RE: [enterasys] VLAN Configuration - Email found in subject
Where is the routing being done for these vlan's? Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. From: Gustavo Veras [mailto:gustavo@gmail.com] Sent: Wednesday, July 11, 2012 11:04 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] VLAN Configuration - Email found in subject Thanks, Erik! Is working well, but VLAN 11 is not working properly. the vlan 11 is only seeing the switches, do not see the vlan100, vlan200. Build 1: Switch IP: 172.16.0.1 Build 2: Switch IP: 172.16.0.2 43 44 was used as a port of management. The following configuration of the switch ports of the second building: B3(su)-show vlan port Port VLAN Ingress Egress Filter Vlan - ge.1.1 11 N tagged: 11,100,200 ge.1.2 100N untagged: 100 ge.1.3 100N untagged: 100 ge.1.4 100N untagged: 100 ge.1.5 100N untagged: 100 ge.1.6 100N untagged: 100 ge.1.7 200N untagged: 200 ge.1.8 200N untagged: 200 ge.1.9 200N untagged: 200 ge.1.10200N untagged: 200 ge.1.11200N untagged: 200 . ge.1.4311 N untagged: 11,100,200 ge.1.4411 N untagged: 11,100,200 Do you know what might be happening? 2012/7/10 Erik Phillips ephill...@ewrsd.k12.nj.usmailto:ephill...@ewrsd.k12.nj.us What about: building 1 set vlan create 11,100,200 set vlan egress 100 ge.1.1 tagged set vlan egress 200 ge.1.2 tagged set host vlan 11 building 2 set vlan create 11,100,200 set port vlan ge.1.1-6 100 modify-egress set port vlan ge.1.7-11 200 modify-egress set host vlan 11 Also, netsight (if you have it) can probably do this as well. Check out the enterasys channel on youtube, http://www.youtube.com/watch?v=HbStJOT_m08 and http://www.youtube.com/watch?v=q4VNhLbrmcUfeature=results_mainplaynext=1list=PLD0A4267BC50654DB. I think it provides a good start for setups. Erik Phillips East Windsor Regional Schools (p) 609.443.7738 x1725 (f) 609.443.7861 From: Gustavo Veras [gustavo@gmail.commailto:gustavo@gmail.com] Sent: Tuesday, July 10, 2012 6:55 PM To: Enterasys Customer Mailing List Subject: [enterasys] VLAN Configuration - Email found in subject How can I create this setup VLANs on Enterasys? There are two building: Building 1: VLAN 100 - Link1 (Link ISP1) VLAN 200 - Link2 (Link ISP2) Management VLAN 11 (Sees ISP1, ISP2, Switches) The two links come into port 1 and 2 on the switch Enterasys B3G124-48. The buildings are connected by the port 3. Building 2: 1 - Switch Enterasys B3G124-48 12 - PC The first vlan (100) would be distributed to 6 computers and vlan 200 for the other 6. Vlan11 management. Is there an easy way to do this? * --To unsubscribe from enterasys, send email to lists...@unc.edumailto:lists...@unc.edumailto:lists...@unc.edumailto:lists...@unc.edu with the body: unsubscribe enterasys ephill...@ewrsd.k12.nj.usmailto:ephill...@ewrsd.k12.nj.us --- To unsubscribe from enterasys, send email to lists...@unc.edumailto:lists...@unc.edu with the body: unsubscribe enterasys gustavo@gmail.commailto:gustavo@gmail.com * --To unsubscribe from enterasys, send email to lists...@unc.edumailto:lists...@unc.edu with the body: unsubscribe enterasys ppri...@qcc.mass.edumailto:ppri...@qcc.mass.edu --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
Re: [enterasys] VLAN Configuration - Email found in subject
