SUN NIS Broadcast across multiple vlans

Similar Messages

• DHCP Setup across multiple VLANs on RV325 - DHCP Server only working on VLAN 1

  I have multiple VLAN subnets defined on my RV325 - when I try and utilize a DHCP Server on each VLAN, it only seems to be issuing IP Addresses to clients on VLAN ID 1.  When I first set this up months ago, I thought I had tested it providing IP Addresses via the other subnets.  Now that I am trying to do so, it isn't working "as expected".  Example - I am using VLAN 25 as the GuestWireless subnet utilizing a separate 802.11n WAP that is set to Bridge connections to the IP Address of the VLAN interface.  Devices are able to connect to the WAP, but end up with a self-assigned IP Address 169.x.x.x address.  There has to be an easy fix to this, but I seem to be "stuck" figuring out what it is…pointers/redirects appreciated.  Thanks!

  Thanks - I've already reviewed that information before I posted.  I've been working with DHCP since the mid-90's, so I'm comfortable with the settings/configuration I need to leverage to make this work via other means using various Network-based OSes.
  I'm wondering if there are other options in configuring this device that can impact the ability to dynamically serve IP addresses on a VLAN/subnet-by-VLAN/subnet basis.
  As I did more testing, I discovered when I reserved an IP Address via the IP & MAC Binding option within the DHCP Settings, those devices would receive their static reservations and work as expected, so the problem seems to be leveraging the DHCP Pool for devices connecting to VLANs other that VLAN 1.
  Any ideas as to why the DHCP Pool's are "non-functioning" for the other VLANs is greatly appreciated...
  Each VLAN is setup with a separate DHCP Server configuration as shown below:
  VLAN ID = 1 (Default, Inter VLAN Routing = Enabled, LAN1-6 = Untagged, LAN7=Tagged, LAN8=Excluded, LAN9-14 Untagged)
  Device IP Address = 172.16.xxx.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 172.16.xxx.100
  Range End = 172.16.xxx.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  Correctly serving IP Addresses via DHCP (both static and dynamic) to Wired devices & Wireless devices connecting through WAP (set to Bridge)
  VLAN ID = 25 (GuestWireless, Inter VLAN Routing = Disabled, LAN1-LAN7 = Excluded, LAN8 = Untagged, LAN9-14 = Excluded)
  Device IP Address = 172.16.yyy.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 172.16.yyy.100
  Range End = 172.16.yyy.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP (set to Bridge)
  Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.
  VLAN ID = 100 (Voice, Inter VLAN Routing = Disabled, LAN1-6 Excluded, LAN7 = Untagged, LAN8-14 = Excluded)
  Device IP Address = 192.168.zzz.1
  Subnet Mask = 255.255.255.0
  DHCP Mode = DHCP Server
  Remote DHCP Server = 0.0.0.0
  Client Lease Time = 1440 min
  Range Start = 192.168.zzz.100
  Range End = 192.168.zzz.199
  DNS Server = Use DNS as Below
  Static DNS 1 = 208.67.222.222
  Static DNS 2 = 208.67.220.220
  WINS Server = 0.0.0.0
  NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP set to Bridge
  Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.

• Flex Connect Across Multiple VLANS same SSID

  I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
  Example below:
  1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
  2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
  3) Client walks back to first AP and connectivity is restored
  Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

  Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN.  The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x.  I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• How do I get my ARD/AppleTV to work through bonjour across multiple vlans?

  I am having a heck of a time, I have 200 iMacs running 10.9 and a 10.9 server.  We also have 30 apple TVs.  These are spread over 5 distinct vlans and I am having a heck of a time getting them all to see each other.  I found some information that started getting over my head about adding a bunch of dns entries for each device which would not scale well, and all seemed to be for printers anyways so I have turned here for some hopeful assistance.

  Bonjour is designed to stay on the local LAN and not go across routers, with VLANs you have split your network up and Bonjour normally will not cross the splits even if you enable TCP/IP routing between VLANs.
  There are various schemes aimed more for site-to-site situations to force Bonjour across links but in your case you might want to look at some newer devices specifically made to 'manage' Bonjour traffic.
  Note: Bonjour is the same thing as mDNS i.e. multicast DNS.
  See
  http://www.cisco.com/c/en/us/td/docs/wireless/technology/bonjour/7-5/Bonjour_Gat eway_Phase-2_WLC_software_release_7-5.html
  http://www.aerohive.com/products/software-management/bonjour-gateway
  http://www.xirrus.com/Products/Network-Management/Network-Services/Bonjour-Direc tor
  http://www.merunetworks.com/products/technology/bonjour/index.html
  Apple's AirPort Extreme can also do 'Wide Area' Bonjour between two or more sites but I don't feel it is suited to your case.

