out by the VPN software, telling the box to
use the VPN connection. Doing that for all of your boxes may be....
onerous. Still, it's the only workaround that comes to mind as being
slightly reasonable and not involving changing your network around.
A slightly less-fun idea: VPN network gets its own range, and then you put
boxes there that people can remote-control which can access the rest of
the network. Terribly inefficient if the person wants to do something
that is not great via a GUI, or if their connection is slow, but you could
make it work. Bleh.
Good luck. -
How do I add a Subnet and vlan with a catalyst 3550 and RV120
Hello Friends.
I have a scenario that i'm hoping i can get some help with. I'll be as detailed and descriptive as i can.
This is for a business with 100 employees nodes and 100 camera nodes all needing IP internet through private addressing and public gateway.
I have a business class gateway with a private range of 12 public addresses. Ther modem does nothing but act as a gateway since i have disabled the firewall and DHCP.
In place of the firewall and DCHP from the modem i have installed a RV120 Firewall with VPN. When installing i replicated the IP scheme of the modem as to not disturb and distrup the devices assigned addresses from that scheme from the modem. I did this because the owner could not have any down time or any disruption to the business operations.
The RV120 now acts as firewall , DHCP , and VPN. I'll address the subnet first. I's using 10.0.0.0/24 subnet range.
DHCP is assigning 10.1.10.50 - 10.1.10.100 the rest are static and i plan to use static DHCP with the IP and MAC assigned to each static DHCP address.
There are 100 cameras with static IP addresses in the range of 10.1.10.11 - 10.1.10.40, and 10.1.0.1.101 - 10.1.10.170.
VPN uses PPTP assigned address 10.1.10.6 - 10.1.10.10.
There are no layer 3 switches that i know of. Just a layer two that is the primary swith and ports have run out, and various out of the box switches and wireless access points connected to the primary switch.
I want to implement subnets into the network and VLANS as well on a new Layer 3 switche from cisco. Thinking 3550 from Cisco or one of the older layer 2 switches with layer three capabilities.
I also want to introduce a 192.168.0.0/24 IP range for the existing wireless network and segment the traffic from the rest of the traffic on other ranges.
I want to replace the 10.0.0.0/24 DHCP alltogether and the static addresses for end user nodes on the same network, but keep that range just for camera nodes segmented.
I want to implement a NEW end user IP range and VLAN for employee/guest networks using the 172.16.0.0/24 range.
Iv'e thought of replacing all the wireless nodes with RV120's and use VLAN. Dont know if that strategy works. Need to think it through.
I want the 192.168.0.0/24 IP range comunicate to with the 172.16.0.0/24 and possibly the 10.0.0.0/24 range.
Any advice on how to do this?
As a side note the next step after this is to install a server domain controller as all the computers are all stand alones in their own workgroups. It's a simultaneous project that will introdue a DCHP, WINS, DNS server.Hi Omid, it sounds like you're proposing the 3550 switch but you're not decided yet. The 3550 switch is a pretty old device and needs enhanced multilayer image. It may be more prudent to use a more current switch such as small business SG300 or SG500 as the feature set is more rich and it supports around 480 LAN connections.
To answer the inquiry, the RV120W, when you create a VLAN it will automatically create an IP interface. From this you may assign subnet as you like along with 'enable or disable' for inter vlan routing. Since the RV120W has this feature, a layer 3 switch is not required unless you are looking to keep the routing load smaller by routing locally with the switch.
With Catalyst or a small business switch you would need to create a VLAN. After creating the VLAN, on a Catalyst you can simply issue "switchport trunk encapsulation dot1q" on the desired interface and all VLAN will passage without issue. For a port connecting a user "switchport mode access" "native vlan xx" This will assign the port as untag member of the desired VLAN.
If using a small business switch, it is slightly different, you still create the VLAN but the command issue is a bit different "switchport trunk allowed vlan add xx" for the link to the router, where xx = the VLAN ID to tag to the router. For access client it remains the same as Catalyst. -
Offline Address Book and GAL corrupted.
I have and Exchange 2013 cluster with 3 servers all performing both CAS and MB roles. This environment was originally a 2003 server, then 2007, then 2010, and now 2013 so it has been migrated many times in the past. It seems at some point something was missed
and now we are having serious issues.
