Difference between revisions of "BXadmin:Network"
From CCGB
| Line 9: | Line 9: | ||
Switches, IPMI interfaces, ESXi management, etc. | Switches, IPMI interfaces, ESXi management, etc. | ||
| − | == 10.1.2.0 / | + | == VLAN 230 : PRINTERS : 10.1.2.0 /24 == |
* VLAN: 230 (PRINTERS) | * VLAN: 230 (PRINTERS) | ||
| − | * Netmask: 255.255.255. | + | * Netmask: 255.255.255.0 |
| − | * Broadcast: 10.1.2. | + | * Broadcast: 10.1.2.255 |
* Gateway: 10.1.2.1 | * Gateway: 10.1.2.1 | ||
| − | * Usable IPs: .1 - . | + | * Usable IPs: .1 - .254 |
| − | * Client IPs: | + | * Client IPs: 253 |
* DNS: *.printers.bx.psu.edu | * DNS: *.printers.bx.psu.edu | ||
| − | Printers | + | Printers or other non-management-type devices. |
| − | == 10.1. | + | == VLAN 240 : SUNRAY : 10.1.3.0 /24 == |
* VLAN: 240 (SUNRAY) | * VLAN: 240 (SUNRAY) | ||
| − | * Netmask: 255.255.255. | + | * Netmask: 255.255.255.0 |
| − | * Broadcast: 10.1. | + | * Broadcast: 10.1.3.255 |
| − | * Gateway: 10.1. | + | * Gateway: 10.1.3.1 |
| − | * Usable IPs: . | + | * Usable IPs: .1 - .254 |
| − | * Client IPs: | + | * Client IPs: 253 |
* DNS: *.sunray.bx.psu.edu | * DNS: *.sunray.bx.psu.edu | ||
SunRay terminals. | SunRay terminals. | ||
| − | == 10.1.4.0 /24 == | + | == VLAN 200 : PERSEPHONE : 10.1.4.0 /24 == |
* VLAN: 200 (PERSEPHONE) | * VLAN: 200 (PERSEPHONE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 40: | Line 40: | ||
Persephone cluster. | Persephone cluster. | ||
| − | == 10.1.5.0 /24 == | + | == VLAN 250 : UNAUTH : 10.1.5.0 /24 == |
* VLAN: 250 (UNAUTH) | * VLAN: 250 (UNAUTH) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 47: | Line 47: | ||
* DNS: *.unauth.bx.psu.edu | * DNS: *.unauth.bx.psu.edu | ||
| − | Radius dumps unauthorized ports | + | Radius dumps unauthorized ports in this VLAN. DNS blackhole. |
| − | == 10.1.6.0 /24 == | + | == VLAN 260 : QUARANTINE : 10.1.6.0 /24 == |
* VLAN: 260 (QUARANTINE) | * VLAN: 260 (QUARANTINE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 58: | Line 58: | ||
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole. | Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole. | ||
| − | == 192.168.2.0 /24 == | + | == VLAN 210 : LINNE : 192.168.2.0 /24 == |
* VLAN: 210 (LINNE) | * VLAN: 210 (LINNE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 67: | Line 67: | ||
linne cluster | linne cluster | ||
| − | == 192.168.4.0 /24 == | + | == VLAN 220 : GALAXY : 192.168.4.0 /24 == |
* VLAN: 220 (GALAXY) | * VLAN: 220 (GALAXY) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 76: | Line 76: | ||
galaxy | galaxy | ||
| − | == 128.118.200.0 /23, 2610:8:7800:14:: /64 == | + | == VLAN 100 : BX-WIRED : 128.118.200.0 /23, 2610:8:7800:14:: /64 == |
* VLAN: 100 (BX-WIRED) | * VLAN: 100 (BX-WIRED) | ||
* Netmask: 255.255.254.0 | * Netmask: 255.255.254.0 | ||
Revision as of 10:58, 28 September 2010
Contents
- 1 L3
- 1.1 10.1.1.0 /24, 2610:8:
- 1.2 VLAN 230 : PRINTERS : 10.1.2.0 /24
- 1.3 VLAN 240 : SUNRAY : 10.1.3.0 /24
- 1.4 VLAN 200 : PERSEPHONE : 10.1.4.0 /24
- 1.5 VLAN 250 : UNAUTH : 10.1.5.0 /24
- 1.6 VLAN 260 : QUARANTINE : 10.1.6.0 /24
- 1.7 VLAN 210 : LINNE : 192.168.2.0 /24
- 1.8 VLAN 220 : GALAXY : 192.168.4.0 /24
- 1.9 VLAN 100 : BX-WIRED : 128.118.200.0 /23, 2610:8:7800:14:: /64
- 1.10 128.118.202.0 /26
- 1.11 128.118.202.64 /26
- 1.12 128.118.202.128 /27
- 1.13 128.118.202.160 /28
- 2 L2
L3
10.1.1.0 /24, 2610:8:
- VLAN: 1 (MANAGEMENT)
- Netmask: 255.255.255.0
- Broadcast: 10.1.1.255
- Gateway: 10.1.1.1
- DNS: *.net.bx.psu.edu
Switches, IPMI interfaces, ESXi management, etc.