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• Bridge with clients & multiple VLANs on 1242 AP

  Hi,
  I am trying to set up a test as per the attached diagram. I am looking to use 2x 1242 access points to bridge to a remote part of the network.
  I currently have 2 VLANs on the network, all network devices are on VLAN 1 for management and client access is on VLAN 2.
  What I am trying to achieve is to bridge between the two access points and also have clients connect to VLAN 2 on each access point.
  Firstly, are the 1242's capable of this or would I need to look at a 1300 Bridge?
  I have attached a copy of the base config I have on both AP's, the only difference between them is the root or non-root role.
  My bridge link currently works and I can ping across it on VLAN 1 but I cannot get a client to connect to the SSID on VLAN2. Although the SSID is set to guest mode I cannot see it being broadcast and if I manually try and connect nothing happens.
  Is there anything basic I am missing here or can anyone offer advice on bridging multiple VLANs with 1242 AP's?
  Thanks,
  Paul

  Ooops....forgot to add the attachments first time.
  Thanks,
  Paul.

• ARP Broadcast on all VLANs

  Hi all,
  I have a layer 3 switch( not a cisco catalyst) that is connected to a cisco router through a MPLS VPLS. Basically the PE on MPLS cloud acts like a layer 2 switch with VPLS.
  Switch ===>> PE===>>P===>>PE===>>>Router
  -The switch has a minimum of 1000 VLANs
  -port 1 is the trunk port connected to PE
  -sniffed port 1 and shows that ARP request from the router is being broadcasted by the switch to all of its VLANs.
  -Switch CPU reaches up to 70 percent
  My question is, what are the instances where the Switch will have to broadcast to all of its VLANs?
  Thanks

  I think we will need a little more to go on.
  I was more asking if you could add at least a part of the config.
  The trick with troubleshooting it to at least at a top level work out what could cause a problem and check it.
  In this case, you have ARPs goig to a number of VLANs. The two obvious causes are that something is bridging across VLANs or the device generating the ARP is sending it to multiple VLANs. So we need to check if it is either of those.
  What does a debug ip arp tell you on the PE?
  I note you added an extract of the config that suggested that adress should be routed to nu0 - if that is correct, the router should not be arping at all. It might be worth a sh ip ro a.b.c.205 to see if there is a more specific route that beats that comparatively wide route.
  That is a bit of the "is it sending to multiple VLANs?" next is "is there something bridging?" a look at the local config would help, but this may be the more challenging one to look at, as bridging may not be hapenning locally. I assume the 0017.0fa6.dc1b address is an address associated with the PE? it may be worth looking if you can sniff the MPLS side of the PE, just to see if the PE is sending into the cloud, and something elsewhere is bridging. Is any other traffic being replicated across the VLANS?

• AP1300 Bridging Multiple Vlans with Dot1q

  I have a pair of AIR-BR1310G-E-K9 to do ptp bridging. Topology is like this:
  host-switch-rootAP---nonRootAP-switch-host
  We have multiple vlans and have followed this doco:
  <http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html>
  The native vlan is all good and can ping across end-to-end. However, the when I attach a host to the switch in another vlan i.e. user vlan - there is no connectivity. Essentially, we want to dot1q over the ptp bridge setup.
  running version:
  c1310-k9w7-mx.124-10b.JA1
  appreciate any input.
  Ajaz

  yes. standard trunk config on both switches:
  5SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  5SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  5SL_SWITCH#
  11SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  11SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  11SL_SWITCH#
  furthermore the vlans exist in the db and when i trunk between the switches - I can ping the SVI's.
  Do you want me to post the AP config?

• User Account Authentication across multiple Solaris servers - Best Practice

  Hi,
  I am new to Solaris admin and would like to know the best practice/setup for authenticating user accounts across multiple solaris servers.
  Currently we have 20 - 30 Solaris 8 & 10 servers which each have their own user accounts setup. I am planning to replace these with a similar number of Solaris 10 servers and would like to centralise the user accounts and their authentication.
  I would be grateful for any suggestions on the best setup and any links to tutorials.
  Thanks
  Jools

  i would suggest LDAP + kerberos, LDAP for name lookups and krb5 for auth. provides secure auth + extensable directory for users and other apps if needed. plus, it provides a decent spring board to add other unix plats into the mix since this will support any unix/linux/bsd plat. you could integrate this design with a windows AD env if you want as well.
  [http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp] sol + ldap+ AD
  [http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server] sol + ldap (openldap)
  [http://aput.net/~jheiss/krbldap/howto.html] sol + ldap + krb5
  now these links are all using some diff means, however they should give you some ideas as to whats out there. sol 10 comes with suns ldap server and you can use the krb5 server which comes with it as well. many many diff ways to do this. many many more links out there as welll. these are just a few.

• Multiple Vlans Per SSID

  Hi
  We are just putting in a new Controller - 5500 type
  We are using a WCS .
  Someone has raised the issue of whether we can have multiple vlans
  per SSID - as otherwise we may have very large broadcast domains
  due to the overall design being to have  Maybe 3 SSIDs
  Guest
  Staff
  Engineering
  I think in SWAN we could get away with dynamic vlans.
  We would like to have multiple vlans in each SSID to avoid the above.
  Can we do this in the new setup.
  Kind Regards
  Steve

