Selection extended DHCP and several VLANs

Similar Questions

• Several VLANS and DHCP relay on two stacked switch SGE2000-G5

  We were put to the task of securing a small desktop system managed that is currently set up with a standard switch for each of the offices (with different companies) to see each other and in some cases, access to each of the other documents on the network.

  Obviously, this is far from adequate set up and our goal is to isolate each office using VIRTUAL networks, but share a common internet connection provided by managed offices.  We have two switches for layer 3 Cisco SGE2000-G5, but we are new on Cisco equipment and VLAN, so we are not quite sure on how to implement this.  DHCP must be provided by a router, there is no server.  We are open to suggestions on the router as we still buy a.

  I hope that someone may be useful.

  Thank you very much

  Jim

  Hi Jim,.

  SGE2000 switches you are using must be able to handle this without issue. What type of router you are using? As long as you have a router that will take in charge VLAN / several subnets, it should be a simple configuration.

  Here's a quick run down of the measures to be implemented. (using vlan1 and vlan2)

  On the router, create a vlan / subnet 2 and set the port to connect to your shared resources with the two VLAN 1 and 2 switch. (it will be untagged, two will be marked)

  On the switch, create vlan2 and do the same for the port connected to the router. (vlan1 marked and tagged vlan2)

  Now for each switch port that you want to assign the port access and vlan1 and vlan2. (this vlan will be without a label)

  If your router allows, disable routing inter - vlan. If this isn't the case, you must create rules to block traffic from one network to the other.

  All this happens under the assumption that your router can support VLAN and can also make DHCP for this VLAN.

  Hope this information helps

• PowerConnect 5448 several VLANS between upstream and downstream server firewall

  I am struggling with what I thought, would be a simple task: route several subnets, each on one VLAN different, a firewall to a server.  In fact, I can't even pass the VLAN by default one still looking correct in the address tables and STP.

  Port 1 = firewall, VLAN 1 unidentified, 2 VLAN Tag, 1 PVID, tried the two trunk and general patterns

  17 = server NIC, VLAN 1 unidentified port, VLAN Tag, PVID 1 and 2 2, tried, tried both safe and general patterns

  VLAN 1 (firewall untagged) 10.84.195.0/24, 10.84.195.2 Interface IP and default gateway 10.84.195.1

  VLAN 2 (tag of firewall) 10.101.0.0/16, IP Interface 10.101.0.2 for 2 VLAN, firewall est.1

  The first thing I got was that something has not been properly marked by (Hyper-V, using SC VMM 2012 SP1) server or the firewall (Watchguard XTM 520).  Simple test: VPN Firewall, ping the switch to 10.101.0.2 with the tag, and works, remove the label and it doesn't.  Dynamic address table shows the two-way firewall.  Line 18 below appears right after the ping as planned on VLAN 2 with the same MAC address in VLAN 1.  In addition, I ping the switch 10.101.0.2 from the server and it works fine.  The table shows that VLAN 2 from the host (and 1 other VM), so it seems to me that everything is properly labeled.

  	15	VLAN 1	00907f8f571b	G1
  	16	VLAN 2	00155d1f1b07	G17
  	17	VLAN 2	001dd8b71c01	G17
  	18	VLAN 2	00907f8f571b	G1

  What I can't do, is ping through the switch to VLAN 2.  I can't ping my VPN server (10.101.20.1), and I can not ping to the gateway (10.101.0.1) from the server.  Note, it is not because of rules to firewall on each end.

  What Miss me?  I don't think I need a routing of layer 3 here, I don't have to go through VLAN, just have them several VLANS passes from one port to the other.

  Other things to note in case it is useful:

  -I have no connectivity not tag with everything else through the 10.84.195.xxx/24 switch.

  -If I delete the Tags VLAN port 2 1 trunk, I suddenly can ping the bridge VLAN 2 (10.101.0.1) from the server, although I suspect that it is because the same port is the default gateway for the switch.

