Difference between revisions of "BXadmin:Network"
From CCGB
| Line 1: | Line 1: | ||
= L3 = | = L3 = | ||
| − | == VLAN 1 | + | == VLAN 1 | MANAGEMENT | 10.1.1.0 /24, 2610:8: == |
* VLAN: 1 (MANAGEMENT) | * VLAN: 1 (MANAGEMENT) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 9: | Line 9: | ||
Switches, IPMI interfaces, ESXi management, etc. | Switches, IPMI interfaces, ESXi management, etc. | ||
| − | == VLAN 230 | + | == VLAN 230 | PRINTERS | 10.1.2.0 /24 == |
* VLAN: 230 (PRINTERS) | * VLAN: 230 (PRINTERS) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 20: | Line 20: | ||
Printers or other non-management-type devices. | Printers or other non-management-type devices. | ||
| − | == VLAN 240 | + | == VLAN 240 | SUNRAY | 10.1.3.0 /24 == |
* VLAN: 240 (SUNRAY) | * VLAN: 240 (SUNRAY) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 31: | Line 31: | ||
SunRay terminals. | SunRay terminals. | ||
| − | == VLAN 200 | + | == VLAN 200 | PERSEPHONE | 10.1.4.0 /24 == |
* VLAN: 200 (PERSEPHONE) | * VLAN: 200 (PERSEPHONE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 40: | Line 40: | ||
Persephone cluster. | Persephone cluster. | ||
| − | == VLAN 250 | + | == VLAN 250 | UNAUTH | 10.1.5.0 /24 == |
* VLAN: 250 (UNAUTH) | * VLAN: 250 (UNAUTH) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 49: | Line 49: | ||
Radius dumps unauthorized ports in this VLAN. DNS blackhole. | Radius dumps unauthorized ports in this VLAN. DNS blackhole. | ||
| − | == VLAN 260 | + | == VLAN 260 | QUARANTINE | 10.1.6.0 /24 == |
* VLAN: 260 (QUARANTINE) | * VLAN: 260 (QUARANTINE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 58: | Line 58: | ||
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole. | Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole. | ||
| − | == VLAN 210 | + | == VLAN 210 | LINNE | 192.168.2.0 /24 == |
* VLAN: 210 (LINNE) | * VLAN: 210 (LINNE) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 67: | Line 67: | ||
linne cluster | linne cluster | ||
| − | == VLAN 220 | + | == VLAN 220 | GALAXY | 192.168.4.0 /24 == |
* VLAN: 220 (GALAXY) | * VLAN: 220 (GALAXY) | ||
* Netmask: 255.255.255.0 | * Netmask: 255.255.255.0 | ||
| Line 76: | Line 76: | ||
galaxy | galaxy | ||
| − | == VLAN 100 | + | == VLAN 100 | BX-WIRED | 128.118.200.0 /23, 2610:8:7800:14:: /64 == |
* VLAN: 100 (BX-WIRED) | * VLAN: 100 (BX-WIRED) | ||
* Netmask: 255.255.254.0 | * Netmask: 255.255.254.0 | ||
| Line 95: | Line 95: | ||
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login. | Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login. | ||
| − | == 128.118.202.64 /26 == | + | == VLAN 120 | UNMANAGED | 128.118.202.64 /26 == |
* VLAN: 120 (UNMANAGED) | * VLAN: 120 (UNMANAGED) | ||
* Netmask: 255.255.255.192 | * Netmask: 255.255.255.192 | ||
| Line 106: | Line 106: | ||
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry. | Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry. | ||
| − | == 128.118.202.128 /27 == | + | == NAT | 128.118.202.128 /27 == |
* NAT pool | * NAT pool | ||
* Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT) | * Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT) | ||
| Line 118: | Line 118: | ||
</pre> | </pre> | ||
| − | == 128.118.202.160 /28 == | + | == VLAN 130 | GUEST | 128.118.202.160 /28 == |
* VLAN: 130 (GUEST) | * VLAN: 130 (GUEST) | ||
* Netmask: 255.255.255.240 | * Netmask: 255.255.255.240 | ||
Revision as of 10:01, 28 September 2010
Contents
- 1 L3
- 1.1 VLAN 1 | MANAGEMENT | 10.1.1.0 /24, 2610:8:
- 1.2 VLAN 230 | PRINTERS | 10.1.2.0 /24
- 1.3 VLAN 240 | SUNRAY | 10.1.3.0 /24
- 1.4 VLAN 200 | PERSEPHONE | 10.1.4.0 /24
- 1.5 VLAN 250 | UNAUTH | 10.1.5.0 /24
- 1.6 VLAN 260 | QUARANTINE | 10.1.6.0 /24
- 1.7 VLAN 210 | LINNE | 192.168.2.0 /24
- 1.8 VLAN 220 | GALAXY | 192.168.4.0 /24
- 1.9 VLAN 100 | BX-WIRED | 128.118.200.0 /23, 2610:8:7800:14:: /64
- 1.10 VLAN 110 | DOT1X | 128.118.202.0 /26
- 1.11 VLAN 120 | UNMANAGED | 128.118.202.64 /26
- 1.12 NAT | 128.118.202.128 /27
- 1.13 VLAN 130 | GUEST | 128.118.202.160 /28
- 2 L2
L3
VLAN 1 | MANAGEMENT | 10.1.1.0 /24, 2610:8:
- VLAN: 1 (MANAGEMENT)
- Netmask: 255.255.255.0
- Broadcast: 10.1.1.255
- Gateway: 10.1.1.1
- DNS: *.net.bx.psu.edu
Switches, IPMI interfaces, ESXi management, etc.
