Difference between revisions of "BXadmin:Network"
Line 1: | Line 1: | ||
= L3 = | = L3 = | ||
+ | == 10.1.1.0 /24, 2610:8: == | ||
+ | * VLAN: 1 (MANAGEMENT) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 10.1.1.255 | ||
+ | * Gateway: 10.1.1.1 | ||
+ | * DNS: *.net.bx.psu.edu | ||
+ | |||
+ | Switches, IPMI interfaces, ESXi management, etc. | ||
+ | |||
+ | == 10.1.2.0 /27 == | ||
+ | * VLAN: ?PRINTERS? | ||
+ | * Netmask: 255.255.255.224 | ||
+ | * Broadcast: 10.1.2.31 | ||
+ | * Gateway: 10.1.2.1 | ||
+ | * Usable IPs: .1 - .30 | ||
+ | * Client IPs: 29 | ||
+ | * DNS: *.printers.bx.psu.edu ? | ||
+ | |||
+ | Printers? | ||
+ | |||
+ | == 10.1.2.32 /27 == | ||
+ | * VLAN: (SUNRAY) | ||
+ | * Netmask: 255.255.255.224 | ||
+ | * Broadcast: 10.1.2.63 | ||
+ | * Gateway: 10.1.2.33 | ||
+ | * Usable IPs: .33 - .62 | ||
+ | * Client IPs: 29 | ||
+ | * DNS: *.sunray.bx.psu.edu | ||
+ | |||
+ | SunRay terminals. | ||
+ | |||
+ | == 10.1.4.0 /24 == | ||
+ | * VLAN: 200 (PERSEPHONE) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 10.1.4.255 | ||
+ | * Gateway: 10.1.4.1 | ||
+ | * DNS: *.persephone.bx.psu.edu | ||
+ | |||
+ | Persephone cluster. | ||
+ | |||
+ | == 10.1.5.0 /24 == | ||
+ | * VLAN: 230 (UNAUTH) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 10.1.5.255 | ||
+ | * Gateway: 10.1.5.1 | ||
+ | * DNS: *.unauth.bx.psu.edu | ||
+ | |||
+ | Radius dumps unauthorized ports get dumped in this VLAN. DNS blackhole. | ||
+ | |||
+ | == 10.1.6.0 /24 == | ||
+ | * VLAN: 240 (QUARANTINE) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 10.1.6.255 | ||
+ | * Gateway: 10.1.6.1 | ||
+ | * DNS: *.quarantine.bx.psu.edu | ||
+ | |||
+ | Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole. | ||
+ | |||
+ | == 192.168.2.0 /24 == | ||
+ | * VLAN: 210 (LINNE) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 192.168.2.255 | ||
+ | * Gateway: 192.168.2.253 | ||
+ | * DNS: *.linne.bx.psu.edu | ||
+ | |||
+ | linne cluster | ||
+ | |||
+ | == 192.168.4.0 /24 == | ||
+ | * VLAN: 220 (GALAXY) | ||
+ | * Netmask: 255.255.255.0 | ||
+ | * Broadcast: 192.168.4.255 | ||
+ | * Gateway: 192.168.2.254 | ||
+ | * DNS: *.g2.bx.psu.edu | ||
+ | |||
+ | galaxy | ||
+ | |||
== 128.118.200.0 /23, 2610:8:7800:14:: /64 == | == 128.118.200.0 /23, 2610:8:7800:14:: /64 == | ||
* VLAN: 100 (BX-WIRED) | * VLAN: 100 (BX-WIRED) | ||
Line 7: | Line 83: | ||
Centrally managed machines. Machines that we have root on and/or control with cfengine. | Centrally managed machines. Machines that we have root on and/or control with cfengine. | ||
+ | |||
+ | == 128.118.202.0 /26 == | ||
+ | * VLAN: 110 (DOT1X) | ||
+ | * Netmask: 255.255.255.192 | ||
+ | * Broadcast: 128.118.202.63 | ||
+ | * Gateway: 128.118.202.1 | ||
+ | * Usable IPs: .1 - .62 | ||
+ | * Client IPs: 61 | ||
+ | * DNS: dot1x-128-118-202-N.bx.psu.edu | ||
+ | |||
+ | Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login. | ||
+ | |||
+ | == 128.118.202.64 /26 == | ||
+ | * VLAN: 120 (UNMANAGED) | ||
+ | * Netmask: 255.255.255.192 | ||
+ | * Broadcast: 128.118.202.127 | ||
+ | * Gateway: 128.118.202.65 | ||
+ | * Usable IPs: .65 - .126 | ||
+ | * Client IPs: 61 | ||
+ | * DNS: custom or 128-118-202-N.bx.psu.edu | ||
+ | |||
+ | Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry. | ||
== 128.118.202.128 /27 == | == 128.118.202.128 /27 == | ||
Line 21: | Line 119: | ||
== 128.118.202.160 /28 == | == 128.118.202.160 /28 == | ||
− | * VLAN: | + | * VLAN: 130 (GUEST) |
* Netmask: 255.255.255.240 | * Netmask: 255.255.255.240 | ||
* Broadcast: 128.118.202.175 | * Broadcast: 128.118.202.175 | ||
Line 30: | Line 128: | ||
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow? | DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow? | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= L2 = | = L2 = |
Revision as of 17:55, 23 September 2010
L3
10.1.1.0 /24, 2610:8:
- VLAN: 1 (MANAGEMENT)
- Netmask: 255.255.255.0
- Broadcast: 10.1.1.255
- Gateway: 10.1.1.1
- DNS: *.net.bx.psu.edu
Switches, IPMI interfaces, ESXi management, etc.