VLAN 230 : PRINTERS : 10.1.2.0 /24
- VLAN: 230 (PRINTERS)
- Netmask: 255.255.255.0
- Broadcast: 10.1.2.255
- Gateway: 10.1.2.1
- Usable IPs: .1 - .254
- Client IPs: 253
- DNS: *.printers.bx.psu.edu
Printers or other non-management-type devices.
VLAN 240 : SUNRAY : 10.1.3.0 /24
- VLAN: 240 (SUNRAY)
- Netmask: 255.255.255.0
- Broadcast: 10.1.3.255
- Gateway: 10.1.3.1
- Usable IPs: .1 - .254
- Client IPs: 253
- DNS: *.sunray.bx.psu.edu
SunRay terminals.
VLAN 200 : PERSEPHONE : 10.1.4.0 /24
- VLAN: 200 (PERSEPHONE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.4.255
- Gateway: 10.1.4.1
- DNS: *.persephone.bx.psu.edu
Persephone cluster.
VLAN 250 : UNAUTH : 10.1.5.0 /24
- VLAN: 250 (UNAUTH)
- Netmask: 255.255.255.0
- Broadcast: 10.1.5.255
- Gateway: 10.1.5.1
- DNS: *.unauth.bx.psu.edu
Radius dumps unauthorized ports in this VLAN. DNS blackhole.
VLAN 260 : QUARANTINE : 10.1.6.0 /24
- VLAN: 260 (QUARANTINE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.6.255
- Gateway: 10.1.6.1
- DNS: *.quarantine.bx.psu.edu
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole.
VLAN 210 : LINNE : 192.168.2.0 /24
- VLAN: 210 (LINNE)
- Netmask: 255.255.255.0
- Broadcast: 192.168.2.255
- Gateway: 192.168.2.253
- DNS: *.linne.bx.psu.edu
linne cluster
VLAN 220 : GALAXY : 192.168.4.0 /24
- VLAN: 220 (GALAXY)
- Netmask: 255.255.255.0
- Broadcast: 192.168.4.255
- Gateway: 192.168.2.254
- DNS: *.g2.bx.psu.edu
galaxy
VLAN 100 : BX-WIRED : 128.118.200.0 /23, 2610:8:7800:14:: /64
- VLAN: 100 (BX-WIRED)
- Netmask: 255.255.254.0
- Broadcast: 128.118.201.255
- Gateway: 128.118.200.1, 2610:8:7800:14::1
Centrally managed machines. Machines that we have root on and/or control with cfengine.
128.118.202.0 /26
- VLAN: 110 (DOT1X)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.63
- Gateway: 128.118.202.1
- Usable IPs: .1 - .62
- Client IPs: 61
- DNS: dot1x-128-118-202-N.bx.psu.edu
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.
128.118.202.64 /26
- VLAN: 120 (UNMANAGED)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.127
- Gateway: 128.118.202.65
- Usable IPs: .65 - .126
- Client IPs: 61
- DNS: custom or 128-118-202-N.bx.psu.edu
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.
128.118.202.128 /27
- NAT pool
- Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT)
- DNS: nat-128-118-202-N.bx.psu.edu
NAT config on ASA:
global (Outside) 1 128.118.202.1-128.118.202.30 nat (Bioinformatics) 1 192.168.2.0 255.255.255.0 nat (Bioinformatics) 1 192.168.4.0 255.255.255.0 nat (Bioinformatics) 1 10.1.0.0 255.255.0.0
128.118.202.160 /28
- VLAN: 130 (GUEST)
- Netmask: 255.255.255.240
- Broadcast: 128.118.202.175
- Gateway: 128.118.202.161
- Usable IPs: .162 - .174
- Client IPs: 13
- DNS: guest-128-118-202-N.bx.psu.edu
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?
L2
Current network diagram in DIA format is located at /afs/bx.psu.edu/admin/documents/bx_network-l2-<DATE>.dia
When updating, be sure to work on a copy, and update the date in the box in the upper left-hand corner.