Build 1: Router has two vlans: VLAN 100: 192.168.1.1/24 (ISP1) VLAN 200: 192.168.2.1/24 (ISP2) Have to see these addresses by VLAN management (11) port 43,44. 2012/7/11 Patrick Printz ppri...@qcc.mass.edu Where is the routing being done for these vlan’s? ** ** *Patrick Printz* *Network Infrastructure* ** ** Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 ** ** ** ** If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. ** ** *From:* Gustavo Veras [mailto:gustavo@gmail.com] *Sent:* Wednesday, July 11, 2012 11:04 AM *To:* Enterasys Customer Mailing List *Subject:* Re: [enterasys] VLAN Configuration - Email found in subject ** ** Thanks, Erik! Is working well, but VLAN 11 is not working properly. the vlan 11 is only seeing the switches, do not see the vlan100, vlan200. Build 1: Switch IP: 172.16.0.1 Build 2: Switch IP: 172.16.0.2 43 44 was used as a port of management. The following configuration of the switch ports of the second building: B3(su)-show vlan port Port VLAN Ingress Egress Filter Vlan - ge.1.1 11 N tagged: 11,100,200 ge.1.2 100N untagged: 100 ge.1.3 100N untagged: 100 ge.1.4 100N untagged: 100 ge.1.5 100N untagged: 100 ge.1.6 100N untagged: 100 ge.1.7 200N untagged: 200 ge.1.8 200N untagged: 200 ge.1.9 200N untagged: 200 ge.1.10200N untagged: 200 ge.1.11200N untagged: 200 . ge.1.4311 N untagged: 11,100,200 ge.1.4411 N untagged: 11,100,200 Do you know what might be happening? 2012/7/10 Erik Phillips ephill...@ewrsd.k12.nj.us What about: building 1 set vlan create 11,100,200 set vlan egress 100 ge.1.1 tagged set vlan egress 200 ge.1.2 tagged set host vlan 11 building 2 set vlan create 11,100,200 set port vlan ge.1.1-6 100 modify-egress set port vlan ge.1.7-11 200 modify-egress set host vlan 11 Also, netsight (if you have it) can probably do this as well. Check out the enterasys channel on youtube, http://www.youtube.com/watch?v=HbStJOT_m08 and http://www.youtube.com/watch?v=q4VNhLbrmcUfeature=results_mainplaynext=1list=PLD0A4267BC50654DB. I think it provides a good start for setups. Erik Phillips East Windsor Regional Schools (p) 609.443.7738 x1725 (f) 609.443.7861 From: Gustavo Veras [gustavo@gmail.com] Sent: Tuesday, July 10, 2012 6:55 PM To: Enterasys Customer Mailing List Subject: [enterasys] VLAN Configuration - Email found in subject How can I create this setup VLANs on Enterasys? There are two building: Building 1: VLAN 100 - Link1 (Link ISP1) VLAN 200 - Link2 (Link ISP2) Management VLAN 11 (Sees ISP1, ISP2, Switches) The two links come into port 1 and 2 on the switch Enterasys B3G124-48. The buildings are connected by the port 3. Building 2: 1 - Switch Enterasys B3G124-48 12 - PC The first vlan (100) would be distributed to 6 computers and vlan 200 for the other 6. Vlan11 management. Is there an easy way to do this? * --To unsubscribe from enterasys, send email to lists...@unc.edu mailto:lists...@unc.edu with the body: unsubscribe enterasys ephill...@ewrsd.k12.nj.us --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys gustavo@gmail.com ** ** - --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys ppri...@qcc.mass.edu - --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys gustavo@gmail.com --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
RE: [enterasys] VLAN Configuration - Email found in subject
Shouldn't the router have vlan 11 as well? Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. From: Gustavo Veras [mailto:gustavo@gmail.com] Sent: Wednesday, July 11, 2012 11:46 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] VLAN Configuration - Email found in subject Build 1: Router has two vlans: VLAN 100: 192.168.1.1/24http://192.168.1.1/24 (ISP1) VLAN 200: 192.168.2.1/24http://192.168.2.1/24 (ISP2) Have to see these addresses by VLAN management (11) port 43,44. 2012/7/11 Patrick Printz ppri...@qcc.mass.edumailto:ppri...@qcc.mass.edu Where is the routing being done for these vlan's? Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. From: Gustavo Veras [mailto:gustavo@gmail.commailto:gustavo@gmail.com] Sent: Wednesday, July 11, 2012 11:04 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] VLAN Configuration - Email found in subject Thanks, Erik! Is working well, but VLAN 11 is not working properly. the vlan 11 is only seeing the switches, do not see the vlan100, vlan200. Build 1: Switch IP: 172.16.0.1 Build 2: Switch IP: 172.16.0.2 43 44 was used as a port of management. The following configuration of the switch ports of the second building: B3(su)-show vlan port Port VLAN Ingress Egress Filter Vlan - ge.1.1 11 N tagged: 11,100,200 ge.1.2 100N untagged: 100 ge.1.3 100N untagged: 100 ge.1.4 100N untagged: 100 ge.1.5 100N untagged: 100 ge.1.6 100N untagged: 100 ge.1.7 200N untagged: 200 ge.1.8 200N untagged: 200 ge.1.9 200N untagged: 200 ge.1.10200N untagged: 200 ge.1.11200N untagged: 200 . ge.1.4311 N untagged: 11,100,200 ge.1.4411 N untagged: 11,100,200 Do you know what might be happening? 2012/7/10 Erik Phillips ephill...@ewrsd.k12.nj.usmailto:ephill...@ewrsd.k12.nj.us What about: building 1 set vlan create 11,100,200 set vlan egress 100 ge.1.1 tagged set vlan egress 200 ge.1.2 tagged set host vlan 11 building 2 set vlan create 11,100,200 set port vlan ge.1.1-6 100 modify-egress set port vlan ge.1.7-11 200 modify-egress set host vlan 11 Also, netsight (if you have it) can probably do this as well. Check out the enterasys channel on youtube, http://www.youtube.com/watch?v=HbStJOT_m08 and http://www.youtube.com/watch?v=q4VNhLbrmcUfeature=results_mainplaynext=1list=PLD0A4267BC50654DB. I think it provides a good start for setups. Erik Phillips East Windsor Regional Schools (p) 609.443.7738 x1725 (f) 609.443.7861 From: Gustavo Veras [gustavo@gmail.commailto:gustavo@gmail.com] Sent: Tuesday, July 10, 2012 6:55 PM To: Enterasys Customer Mailing List Subject: [enterasys] VLAN Configuration - Email found in subject How can I create this setup VLANs on Enterasys? There are two building: Building 1: VLAN 100 - Link1 (Link ISP1) VLAN 200 - Link2 (Link ISP2) Management VLAN 11 (Sees ISP1, ISP2, Switches) The two links come into port 1 and 2 on the switch Enterasys B3G124-48. The buildings are connected by the port 3. Building 2: 1 - Switch Enterasys B3G124-48 12 - PC The first vlan (100) would be distributed to 6 computers and vlan 200 for the other 6. Vlan11 management. Is there an easy way to do this? * --To unsubscribe from enterasys, send email to lists...@unc.edumailto:lists...@unc.edumailto:lists...@unc.edumailto:lists...@unc.edu with the body: unsubscribe enterasys ephill...@ewrsd.k12.nj.usmailto:ephill...@ewrsd.k12.nj.us --- To unsubscribe from enterasys, send email to lists...@unc.edumailto:lists...@unc.edu with the body: unsubscribe enterasys gustavo@gmail.commailto:gustavo@gmail.com * --To unsubscribe from enterasys, send email to
Re: [enterasys] VLAN Configuration - Email found in subject
Hi Gustavo, I think what Patrick is eluding to is that in order to route traffic between VLANs, your router must have an interface in each of those VLANs. Based on your description, it seems that your router does not have an interface in VLAN 11. If that is indeed the case, (single-homed) hosts inside VLAN 11 can't reach any hosts outside of VLAN 11. However, based on the port config you posted for the B3 in Building 2, I see you are egressing VLANs 11,100 and 200 to your management hosts on ports 43 and 44. That suggests your management hosts are multi-homed, meaning they have interfaces in each of those three VLANs. If that's what you're doing, the reason you can't see hosts in VLANs 100 and 200 is probably because the B3-management host traffic is untagged instead of tagged. What you likely want to do is this: - Make the switch egress the VLANs tagged (set vlan egress 11,11,200 ge.1.43-44 tagged) - Make sure your management host interfaces are VLAN interfaces. Mike Loosbrock Bethel University Network Services 651-638-6723 On Wed, Jul 11, 2012 at 10:51 AM, Patrick Printz ppri...