  -For brevity, only 2 lines of the STP are listed below, but all ports are therefore based on the question of whether they are connected or not.

  G1 activated 128.1 Frw Desg P2P (STP) No. 4
  G2 activated 128.2 Dsbl Dsbl No. 100.

  -Latest firmware installed.

  -In addition, for people concerned about their security, I want to remove use VLAN by default in the future.

  Would it be possible for run you to stick your show output here in the forum.  In this way, we can take closer look at what you have configured.

  If you connect a desktop/laptop computer (with and intellectual property in the 10.101.0.0/16 range) in a port with the mode of access switchport VLAN 2 are you able to ping IP Interface 10.101.0.2 for 2 VLANS?  You could try to disconnect the firewall and the configurations for the port and work on getting through the switch with 2 terminals on a single VLAN.  Then, once this is confirmed as work connect the firewall back up with a trunk/general mode adding the VLAN necessary.

  You connect to the firewall on a layer 3 interface?  You need Layer 3 routing to reach the firewall correctly.

• Is there a tool or function (in Illustrator or InDesign) that selects any form and 'punches' a 'hole' of this form down through several objects for the paper or the work plan?

  Is there a tool or function (in Illustrator or InDesign) that selects any form and 'punches' a 'hole' of this form down through several objects for the paper or the work plan?

  Your objects punch must be in a large group; It will cut through all that is below.

  Create the shape you want to cut and set it to black Uni. Select your group and your form and (in the transparency palette), click make mask.

  Uncheck the Clip, and then return to the palette.

• PowerConnect 2848 - several VLANS on the 1 port does not

  Hello everyone.

  I have a Dell PowerConnect 2848.  My router is a Netgear SRX5308. In the router, I've created several VLANs (VLAN ID 10 and 20) and would that pass to the ESXi server. If I connect the ESXi server directly to the router, everything works as expected. My VMs are picking up correct VLAN based on the parameters of ESXi.

  I need the 2848 between the two, because I need to add more devices and other servers with a VLAN specific.

  Currently I use port 25 for switch 2848.

  I put the switch to managed mode.

  I created switch-> VLAN-> belonging to a VLAN, VLAN ID 10 and 20.

  I select 10 VLANS and put the T on port 25.

  I select the VLAN 20 and put the T on port 25.  (I also tried to put a U on them, just to try, but did not work)

  But my virtual computer are not able to reach the DHCP on the router.

  Spanning Tree is enabled.

  I'm obviously missing something...

  I have already passed last week banging my head on this, but have not been able to pass traffic along.

  Help, please!

  So you're on the right track. If port 25 is facing the router? What port must face the ESXi Server? That port should also have VLAN 10 and 20 should be labelled.

• 1252 config several VLAN trunking on ethernet not

  Hi all I am new to these forums, but have read some posts on configurations for an AP from 1252 to switch 2950.

  I have several VLANS andmultiple SSID configuration on my ap.  The switch knows the VLANS on the access point

  I think that in the config.

  When I put the 2950 in trunk mode on the port, the ap is conencted too, I can see no longer the access point. And none of my ssid / VLAN traffic through the stem net ether to the switch.  I think I have a problem with the config of the ap specifically either in the British Virgin Islands (do not understand this virtual port) or in bridge groups. (Never worked with foredeck groups.)

  The AP is in stand-alone mode.