10.1.2.0 /27
- VLAN: ?PRINTERS?
- Netmask: 255.255.255.224
- Broadcast: 10.1.2.31
- Gateway: 10.1.2.1
- Usable IPs: .1 - .30
- Client IPs: 29
- DNS: *.printers.bx.psu.edu ?
Printers?
10.1.2.32 /27
- VLAN: (SUNRAY)
- Netmask: 255.255.255.224
- Broadcast: 10.1.2.63
- Gateway: 10.1.2.33
- Usable IPs: .33 - .62
- Client IPs: 29
- DNS: *.sunray.bx.psu.edu
SunRay terminals.
10.1.4.0 /24
- VLAN: 200 (PERSEPHONE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.4.255
- Gateway: 10.1.4.1
- DNS: *.persephone.bx.psu.edu
Persephone cluster.
10.1.5.0 /24
- VLAN: 230 (UNAUTH)
- Netmask: 255.255.255.0
- Broadcast: 10.1.5.255
- Gateway: 10.1.5.1
- DNS: *.unauth.bx.psu.edu
Radius dumps unauthorized ports get dumped in this VLAN. DNS blackhole.
10.1.6.0 /24
- VLAN: 240 (QUARANTINE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.6.255
- Gateway: 10.1.6.1
- DNS: *.quarantine.bx.psu.edu
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole.
192.168.2.0 /24
- VLAN: 210 (LINNE)
- Netmask: 255.255.255.0
- Broadcast: 192.168.2.255
- Gateway: 192.168.2.253
- DNS: *.linne.bx.psu.edu
linne cluster
192.168.4.0 /24
- VLAN: 220 (GALAXY)
- Netmask: 255.255.255.0
- Broadcast: 192.168.4.255
- Gateway: 192.168.2.254
- DNS: *.g2.bx.psu.edu
galaxy
128.118.200.0 /23, 2610:8:7800:14:: /64
- VLAN: 100 (BX-WIRED)
- Netmask: 255.255.254.0
- Broadcast: 128.118.201.255
- Gateway: 128.118.200.1, 2610:8:7800:14::1
Centrally managed machines. Machines that we have root on and/or control with cfengine.
128.118.202.0 /26
- VLAN: 110 (DOT1X)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.63
- Gateway: 128.118.202.1
- Usable IPs: .1 - .62
- Client IPs: 61
- DNS: dot1x-128-118-202-N.bx.psu.edu
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.
128.118.202.64 /26
- VLAN: 120 (UNMANAGED)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.127
- Gateway: 128.118.202.65
- Usable IPs: .65 - .126
- Client IPs: 61
- DNS: custom or 128-118-202-N.bx.psu.edu
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.
128.118.202.128 /27
- NAT pool
- Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT)
- DNS: nat-128-118-202-N.bx.psu.edu
NAT config on ASA:
global (Outside) 1 128.118.202.1-128.118.202.30 nat (Bioinformatics) 1 192.168.2.0 255.255.255.0 nat (Bioinformatics) 1 192.168.4.0 255.255.255.0 nat (Bioinformatics) 1 10.1.0.0 255.255.0.0
128.118.202.160 /28
- VLAN: 130 (GUEST)
- Netmask: 255.255.255.240
- Broadcast: 128.118.202.175
- Gateway: 128.118.202.161
- Usable IPs: .162 - .174
- Client IPs: 13
- DNS: guest-128-118-202-N.bx.psu.edu
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?
L2
Current network diagram in DIA format is located at /afs/bx.psu.edu/admin/documents/bx_network-l2-<DATE>.dia
When updating, be sure to work on a copy, and update the date in the box in the upper left-hand corner.