@qcc.mass.eduwrote: Shouldn’t the router have vlan 11 as well? ** ** *Patrick Printz* *Network Infrastructure* ** ** Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 ** ** ** ** If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. ** ** *From:* Gustavo Veras [mailto:gustavo@gmail.com] *Sent:* Wednesday, July 11, 2012 11:46 AM *To:* Enterasys Customer Mailing List *Subject:* Re: [enterasys] VLAN Configuration - Email found in subject ** ** Build 1: Router has two vlans: VLAN 100: 192.168.1.1/24 (ISP1) VLAN 200: 192.168.2.1/24 (ISP2) Have to see these addresses by VLAN management (11) port 43,44. 2012/7/11 Patrick Printz ppri...@qcc.mass.edu Where is the routing being done for these vlan’s? *Patrick Printz* *Network Infrastructure* Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well. ~Martin Luther King, Jr. *From:* Gustavo Veras [mailto:gustavo@gmail.com] *Sent:* Wednesday, July 11, 2012 11:04 AM *To:* Enterasys Customer Mailing List *Subject:* Re: [enterasys] VLAN Configuration - Email found in subject Thanks, Erik! Is working well, but VLAN 11 is not working properly. the vlan 11 is only seeing the switches, do not see the vlan100, vlan200. Build 1: Switch IP: 172.16.0.1 Build 2: Switch IP: 172.16.0.2 43 44 was used as a port of management. The following configuration of the switch ports of the second building: B3(su)-show vlan port Port VLAN Ingress Egress Filter Vlan - ge.1.1 11 N tagged: 11,100,200 ge.1.2 100N untagged: 100 ge.1.3 100N untagged: 100 ge.1.4 100N untagged: 100 ge.1.5 100N untagged: 100 ge.1.6 100N untagged: 100 ge.1.7 200N untagged: 200 ge.1.8 200N untagged: 200 ge.1.9 200N untagged: 200 ge.1.10200N untagged: 200 ge.1.11200N untagged: 200 . ge.1.4311 N untagged: 11,100,200 ge.1.4411 N untagged: 11,100,200 Do you know what might be happening? 2012/7/10 Erik Phillips ephill...@ewrsd.k12.nj.us What about: building 1 set vlan create 11,100,200 set vlan egress 100 ge.1.1 tagged set vlan egress 200 ge.1.2 tagged set host vlan 11 building 2 set vlan create 11,100,200 set port vlan ge.1.1-6 100 modify-egress set port vlan ge.1.7-11 200 modify-egress set host vlan 11 Also, netsight (if you have it) can probably do this as well. Check out the enterasys channel on youtube, http://www.youtube.com/watch?v=HbStJOT_m08 and http://www.youtube.com/watch?v=q4VNhLbrmcUfeature=results_mainplaynext=1list=PLD0A4267BC50654DB. I think it provides a good start for setups. Erik Phillips East Windsor Regional Schools
Odp.: [enterasys] C2 problem with Authentication type 802.1x + MAC
Hi, Do you have reauth period configured, what is your multiauth configuration? We have similar issue with C3 switches, sometimes reboot of voip phone to which the pc is connected helps with this issue. Regards Pawel Wysłano korzystając z usługi Era mail wersja BlackBerry® -Original Message- From: Azk Meza axcanac.m...