  Here is my config on the side of the ap.

  interface Dot11Radio0

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  Base-1 speed, 0 2.0 5.5 11.0 6.0 12.0 9.0 18.0 24.0 36.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  root of station-role

  Bridge-Group 1

  Bridge-Group 1 block-unknown-source

  No source of bridge-Group 1-learning

  unicast bridge-Group 1-floods

  Bridge-Group 1 covering-disabled people

  !

  interface Dot11Radio0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  Bridge-group 100 covering people with reduced mobility

  !

  interface Dot11Radio0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface Dot11Radio1

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  DFS block 3 Strip

  Speed - Basic6.0 9.0 12.0 18.0 36.0 24.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  channel SFR

  root of station-role

  !

  interface Dot11Radio1.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  !

  interface Dot11Radio1.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface GigabitEthernet0

  no ip address

  no ip route cache

  automatic duplex

  automatic speed

  !

  interface GigabitEthernet0.51

  51 native encapsulation dot1Q

  no ip route cache

  Bridge-Group 1

  No source of bridge-Group 1-learning

  Bridge-Group 1 covering-disabled people

  !

  interface GigabitEthernet0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  No source of bridge-group 100-learning

  Bridge-group 100 covering people with reduced mobility

  !

  interface GigabitEthernet0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  No source of bridge-group 255-learning

  Bridge-group 255 covering people with reduced mobility

  !

  interface BVI1

  IP 10.131.10.70 255.255.255.0

  no ip route cache

  !

  51 of VLAN is what I'm trying to trunk more.  VLAN 100 is my networks vlan normal almost everything at the moment.  And my attempt to secure traffic wireless to a new vlan Vlan 300 more course on my local network.

  VLAN 51 has no ip address range

  IP VLAN 100 range is 10.131.10.0

  10.131.11.0 between 300 VLAN

  The routing goes to my switch 3750 core / router, but the access point is conencted to a 2950 namely shared resources to my layer distribution on a stack of 2975.  Once again the vlan 300 works on the 2975 stack and will pull dhcp if it is enabled.  Have not tried this on the 2950 yet, but I suspect it will also work based on the setting of the trunk on the s950 battery of 2975.

  In any case, I want to be able to do is have multiple VLANs configured on the AP (from most secure to least guarantee based on the capabilities of the equipment) and that traffic vlan tag go to my 3750 possibly for other guidelines.

  Here, any help would be greatly appreciated.

  Thank you for taking the time to read this.

  Sincerely,

  Kevin Pulford

  Systems administrator

  Harmon city, Inc.

  Yes, remove the vlan 51 can tell vlan 100 is the native, and there will be a link to bridge - Group 1.  Then change the switch port to vlan 100 native.  You should then be able to reach the access point via telnet/GUI.

  orders will be:

  config t

  No int dot11radio0.51

  No int dot11radio1.51

  No int g0.51

  int dot11radio0.100

  100 native encapsulation dot1q

  int dot11radio1.100

  100 native encapsulation dot1q

  int g0.100

  encapsulation dot1q 100 natively.

  To be sure, save reboot and wr mem.

• SA520W VPN from Site to Site with several VLANs

  Hello

  I have a customer here with several VLANS in their places who wants to set up a VPN from Site to site between 2 devices SA520W. Unfortunately I can not find a way to set it up. In the VPN policy, I can choose between everything (which is not what I want, I want only traffict between subnets the routed via VPN), IP address unique, a beach (in a subnet) and a subnet itself - but only one. I don't find a way to configure several subnets in the selection of local traffic and remotely. Adding another IKE policy between the 2 sites does not either (which is good normally).

  Any ideas? Anything I'm doing wrong?

  Thank you for your help.

  Best regards

  Thomas

  I know that if you have an ASA or a router, you can define as VLANS to pass through the tunnel.

  Do not have access to a SA520W to test...

  A recommendation might be to post the question on the SMB community where they answered questions related to this product, just to check what other people did.

  Federico.

• Time Capsule do not pick up address DHCP and cable modem...

  You just bought a Time Capsule and a couple of Airport Express. If none of these devices are connected together via Ethernet, they seem to have set themselves up, and all is well.

  That being said, I tried to create a mobile network instead of pure wi - fi and am studying various behaviors that are not as expected when I rear hub to the Internet Time Capsule, but need to isolate and go 1 bit at a time... (it works not as well as suggest Apple instructions on homelessness of installation)...