It started when I was unable to create new profiles in Outlook. After much troubleshooting and digging I found I was also having a problem creating new mailboxes in Exchange and even updating settings such as mailbox limits. When I try to create a new Mailbox
I receive the error:
The LdapRecipientFilter "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)
))" on Address List or Email Address Policy "\Default Global Address List" is invalid. Additional information: The attribute type 'mailnickname' or its syntax is not defined in the schema.
This all seems to come down to issues with the Global AddressList and the Offline Address List. Thanks to other posts and Google I found that I should simply update these list using Get-AddressList | Update-AddressList and Get-GlobalAddressList | Update-GlobalAddressList.
These commands however through some erros:
Get-AddressList | Update-AddressList
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
[PS] C:\Windows\system32>Get-GlobalAddressList | Update-GlobalAddressList
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
Get-AddressList | Update-AddressList
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
[PS] C:\Windows\system32>Get-GlobalAddressList | Update-GlobalAddressList
WARNING: The recipient "MyDomain.local/Users/HealthMailboxc5809e7b325d447f91bc3d7ea36c15e2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox6d5b50c9e47e4ad283e5ceef43f051e8" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Users/HealthMailbox033a6d5dc2734020861241094e333a83" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox3b9adbecf3224170aa5827a8b9dd8173" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailboxb55608d9ec2c42029346ccf54541fc45" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Monitoring
Mailboxes/HealthMailbox70d4dd84317b4819a90a2dff0178614b" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 2" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 3a" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/OAB Version 4" is invalid and couldn't be
updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book -
\/o=MyDomain\/cn=addrlists\/cn=oabs\/cn=Default" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Offline Address Book - first administrative
group" is invalid and couldn't be updated.
WARNING: The recipient "MyDomain.local/Microsoft Exchange System Objects/Schedule+ Free Busy Information - first
administrative group" is invalid and couldn't be updated.
From what I read this is due to invalid characters in these entries of the Address Books. If I still had my 2010 box I could go in to the Exchange Toolbox, manage the Address Lists and change the Alias of these entries. I don't have a 2010 box though. All
I have is 2013 and from what I have read there is no way to manage the Address lists through the ECP.
I have tried changing them in the Shell with this command:
Get-Mailbox | Where {$_.Alias -like "* *"} | ForEach-Object {Set-Mailbox $_.Name -Alias:($_.Al
as -Replace " ","")}
But this did not work.
How do I fix this issue in an Exchange 2013 environment? Please let me know if more information is needed and thank you in advance for any help.Hi,
I suggest we rebuild the GAL by contacting a Microsoft Support, or it will be a non-support environment. For your reference, a simple version of the rebuilding steps:
1. Remove the current GAL
2. Run “/PrepareAD” and it will recreate the GAL.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
WLC2112 with Guest / Web-Auth and vlan
Hi
I'm trying to configure my WLC with guest SSID and vlan 10.
The security is only set to Web-auth, and it is all working if the guest network is set to nativ vlan (1) But it seems that the http(s)://1.1.1.1/login.html is not reacheble from the guest SSID/VLAN??
Please help.
Management IP Address 192.168.14.252
Software Version 6.0.182.0
Emergency Image Version
I have tried with ver. 5.2 also -I think that 1.1.1.1 is only reachable from a wireless client during webauth. They should not be able to reach that address once they have passed through the web auth page.
Don't know if that helps, or not. -
RV016 - Achieving Segregation and VLANS
Good afternoon, our company started out very small and is now growing very large to the point where I am looking at layering hosts to obtain more segregation and security for different areas/users within the company. I've been playing around with the VLAN feature in this router a long with the multiple subnets to see what the most ideal configuration situation would be.
Ideally I was thinking I would block out hosts for areas regarding security and use the VLANS built into the RV016 to isolate them from other users/areas on the network. HOWEVER it seems that the VLANS ONLY segregrate within the Device IP Address (RV016) and Subnet Masks realm. So for example, if my RV016 is setup with a standard Class C net of 192.168.1.1 host with a 255.255.255.0 sub, and I add a multiple subnet of 192.168.2.0/24, and I then assign a LAN port in the RV016 to say VLAN2, and all others to VLAN1, my device on ip 192.168.1.20 VLAN2 for example, is accessible by devices on the VLAN1 with ip 192.168.2.20. It appears to me that the VLAN functions on the LAN ports are NOT being applied to devices that are added or created under multiple subnets.
