Difference between revisions of "BXadmin:Network"

From CCGB
Jump to: navigation, search
Line 1: Line 1:
 
= L3 =
 
= L3 =
 +
== 10.1.1.0 /24, 2610:8: ==
 +
* VLAN: 1 (MANAGEMENT)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 10.1.1.255
 +
* Gateway: 10.1.1.1
 +
* DNS: *.net.bx.psu.edu
 +
 +
Switches, IPMI interfaces, ESXi management, etc.
 +
 +
== 10.1.2.0 /27 ==
 +
* VLAN: ?PRINTERS?
 +
* Netmask: 255.255.255.224
 +
* Broadcast: 10.1.2.31
 +
* Gateway: 10.1.2.1
 +
* Usable IPs: .1 - .30
 +
* Client IPs: 29
 +
* DNS: *.printers.bx.psu.edu ?
 +
 +
Printers?
 +
 +
== 10.1.2.32 /27 ==
 +
* VLAN: (SUNRAY)
 +
* Netmask: 255.255.255.224
 +
* Broadcast: 10.1.2.63
 +
* Gateway: 10.1.2.33
 +
* Usable IPs: .33 - .62
 +
* Client IPs: 29
 +
* DNS: *.sunray.bx.psu.edu
 +
 +
SunRay terminals.
 +
 +
== 10.1.4.0 /24 ==
 +
* VLAN: 200 (PERSEPHONE)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 10.1.4.255
 +
* Gateway: 10.1.4.1
 +
* DNS: *.persephone.bx.psu.edu
 +
 +
Persephone cluster.
 +
 +
== 10.1.5.0 /24 ==
 +
* VLAN: 230 (UNAUTH)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 10.1.5.255
 +
* Gateway: 10.1.5.1
 +
* DNS: *.unauth.bx.psu.edu
 +
 +
Radius dumps unauthorized ports get dumped in this VLAN. DNS blackhole.
 +
 +
== 10.1.6.0 /24 ==
 +
* VLAN: 240 (QUARANTINE)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 10.1.6.255
 +
* Gateway: 10.1.6.1
 +
* DNS: *.quarantine.bx.psu.edu
 +
 +
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole.
 +
 +
== 192.168.2.0 /24 ==
 +
* VLAN: 210 (LINNE)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 192.168.2.255
 +
* Gateway: 192.168.2.253
 +
* DNS: *.linne.bx.psu.edu
 +
 +
linne cluster
 +
 +
== 192.168.4.0 /24 ==
 +
* VLAN: 220 (GALAXY)
 +
* Netmask: 255.255.255.0
 +
* Broadcast: 192.168.4.255
 +
* Gateway: 192.168.2.254
 +
* DNS: *.g2.bx.psu.edu
 +
 +
galaxy
 +
 
== 128.118.200.0 /23, 2610:8:7800:14:: /64 ==
 
== 128.118.200.0 /23, 2610:8:7800:14:: /64 ==
 
* VLAN: 100 (BX-WIRED)
 
* VLAN: 100 (BX-WIRED)
Line 7: Line 83:
  
 
Centrally managed machines. Machines that we have root on and/or control with cfengine.
 
Centrally managed machines. Machines that we have root on and/or control with cfengine.
 +
 +
== 128.118.202.0 /26 ==
 +
* VLAN: 110 (DOT1X)
 +
* Netmask: 255.255.255.192
 +
* Broadcast: 128.118.202.63
 +
* Gateway: 128.118.202.1
 +
* Usable IPs: .1 - .62
 +
* Client IPs: 61
 +
* DNS: dot1x-128-118-202-N.bx.psu.edu
 +
 +
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.
 +
 +
== 128.118.202.64 /26 ==
 +
* VLAN: 120 (UNMANAGED)
 +
* Netmask: 255.255.255.192
 +
* Broadcast: 128.118.202.127
 +
* Gateway: 128.118.202.65
 +
* Usable IPs: .65 - .126
 +
* Client IPs: 61
 +
* DNS: custom or 128-118-202-N.bx.psu.edu
 +
 +
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.
  
 
== 128.118.202.128 /27 ==
 
== 128.118.202.128 /27 ==
Line 21: Line 119:
  
 
== 128.118.202.160 /28 ==
 
== 128.118.202.160 /28 ==
* VLAN: 110 (GUEST)
+
* VLAN: 130 (GUEST)
 
* Netmask: 255.255.255.240
 
* Netmask: 255.255.255.240
 
* Broadcast: 128.118.202.175
 
* Broadcast: 128.118.202.175
Line 30: Line 128:
  
 
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?
 
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?
 
== 128.118.202.0 /26 ==
 
* VLAN: 120 (DOT1X)
 
* Netmask: 255.255.255.192
 
* Broadcast: 128.118.202.63
 
* Gateway: 128.118.202.1
 
* Usable IPs: .1 - .62
 
* Client IPs: 61
 
* DNS: dot1x-128-118-202-N.bx.psu.edu
 
 
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.
 