  If:

  1. configuration of the modem cable shows that DHCP is 'ON' and supplied address range 192.168.0.x by 192.168.0.y,.

  2 Cable modem wireless is disabled,

  3 Time Capsule Wan is connected to the cable modem, Ethernet

  4 Time Capsule is configured to request its address IP, DHCP

  5. Airport Express is in Bridge mode and have addresses such as 10.x.y.z (appears to be from a Time capsule).

  6. safe as Time Capsule is set to be as DHCP and NAT

  7. There is NO other device in this configuration connected by Ethernet except the cable Modem and the Time Capsule.

  So, why is the IP address of the time Capsule 76.181.45.xyz? (The address is NOT in the range of the DHCP as described in the #1; it is not supposed to be?) ....

  Whence this address?

  A friend says this address puts the "other side" Time Capsule of the cable Modem, directly on the Net?... (Shouldn't worry?) ....

  If none of these devices are connected together via Ethernet, they seem to have set themselves up, and all is well.

  It's because you didn't have the devices connected via Ethernet before you set up the. Given that the installation utility saw a wireless connection, it is assumed that this was the way that you want to connect devices on your network at all times... so he put it this way.

  If you had an established connection Ethernet before you ran the installer, then the utility would have detected this connection and set up the airport to "expand using Ethernet", does not extend to assistance of wireless.

  (it works not as well as suggest Apple instructions on homelessness of installation)...

  If all goes well, you don't talk about this document... Wi - Fi base stations: extend the reach of your network wireless by adding additional base stations Wi - Fi - Apple Suppo... .. Since the 'how' information in this article is at least 4 years late, bear little resemblance to the latest version of AirPort Utility and some of the information are simply not true.  This document if trash is what you... He'll probably do more harm than good with regard to the details of setting.  The article is OK for basic general information, however.

  6. safe as Time Capsule is set to be as DHCP and NAT

  It should not be if your modem is a modem/router "" or type 'bridge' of the device which is also DHCP and NAT services. The fact that you have disabled the wireless on the device confirms that it is both a modem AND a router. That being the case, then you have two devices that both struggling among themselves to try to control the same network... AND do you also have a network error called Double NAT... something you don't want.

  Probably the best at everything again and provide us with the number of brand and model of your "modem", that we can confirm what it is that you have, then the correctly configured time Capsule to work with this device. Once the time Capsule is set up correctly, it will be easy to put in place the other airports.

• Disorders from several VLANS layer 2 layer 3

  Hello

  We have a layer switch 3 PowerConnect 6248 switch with multiple VLANs and active routing and also a layer 2 with a PowerConnect 5324 switch couple VLANS configured.  My goal is to have several VLANs, through level 3 for the layer 2 switch switch and all VLANS communicate between them.

  I followed the steps under the 3 layer + Layer section 2 to the title of this post:

  en.Community.Dell.com/.../19506015

  Unfortunately, it does not work.

  Here is my current set up and what I tried. My configuration is made via the web interface.

  The 6248 has VLAN 1, 64, 110, 150 and some other configured on the switch. The IP address of the 6248 is 192.168.64.1.  I'm trying to get some vlan 150 and 110 for the layer switch 2 for may I have some ports in the service of vlan vlan portion 150 and some 110.

  I have the IP routing (routing > IP > Interface Configuration) for vlan 150 as 192.168.150.1/24 and vlan 110 as 192.168.110.1/24.

  The 5324 is connected to the 6248 via a port (connected to the port 1 of the 5324 and 18 the 6248).  18 on the 6248 port is currently configured as general / Admit All/PVID 150.  Port 1 on the 5324 is currently configured for the same, but with a PVID of the 1.  150 of VLAN is sent without the label of the 6248 switch and vlan 110 is sent labeled.