This is frustrating for me because ideally this is how I would prefer to use it so I can expand my network by adding more hosts and acheiving segregation and separation. Ideally this would be resolvable if I could modify the main device subnet mask to something OTHER than the 255.255.255.x settings that are preset in the device, disgarding the need for multiple subnets, and allowing VLANS to function as they are built into the device. It seems the only way I can truly get the security/separation I desire between devices on the VLANs and in the multiple subnets is to create deny ACL's within the RV016 itself.
Hopefully this makes sense. I guess I am wondering if there are other devices out in the market that will acheive what I want to do but not require some substantial elite network training degree to hand code everything in console/terminal? Any other suggestions appreciate to acheive what I explained above. Thank you for reading and your help.This is exactly how I was hoping or assumed it should work as well but it does not seem to behave that way. HOWEVER, after posting this I did find an interesting possible solution. If you add a multiple subnet of 192.168.0.0 @ 255.255.0.0 and have the device at 192.168.1.1 @ 255.255.255.0 you THEN are able to acheive segregation under the VLAN functionality of the device. I need to look into this more, I'm sure it makes sense to someone, somewhere, but just not me at the moment. Brain is mush after troubleshooting different options and scenarios.
-
Hi,
I've been asked to implement a Multicast addressing scheme for the University i am currently working at and would be grateful if someone could confirm my thinking as i haven't done a lot with Multicast before.
We have 6 main sites at the University that are currenrtly being moved over to a 10.* based addressing scheme with /12 masks:
site 1 - 10.16.0.0 /12
site 2 - 10.32.0.0 /12 etc...
Looking at the Multicast addressing RFC 2365, it would appear that local Multicast addressing needs to be allocated from 239.192.0.0 255.252.0.0 so i am thinking of taking the second octet of the 10.* scheme and using it in the 3rd of the Multicast scheme so we have some kind of addressing structure and allocating the Multicast addressing with /12 masks as follows:
site 1 = 239.192.16.0 /20
site 2 = 239.192.32.0 /20 etc..
Am i on the right track here?
TIA
PaddySalman,
Firstly many thanks for the information.
As usual, this leads me on to further questions about implementing multicast in our routed environment :)
As mentioned previously we have 6 main sites on the network, which are connected together using 100 Mbps LAN Extension circuits, they are not in a full mesh but each site is connected to two others so there is some kind of resilience. There are also smaller satellite sites connecting into each of the main sites using WAN links from 2 Mbps serial connections up to 10 Mbps LAN extensions.
As the multicast addressing scheme is going to be based loosely on the 10.* scheme and we will be using sparse mode I am thinking of manually configuring rendezvous points at each major site so all local site multicast traffic (from the satellite sites to the main site) at each location is controlled at the major site router as this is more than likely where the servers supplying multicast services will be located, is this the correct way to go?
If we are using PIM on all the WAN links between all sites, my understanding is that clients at any site will be able to use multicast services from servers at any site as PIM will populate the multicast routing tables on all routers with PIM enabled interfaces, and IGMP will control the queries and reports from around the network populating the multicast groups wherever they reside in the network - does this sound correct?
Also is it best to use CGMP between the LAN and WAN, Ive read that its much less resource intensive than IGMP snooping, does the fact that we are using IGMP on the WAN which I believe is enabled by default when using PIM have any issues with using CGMP between the LAN and WAN?
We have some pretty old switches at some of the network campuses (1900's), these are all being replaced in the next 8 months or so with 3750's. It looks like the 1900's support CGMP, however when looking at the support matrix for multicast the 6000 series switches don't support CGMP and we will be looking to put these into our main sites at the network core. Does this mean that there is a move towards IGMP snooping over CGMP, can both be implemented at the same time. I think there is a push to get multicasting working here quickly so we might have to go with CGMP to start and then move over to IGMP snooping, any thoughts on this would be appreciated
TIA
Paddy -
Help with wireless controller and VLANs
Hi I'm trying to setup a wireless controller in preparation for a large site go live later this year. I'm struggling to get the controller and the WLAN using the correct VLAN. I want the controller on VLAN 100 and the clients on the WLAN on VLAN 200.