VLAN 230 | PRINTERS | 10.1.2.0 /24
- VLAN: 230 (PRINTERS)
- Netmask: 255.255.255.0
- Broadcast: 10.1.2.255
- Gateway: 10.1.2.1
- Usable IPs: .1 - .254
- Client IPs: 253
- DNS: *.printers.bx.psu.edu
Printers or other non-management-type devices.
VLAN 240 | SUNRAY | 10.1.3.0 /24
- VLAN: 240 (SUNRAY)
- Netmask: 255.255.255.0
- Broadcast: 10.1.3.255
- Gateway: 10.1.3.1
- Usable IPs: .1 - .254
- Client IPs: 253
- DNS: *.sunray.bx.psu.edu
SunRay terminals.
VLAN 200 | PERSEPHONE | 10.1.4.0 /24
- VLAN: 200 (PERSEPHONE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.4.255
- Gateway: 10.1.4.1
- DNS: *.persephone.bx.psu.edu
Persephone cluster.
VLAN 250 | UNAUTH | 10.1.5.0 /24
- VLAN: 250 (UNAUTH)
- Netmask: 255.255.255.0
- Broadcast: 10.1.5.255
- Gateway: 10.1.5.1
- DNS: *.unauth.bx.psu.edu
Radius dumps unauthorized ports in this VLAN. DNS blackhole.
VLAN 260 | QUARANTINE | 10.1.6.0 /24
- VLAN: 260 (QUARANTINE)
- Netmask: 255.255.255.0
- Broadcast: 10.1.6.255
- Gateway: 10.1.6.1
- DNS: *.quarantine.bx.psu.edu
Radius dumps quanrantined MACs and users in this VLAN. DNS blackhole.
VLAN 210 | LINNE | 192.168.2.0 /24
- VLAN: 210 (LINNE)
- Netmask: 255.255.255.0
- Broadcast: 192.168.2.255
- Gateway: 192.168.2.253
- DNS: *.linne.bx.psu.edu
linne cluster
VLAN 220 | GALAXY | 192.168.4.0 /24
- VLAN: 220 (GALAXY)
- Netmask: 255.255.255.0
- Broadcast: 192.168.4.255
- Gateway: 192.168.2.254
- DNS: *.g2.bx.psu.edu
galaxy
VLAN 100 | BX-WIRED | 128.118.200.0 /23, 2610:8:7800:14:: /64
- VLAN: 100 (BX-WIRED)
- Netmask: 255.255.254.0
- Broadcast: 128.118.201.255
- Gateway: 128.118.200.1, 2610:8:7800:14::1
Centrally managed machines. Machines that we have root on and/or control with cfengine.
VLAN 110 | DOT1X | 128.118.202.0 /26
- VLAN: 110 (DOT1X)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.63
- Gateway: 128.118.202.1
- Usable IPs: .1 - .62
- Client IPs: 61
- DNS: dot1x-128-118-202-N.bx.psu.edu
Dynamically assigned with DHCP. 802.1x EAP-TTLS-PAP username/password login.
VLAN 120 | UNMANAGED | 128.118.202.64 /26
- VLAN: 120 (UNMANAGED)
- Netmask: 255.255.255.192
- Broadcast: 128.118.202.127
- Gateway: 128.118.202.65
- Usable IPs: .65 - .126
- Client IPs: 61
- DNS: custom or 128-118-202-N.bx.psu.edu
Statically assgined with DHCP based on MAC. Radius attributes defined in LDAP for the DHCP host entry.
NAT | 128.118.202.128 /27
- NAT pool
- Usable IPs: .129 - .158 (with .159 being the broadcast, but not used for NAT)
- DNS: nat-128-118-202-N.bx.psu.edu
NAT config on ASA:
global (Outside) 1 128.118.202.1-128.118.202.30 nat (Bioinformatics) 1 192.168.2.0 255.255.255.0 nat (Bioinformatics) 1 192.168.4.0 255.255.255.0 nat (Bioinformatics) 1 10.1.0.0 255.255.0.0
VLAN 130 | GUEST | 128.118.202.160 /28
- VLAN: 130 (GUEST)
- Netmask: 255.255.255.240
- Broadcast: 128.118.202.175
- Gateway: 128.118.202.161
- Usable IPs: .162 - .174
- Client IPs: 13
- DNS: guest-128-118-202-N.bx.psu.edu
DHCP entries static in LDAP. Web authorization form to allow changing of the MAC address, restricted to PIs and other persons of repute. These entries will be periodically expired. Or, tie into EDUROAM somehow?
L2
Current network diagram in DIA format is located at /afs/bx.psu.edu/admin/documents/bx_network-l2-<DATE>.dia
When updating, be sure to work on a copy, and update the date in the box in the upper left-hand corner.