  Hi Steve,
  yes it works just the same.
  Enable AAA override on the controller and have interfaces configured for each vlan. Then the ACS can simply push the vlan depending on the user authentication. Users are then split in separate vlans.
  Another way of doing is to group APs. You can have a group of APs serving SSID Guest in vlan 1, Employee in vlan 2 and another group of APs serving the same SSIDs but in vlan 3 and 4. It's "per-user" vlan load balancing or "geographic" vlan load balancing.
  However, broadcast domains should not be a major concern in wireless as broadcasts are blocked by default. The WLC will proxy for ARP and DHCP.
  Regards,
  Nicolas

• How to identify a user across multiple pages

  Hi,
  I'm doing a homebanking and I would like to know how to identify a user across multiple pages.
  I have already take a look at HTTPSESSION, but I didn't understand.
  Can someone help me.
  I'm send the servlet Logon.
  import java.io.*;
  import java.sql.*;
  import java.util.Date;
  import java.util.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class Cons_logon extends HttpServlet
       private Connection conexao = null;
       Login1 login1;
       public void init (ServletConfig cfg) throws ServletException
            super.init(cfg);
            try
                 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                 conexao = DriverManager.getConnection("jdbc:odbc:bank");
            catch (Exception e)
                 System.out.println(e.getMessage());
       public void doPost (HttpServletRequest req,
  HttpServletResponse res)
  throws ServletException, IOException
            String Suser, Spassword;
       PrintWriter out;
            res.setContentType("text/html");
  out = res.getWriter();
  String opcao = req.getParameter("log");
  Thanks

  I would recommend using the authentication mechanism that's guaranteed by the servlet spec. If you do that, you can just call
  request.getRemoteUser()
  to get the user name across multiple pages.
  If you want to use your own login scheme, you can create a new session object and map it to a user name somewhere in your app. Or you can just put the name of the user on the session. But the preferred way is to use the default authentication scheme defined by the spec.

• Scenario for single WLAN to multiple VLANs

  Hi there,
  I read from this forum some discussion about the WLC VLAN Select feature.
  http://www.cisco.com/image/gif/paws/113465/vlan-select-dg-00.pdf
  I see that you can use this feature to have multiple VLANS (interfaces) to map to the same WLAN (SSID).
  What I try to learn is under what scenarios would people need to have mutliple vlan mapped to single SSID?
  In my environment, I have 50+ AP int he campus on 20+ Cisco 4500 switches.  I have single WLAN and it is mapped to one subnet.  All wireless users would be on that subnets, whereas wired users are on 20+ subnets of their own.
  Can someone help me to see under what scenarior (or requirement) that I would want to have multiple vlans mapped to single SSID?
  Thanks.

  having a large number of users in single subnet is not the best in all designs, since you will have a large single broadcast domain which is a true disaster with dense networks. If you the company policy states that we need only one single ssid
  for the whole employees within the company, it doesn't make sense to have them all on the same subnet.
  A lot of options are available to overcome such issues :
  for example, we might have AP groups feature , dynamic vlan assignment given that we have radius server in place, and vlan pooling.
  It might not be feasible to have RADIUS server all the time, and AP groups might be kind of administrtive overhead as well as it might induce a lot of issues when aps fail over from controller to controller --> Vlan select is a good soultion considering the previously mentioned reasons.
  Please Make sure to rate correct answers

• Multiple VLANs through to layer 2 switch

  So long as each switch supports VLANing (which most manageable switches do), then yes. Some model numbers on the switches would help here though to be sure.
  Also, keep in mind that assigning VLANs is a layer 2 function, not layer 3. So long as you tag the VLANs you need to pass between the switches on the feed ports between them, you should be able to have them running without issue.
  Could you provide a little more detail as to what you're trying to accomplish so that we can better advise you how to proceed?

  Hello,
  Is it possible to send multiple vlans across a layer 3 dell powerconnect to a Meraki layer 2 switch and configure the ports to access the different vlans? 
  Is it also multiple vlans across a layer 3 dell powerconnect to a layer 2 dell powerconnect switch and configure the ports to access the different vlans? 
  I've been playing aound with this and I can't seem to get it done.
  Thanks for any help in advance.
  This topic first appeared in the Spiceworks Community

• Multiple VLAN config help

  I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
  I need:
  1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
  2. To ensure the WEP key is setup correctly for VLAN2
  Thanks in advance for your help!

  So are you saying both SSID's are currently broadcasting?
  I would delete and re-create your client configurations. I don't think it's on the AP side.

• Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

  Hi Surendra,
  I was just given this task to see how i can configure a second ssid for guest access in our environment.
  this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
  Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
  Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
  My AP config is attached below.
  Please tell me what am I doing wrong.
  Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
  Does the access point need to be aware of the voice vlan?
  Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
  I will greatly appreciate your urgent response.
  Thanks in advanced.

  Hi,
  As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
  int vlan 20
  ip helper-address 192.168.33.xxx
  int vlan 60
  ip helper-address 130.20.1.xxx
  I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
  Modify the AP config as below since you are using data vlan as the native vlan
  interface Dot11Radio0.20
  encapsulation dot1Q 20 native
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface FastEthernet0.60
  encapsulation dot1Q 60
  no ip route-cache
  bridge-group 60
  no bridge-group 60 source-learning
  bridge-group 60 spanning-disabled
  Hope this helps.
  Regards
  Najaf