  5324 switch is configured with an IP 192.168.150.2 and a gateway of 192.168.150.1.  I am able to access the web interface of the switch and connect machines in any port and get on the 192.168.150.0 subnet.  I created a vlan 110 on the 5324 and it the tag on ports 1 and 4, but port 4 will not any traffic to vlan 110. I tried many settings of belonging to port / vlan various which have all resulted in failure.

  I would greatly appreciate help on this.  It seems that such an easy feat, but I just can't understand it.  I have attached some pictures for people to see.

  

  

  

  

  

  

  

  

  

  I had figured it out.  I enabled Double VLAN on the trunk of the 6248 switch port and it works now.

• WLC5508 problem with dhcp and flexconnect local switching

  Hello
  I have a new WLC 5508 with firmware 8.0.133.0 (suggested one right now) and I'm trying to set up a WLAN with flexconnect and local switching, but when I try to connect a client it is not getting an IP address.

  Here's what I did:
  -put the AP mode flexconnect
  -support vlan in the AP has allowed
  -local switching license and only in wlan
  -spread the vlan from AP to the local gateway
  -put the IP helper on local and pointed the wlc management ip gateway
  -set up a scope for the vlan Server dhcp internal WLC
  -set up a working group with the vlan-wlan association flexconnect

  Here is what I checked:
  -l'AP obtains an IP address in dhcp in the vlan, and a lease for that appear in the DHCP Server internal to the WLC
  -If I put the interface vlan on a switch in DHCP it gets the ip address of the same way
  -If I set the static IP address in the wireless client it ping the local gateway and navigate normally
  -J' tried the deactivation/activation proxy DHCP in the management connected to the WLAN interface, but nothing happened
  -J' tried Central DHCP activation of treatment with no luck

  It seems a dhcpdump on the wireless client client ask for an IP address, but get no response, as if it were the DHCP request is be filtered or diverted somehow.

  All you other ideas?

  DHCP on the controller is not a real dhcp server, see it that way. The management interface is used when defining aid ip and proxy dhcp must be enabled for internal dhcp. In your configuration, dhcp only works for the AP and should not work for any cable customer. You should be able to use the IP helper pointing to your WLC management interface but also make sure that you create an interface on the WLC for the local subnet and assign the interface to a correct address, even if it is not actually using it. Then in the new dynamic interface of this local subnet, you create, make sure that the primary dhcp is the ip address of the controller management. I think it works.

  I would really use a true if possible dhcp server or even put a dhcp scope on the interface of L3 on the production site.

  -Scott

  Please evaluate the useful messages *.

• WLC 2504 several VLANs multiple SSID

  I have three sites

  Data center management unit A - main - controller + Access - Point IP 172.16.x.x - Vlan 38

  Unit B - system managed by controller IP 172.17.x.x - Vlan 38 Access Points

  Unit C - system managed by controller IP 172.18.x.x - Vlan 38 Access Points

  In the network topology OSPF runs. We have several VLANS about 38 we wish to propagate through SSID, but maybe I'm not create more than 16. How to make a movement of the user of a unit for unit B how do mention Vlan IP for the user because it is 38 Vlan spread on each unit.

  UNIT A - UNIT B - UNIT C

  |                            |                               |

  172.16.X.X 172.17.X.X 172.18.X.X

  |                            |                               |

  VLAN 2-38 VLAN 2-38 VLAN 2-38

  |                            |                               |

  AP-1                          AP-2                        AP-3

  |                               |                               |

  User to user-1 user-2-3

  Need of advice and suggestion

  Hello Saad,

  If I understand your scenario, you have 2-38 or 16 VLAN for each unit. To ensure exactly the addressing specific IP must be assigned to the user, you must create groups of AP and add AP group particular AP. Let's say for the 1st floor that you used the subnet 192.168.1.0/24 and AP-group1 so all the first floor AP will be in AP group1. In addition to browse documents cisco you will get any idea on AP groups concept.

  In order to obtain roaming when users move from one unit to another unit we configure mobility in the controller. As OSPF is already running then you have reach-ability between the controller.