My thought is that I would need a config similar to:
Switchport for wireless controller management port set to trunk VLAN 100 and 200 with no native VLAN set.
The management interface on the controller set to VLAN 100.
A dynamic interface created on VLAN 200.
When setup like this I can get to the controller on its management address but only from VLAN100 not from another VLAN on site or from other sites over the WAN.
I have setup a WLAN which is set to use the dynamic interface on VLAN 200.
I have set the AP to use HREAP and set the native VLAN as 200 and added the dynamic interface into the VLAN mappings
When I connecting a client to the WLAN I get an address on VLAN 100.
The switchport for the AP is set to native VLAN 100 and trunk 200 – this setup works for standalone APs at other sites.
What am I missing?
Also any idea why the management interface address is not routing? The netmask and gateway are set correctly.
Thanks
PaulJust to add to Steve's post... You only need to create a dynamic interface for vlan 200 if you have ap's also in local mode. If your ap's are in H-REAP/FlexConnect mode, you don't need a dynamic interface for vlan 200.
In you H-REAP/FlexConnect ap, you would set the wlan to vlan mapping there and the switchport configuration would be a trunk allowing vlan 100 (im assuming your native vlan for your ap) and vlan 200. You should see something like the following:
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Could someone please tell me if a mac address is getting created as a result of creating a layer 2 Vlan?
Thanks..Just tested this on a Cisco 3750 on my desk.
I had VLAN 1 Shutdown.
I did a show mac-address-table and there was no MAC for Vlan 1.
I unshut the VLAN 1 interface (no IP configured on it) and now there IS a mac-address entry in my table.
Understand that this is different than just adding say VLAN 10 to your vlan database or something like that.
If all you did was add a VLAN (re, not a virtual interface) to your vlan config then it will NOT create a mac-address entry.
However, if you create an interface, it will.
So the answer to your question is, it depends on what you are trying to do.
Hope that helps!
James -
EIGRP IPv6 and VLAN interfaces
We've found that we have to set static link local IPs when two routers might peer over multiple VLAN interfaces.
The issue is that the routers, 6500s with sup720s, utilize the same autoconfig'd link local address on each VLAN interface. EIGRP IPv6 refuses to peer with the other router on multple VLANs when the link local are the same.
Anyone else encounter this? Did we miss a config option that would force unique link locals on different VLANs interfaces?
Because of this issue, we've made it our best practice to configure static link local for all inter-router transits.HI Gary,
I had a setup with SU720 on 2 7600s and I am able to enable the neighborship without any issues. I didnt configure static link local as below,
Ryanair#show ipv6 int vlan 500 | inc FE
IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
Ryanair#sho ipv6 int vlan 501 | inc FE
IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
Ryanair#show ipv6 eigrp nei
EIGRP-IPv6 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 Link-local address: Vl501 11 00:15:51 816 4896 0 13
FE80::222:55FF:FE17:25C0
0 Link-local address: Vl500 11 00:17:14 1 200 0 12
FE80::222:55FF:FE17:25C0
Ryanair#
Can you let us know the version on oth the devices?.
Regards,
Nagendra -
VRF configuration on subinterface and VLAN subinterface
Hi
Can I configure VRFs on subinterface (physical and VLAN) basis in a normal BGP/MPLS VPN configuration.
Thanks
VKHi Sultan,
You are very welcomed, i'd be more than glade to help you out your confusion, below is the output of one of my lab PEs, and moreover i've in production customers running with this setup, i've never faced the issue you are describing, if you can regenerate the test you are describing we can elaborate on it:
interface FastEthernet0/0
no ip address
interface FastEthernet0/0.1
encapsulation dot1Q 101
ip vrf forwarding a
ip address 101.101.101.1 255.255.255.252
interface FastEthernet0/0.2
encapsulation dot1Q 202
ip vrf forwarding b
ip address 202.202.202.1 255.255.255.252
This is a 7200VXR (NPE-300) running "c7200-p-mz.122-25.S14.bin".
BR,
Mohammed Mahmoud. -
Batch Address Verification and Standardization using AV
Hi,
We would like to use EDQ AV for batch address verification and standardization. Can you please let us know the high level steps for this since i could only see the job for real time address verification and standardization.