 
== 128.118.202.64 /26 ==
 
* VLAN: 130 (UNMANAGED)
 
* Netmask: 255.255.255.192
 
* Broadcast: 128.118.202.127
 
* Gateway: 128.118.202.65
 
* Usable IPs: .65 - .126
 
* Client IPs: 61
 
* DNS: custom or 128-118-202-N.bx.psu.edu
 
 
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.
 
  
 
= L2 =
 
= L2 =

Revision as of 17:55, 23 September 2010

L3

10.1.1.0 /24, 2610:8:

  • VLAN: 1 (MANAGEMENT)
  • Netmask: 255.255.255.0
  • Broadcast: 10.1.1.255
  • Gateway: 10.1.1.1
  • DNS: *.net.bx.psu.edu

Switches, IPMI interfaces, ESXi management, etc.

10.1.2.0 /27

  • VLAN: ?PRINTERS?
  • Netmask: 255.255.255.224
  • Broadcast: 10.1.2.31
  • Gateway: 10.1.2.1
  • Usable IPs: .1 - .30
  • Client IPs: 29
  • DNS: *.printers.bx.psu.edu ?

Printers?

10.1.2.32 /27

  • VLAN: (SUNRAY)
  • Netmask: 255.255.255.224
  • Broadcast: 10.1.2.63
  • Gateway: 10.1.2.33
  • Usable IPs: .33 - .62
  • Client IPs: 29
  • DNS: *.sunray.bx.psu.edu

SunRay terminals.

10.1.4.0 /24

  • VLAN: 200 (PERSEPHONE)
  • Netmask: 255.255.255.0
  • Broadcast: 10.1.4.255
  • Gateway: 10.1.4.1
  • DNS: *.persephone.bx.psu.edu

Persephone cluster.

10.1.5.0 /24

  • VLAN: 230 (UNAUTH)
  • Netmask: 255.255.255.0
  • Broadcast: 10.1.5.255
  • Gateway: 10.1.5.1
  • DNS: *.unauth.bx.psu.edu

Radius dumps unauthorized ports get dumped in this VLAN. DNS blackhole.

10.1.6.0 /24

  • VLAN: 240 (QUARANTINE)
  • Netmask: 255.255.255.0
  • Broadcast: 10.1.6.255
  • Gateway: 10.1.6.1
  • DNS: *.quarantine.bx.psu.edu

Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole.

192.168.2.0 /24

  • VLAN: 210 (LINNE)
  • Netmask: 255.255.255.0
  • Broadcast: 192.168.2.255
  • Gateway: 192.168.2.253
  • DNS: *.linne.bx.psu.edu

linne cluster

192.168.4.0 /24

  • VLAN: 220 (GALAXY)
  • Netmask: 255.255.255.0
  • Broadcast: 192.168.4.255
  • Gateway: 192.168.2.254
  • DNS: *.g2.bx.psu.edu

galaxy

128.118.200.0 /23, 2610:8:7800:14:: /64

  • VLAN: 100 (BX-WIRED)
  • Netmask: 255.255.254.0
  • Broadcast: 128.118.201.255
  • Gateway: 128.118.200.1, 2610:8:7800:14::1

Centrally managed machines. Machines that we have root on and/or control with cfengine.

128.118.202.0 /26

  • VLAN: 110 (DOT1X)
  • Netmask: 255.255.255.192
  • Broadcast: 128.118.202.63
  • Gateway: 128.118.202.1
  • Usable IPs: .1 - .62
  • Client IPs: 61
  • DNS: dot1x-128-118-202-N.bx.psu.edu

Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.

128.118.202.64 /26

  • VLAN: 120 (UNMANAGED)
  • Netmask: 255.255.255.192
  • Broadcast: 128.118.202.127
  • Gateway: 128.118.202.65
  • Usable IPs: .65 - .126
  • Client IPs: 61
  • DNS: custom or 128-118-202-N.bx.psu.edu

Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.

128.118.202.128 /27

  • NAT pool
  • Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT)
  • DNS: nat-128-118-202-N.bx.psu.edu

NAT config on ASA:

global (Outside) 1 128.118.202.1-128.118.202.30
nat (Bioinformatics) 1 192.168.2.0 255.255.255.0
nat (Bioinformatics) 1 192.168.4.0 255.255.255.0
nat (Bioinformatics) 1 10.1.0.0 255.255.0.0

128.118.202.160 /28

  • VLAN: 130 (GUEST)
  • Netmask: 255.255.255.240
  • Broadcast: 128.118.202.175
  • Gateway: 128.118.202.161
  • Usable IPs: .162 - .174
  • Client IPs: 13
  • DNS: guest-128-118-202-N.bx.psu.edu

DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?

L2

Current network diagram in DIA format is located at /afs/bx.psu.edu/admin/documents/bx_network-l2-<DATE>.dia

When updating, be sure to work on a copy, and update the date in the box in the upper left-hand corner.

Bx network-l2-2010-26-02.png