  Hope this information helps you.

• DHCP for several local area networks VIRTUAL via SG200 - 50 p

  Here's my scenario.  One of my clients is an executive suite.  Each office gets its own internet through a separate router.  It is a big mess of wiring and confusion.  I want to simplify this by using a single router that feeds a single DHCP subnet to a confgured to switch SG200 - 50 p with multiple VIRTUAL LANs. I was able to do this by connecting an ethernet cable from the router to each group VLAN ports.  So VLAN1 has 4 ports, the first is connected to the router.  VLAN2 has 4 ports, the first is connected to the router etc.    Each VLAN is done with success of DHCP, I isolate traffic between the VLANS.  There is no cross = ping between the VLAN, which is what I want.  And each VLAN can access resources within its VIRTUAL LAN and also provides access to the internet.  Bravo HOWEVER, I would like to provide DHCP to all them VLAN on a single switch port, rather you use a router to power for each grouping of VIRTUAL LAN port.  Because my router is limited to 4 ports, I am limited to 4 VLANS.  I need 12.   I guess this is accomplished in trunking all the VLAN of the to a single port.  But I failed to achieve.  Any ideas are much appreciated.

  Hi Andy, it depends on what one of your routers support. The switch supports 802. 1 q. One of your routers must support a trunk or subinterfaces with 802. 1 q capabilities. It is very important for more than just DHCP. Since I use a single wire, all the VLAN except the vlan native will not have access to the internet unless the router can understand tags vlan.

  My advice to you is first to identify the capacity of your routers, know which router you have / want that supports 12 VLAN and 802. 1 q. The configuration should be the easy part.

  -Tom
  Please mark replied messages useful

• 4235 IDS Sensor monitoring several VLANS & TCP Reset (packet Injection)

  I understand that the 4235 sensor can receive traffic are split to several VLANs than 802. 1 q tags have been placed on the switches (3750 of in this case).

  I have two questions (account required to the statement above in correct).

  1 is it possible to inject traffic (eg. reset the TCP sessions) in each of VLAN monitored (i.e. the 4235 would mark the package injected with good destination VLAN for the response) or only the native/actual VLAN the SPAN destination.

  2. is the traffic carried by the 4235 as coming from multiple virtual interfaces (eg. for the period of INVESTIGATION purpose spoof detection within each VIRTUAL local area network)?

  Thanks much for the reading of the same day. Any input greatly appriciated.

  On your second question, no. monitored traffic is considered as coming from a single virtual interface. The sensor reads the header of the vlan on the packages wrapped and includes with the alarm and more uses for TCP resets. But, you can apply signatures for traffic VLAN specific sensor is followed.

• Several VLAN, SSID

  I get to the point where my campus wireless network grows beyond the size of the subnet that I am uncomfortable dealing with.  I have a WISN and WCS and spin the latest IOS on each.  Is it possible to use several VLANS on a campus-wide SSID?

  Or, can I put the same SSID on both controllers and map it to two separate without causing problems roaming VIRTUAL networks?

  Thank you

  Eric

  Hi Eric,.

  Yes we do, and this feature is called grouping AP on WLC... Here is the sample configuration to do the same thing...

  http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

  Concerning

  Surendra

• Separate Wired DHCP and static profiles

  Windows 7 Pro 64-bit

  We have two offices within our campus. Creating a server (DHCP, static) using DHCP. Although building B (DHCP, static) also uses the DHCP protocol, it is necessary for me to assign a static IP address to my PC for various reasons.

  I need to connect my PC to each building. Using another address is not viable because building B (DHCP, static) has DHCP so the PC is assigned to the DHCP rather than another static address.

  Can I create and select separate network for DHCP and LANs static profiles?

  Thanks in advance.

  You can watch NetSwitcher or NetSetMan...

  http://netswitcher.com/

  http://www.NetSetMan.com/

  .. .to create network specific profiles...