Can we use the address clean process used for real time address verification and standardization for batch as well. Do we have to use staged tables like how batch entity/contact deduplication uses or do we directly connect to the address table in siebel schema using a data source and do batch address verification and standardization by using the address clean process given for real time address verification and standardization in a new job.
Thanks,
SukheshHi,
When EDQ is attached to Siebel, batch address verification and cleansing tasks are instigated via Siebel's DQ Manager. You can set up a job template using the instructions in Section 5 of this document:
http://www.oracle.com/technetwork/middleware/oedq/documentation/cdssiebel-1688412.pdf
In the case of Siebel, 'batch' jobs in fact simply call the web service with however many records you scope into the batch run.
For other purposes - i.e. when you want to run the EDQ-CDS Address Clean process on other sources of data, you simply need to bind in the source and target from/to the AddressClean data interface in EDQ and set up a job with these mappings. You can run this at the same time as running real-time address cleaning, provided you use a different Run Label.
Regards,
Mike -
i've got a 1700 router with subinterface fast ethernet 2 assigned to vlan 2 with dot1q trunking.i want to setup dhcp on the router.the native vlan is not used.i'm only using vlan 2.will the hosts receive ip addresses automatically for vlan 2 or do i need to setup helper addresses ?
Hi,
You can indeed set up the router to be a DHCP server, which means that you will not need to configure any helper addresses.
If a DHCPDISCOVER message comes in over your fastethernet sub-interface, the router will respond with an address.
Here's a sample config:
service dhcp
ip dhcp pool DCHPPool1
network ! network and mask you want to assign
default-router ! ip address of router
dns-server
ip dhcp excluded-address
(since you don't want it handing out addresses such as the router's address)
Hope that helps - pls rate the post if it does.
Regards,
Paresh -
I guess I squeezed my entire issue into the subject line. lol When I sync my iphone to my laptop I notice that all my address book pics and iphone pics have become lower resolution, even though I started out with the resolution that I really needed to produce decenty address book printouts. I doubt I can correct the losses of resolution that have occurred but can anyone help me figure out how to prevent future losses? Thank you!
Plugins usually are installed externally to Firefox. However, you can disable them in Firefox so that Firefox does not use them.
SearchReset is supposed to automate the task of resetting certain preferences, but you still can edit them manually if necessary.
'''''Address Bar Search'''''
(1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
(2) In the filter box, type or paste '''keyword''' and pause while the list is filtered
(3) Right-click '''keyword.URL''' and choose Reset. This should restore Google as the default for address bar search.
Does that work?
'''''Search Box'''''
Usually it works to choose your preferred search engine from the drop-down. To remove an unwanted search engine plugin, usually the Manage Search Engines... choice at the bottom of the drop-down takes care of it.
Do either of those work?
There might be another way to hijack that search box; I think some of the other frequent responders probably are more familiar with it than I am.
Maybe you are looking for
-
How can I tell if signals from two devices are truly synchronised?
Hi there, How does one check that signals from two devices (two separate devices in a single X-series chassis) that should be synchronised actually are? I am using a PXIe6361 and PXIe4331 on a PXIe-1073, with Labview 2001 SP1 64-bit. All devices ar
-
HP Deskjet 812C won't print in black unless color is on the page
My mom's printer stopped printing in black unless some of the text is turned from black into a color (we picked red) anywhere on the page. I removed the black cartridge and put the same one back in. It printed one page of only black ink. Then no mor
-
NW 7.3 coud not found Technical configuration of BI-Java
Hi, i installed a new Netweaver 7.3 and want to configure BI via the template installer. But in Template Installer there is no entry like in the old Version NW 7.0 (BI-Java / Technical configuration of BI-Java (repeatable, reproducible). I only see "
-
Trying to import dvd into iDVD,it says Unsupported File Type:Unknown format
Hi there, I just had a home movie transferred from vhs to dvd. Now I am trying to import it into iDVD and when i try to the message appears : Unsupported File Type :Unknown format Logical Volume Identifier/VIDEO_TS. I wanted to put the home movie to
-
My mouse can not click to anything left, right or the middle mouse button does not work
I am using a 24 inch imac and the problem is suddenly my mouse can not click to anything left, right or the middle mouse button does not work i can see cursor moving and i can use the features of the keyboard but my mouse dies. I tried to plug in ano