@netcontroll.com Date: Wed, 11 Jul 2012 14:14:32 To: Enterasys Customer Mailing Listenterasys@listserv.unc.edu Reply-To: enterasys@listserv.unc.edu Subject: [enterasys] C2 problem with Authentication type 802.1x + MAC We have a solution with secure stack C2 and NetSight Suite. We have configured the switch with authentication 802.1x + Phone: The first type of authentication is an 802.1x for the domain users, with active directory and IAS windows 2003. The second type is a mac authentication for Telephones. For the first time it works as expected, the problem occurs when we restarted the PC, when restarted we never see the authentication messages on the event viewer. But when we disconnect the Ethernet cable of the computer and then reconnect it again it authenticate successfully. I don’t know why when you restart the PC it never authenticates correctly. Version tested: PC with Windows XP and Windows 7 Secure Stack C2 = 05.02.15.0002 NetSight Suite = 4.2.1.39 ***I also tested this in a C3 and the computer successfully authenticate after 2 mins of logon. Help will be really appreciated!! Thank You! --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys pkuleszyn...@krakowairport.pl --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
RE: Odp.: [enterasys] C2 problem with Authentication type 802.1x + MAC
Unfortunately the C2 switch is, in essence, a single user auth switch. The way to get a phone + PC working is to do a VLAN to role mapping for the phone. I banged my head on this one a few weeks back. When you move to the C3, the problem goes away because the C3 will indeed do multi-user auth. The VLAN-to-role mapping is considered an admin rule which takes precedence over the dot1x on the port allowing the PC to correctly authenticate. You need to setup the VLAN to role mapping to match the tagged VLAN the phone is using (and, yes you must do a tagged vlan from the phone for this to work). The other hassle is that there is no way to prove the phone has a role mapped with the C2's CLI or via the GUI. You just need to trust it. Once the user authenticates, you can verify it through the GUI and the CLI. -Original Message- From: pkuleszyn...@krakowairport.pl [mailto:pkuleszyn...@krakowairport.pl] Sent: Wednesday, July 11, 2012 3:23 PM To: Enterasys Customer Mailing List Subject: Odp.: [enterasys] C2 problem with Authentication type 802.1x + MAC Hi, Do you have reauth period configured, what is your multiauth configuration? We have similar issue with C3 switches, sometimes reboot of voip phone to which the pc is connected helps with this issue. Regards Pawel Wysłano korzystając z usługi Era mail wersja BlackBerry® -Original Message- From: Azk Meza axcanac.m...@netcontroll.com Date: Wed, 11 Jul 2012 14:14:32 To: Enterasys Customer Mailing Listenterasys@listserv.unc.edu Reply-To: enterasys@listserv.unc.edu Subject: [enterasys] C2 problem with Authentication type 802.1x + MAC We have a solution with secure stack C2 and NetSight Suite. We have configured the switch with authentication 802.1x + Phone: The first type of authentication is an 802.1x for the domain users, with active directory and IAS windows 2003. The second type is a mac authentication for Telephones. For the first time it works as expected, the problem occurs when we restarted the PC, when restarted we never see the authentication messages on the event viewer. But when we disconnect the Ethernet cable of the computer and then reconnect it again it authenticate successfully. I don’t know why when you restart the PC it never authenticates correctly. Version tested: PC with Windows XP and Windows 7 Secure Stack C2 = 05.02.15.0002 NetSight Suite = 4.2.1.39 ***I also tested this in a C3 and the computer successfully authenticate after 2 mins of logon. Help will be really appreciated!! Thank You! --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys pkuleszyn...@krakowairport.pl --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys mich...@arcadiasecureit.com --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
