How bout: Show vlan detail From: Jay Dale [mailto:jd...@unetek.com] Sent: Friday, February 10, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN
* Slot-1 Stack.17 # sh iproute Ori Destination Gateway Mtr Flags VLAN Duration #s Default Route 192.168.1.253 1 UG---S-um--f- data 14d:20h:51m:52s #d 192.168.2.0/24 192.168.2.10 1 U------um--f- lab 0d:0h:21m:5s #d 192.168.1.0/24 192.168.1.30 1 U------um--f- data 14d:20h:52m:4s #d 192.168.100.0/24 192.168.100.1 1 U------um--f- Voice 10d:22h:37m:12s I changed the default gateway on the DHCP server to 1.30. Now with a machine that has the 192.168.2 subnet statically assigned, I can ping the DHCP server. But now there are 2 issues: 1. I'm still not getting an IP address from the .2 scope that was set up. 2. I can ping the firewall at 192.168.1.253 but I can't ping anything past it. Jay Dale Senior Systems Administrator P:281-574-2414 From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Tuesday, January 31, 2012 4:39 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Can you post the output of the following 2 commands? Show vlan detail Show iproute From: Ken Schaefer [mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]> Sent: Monday, January 30, 2012 9:37 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Default Gateway is about routing IP packets - not about VOIP or DHCP or AD etc. It's a lower level in the OSI model. If a destination is not on the local subnet, the device needs to know where to "hand off" the packet. If there is a static route for a particular subnet, then that gateway in the static route is used. If there is no particular route defined, then the default gateway is used as the catchall for all remaining subnets. Basically only you know how your network is routed. All devices on all subnets need to have static routes defined -or- a default gateway in order to reach remote subnets. The specified gateway in the static route or the default gateway needs to be able to route the packets to the destination subnet (or a further upstream gateway). Cheers Ken From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Monday, 30 January 2012 11:09 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Ok, so here's my question to that. The DHCP server is also the AD and DNS for the network, in addition to having a scope option that points their VoIP phones to a DHCP on their phone system (separate subnet as well). If I change the DG will that affect any of this as well? Jay Dale Senior Systems Administrator P:281-574-2414 From: Ken Schaefer [mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]> Sent: Sunday, January 29, 2012 8:29 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN The DHCP servers needs to know where to send the packets back to, since the ultimate recipient isn't on the local collision domain. So, either you need a static route with a specific gateway, or you need to configure the default gateway, to point to whatever device is going to route the DHCP responses back to the client. For each particular DHCP scope, the DG needs to be set to wherever the client needs to use as its default gateway. The default gateway being the place where clients will send anything that's not on the local subnet (and doesn't have a specific route defined) - hence "default" gateway. Cheers Ken From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Sunday, 29 January 2012 9:26 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Making the DG of the DHCP server .30 won't mess up the rest of the network will it? It currently holds 2 scopes, one for each subnet. What should it issue as the DG for the workstations - the firewall or the VLAN IP? And if the VLAN IP, which one? Jay From: Glen Johnson [mailto:gjohn...@vhcc.edu]<mailto:[mailto:gjohn...@vhcc.edu]> Sent: Saturday, January 28, 2012 5:28 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What is the default gateway on the DHCP server? I'm pretty sure it should be 192.168.1.30 I don't think you want to have to add routes to all your devices on your data vlan. From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Saturday, January 28, 2012 9:23 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Ok, I added a route on the DHCP server itself with the "route add" command and I can now ping the DHCP server from a static .2 subnet address and I can ping the .2.10 IP on the lab VLAN from the DHCP server. But it still doesn't seem to be handing out .2 IP's from DHCP. I'm still missing something it seems. Jay Dale Senior Systems Administrator P:281-574-2414 From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Saturday, January 28, 2012 8:14 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN The switch is a Layer 3 switch, it's set up as a stack of 4 with the top 1 totally dedicated to lab machines. The others are data for the rest of the network. So essentially the lab machines are segmented from the other switches but still need to access the rest of the network for apps, mail, etc. Currently the routes on the switch are as follows: Default route - IP of firewall 192.168.1.1 192.168.1.0/24 - 192.168.1.30 (IP of data VLAN) 192.168.2.0/24 - 192.168.2.10 (IP of lab VLAN) I can ping both VLAN addresses from the firewall and both from a static IP on the .2 network, but I still can't ping the DHCP server at 192.168.1.2. One person suggested I make the DHCP server DG the IP of the data VLAN, but wouldn't that mess up the rest of the network? Jay Jay Dale Senior Systems Administrator P:281-574-2414 From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Friday, January 27, 2012 7:54 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What is this switch connected to? You'll need a route on the switch it's connected to that points to this switch. If the DHCP server is on the other switch, you'll need the VLAN defined there as well. Are the 460's a layer 3 switch? From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Friday, January 27, 2012 3:13 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN When I put a static address of 192.168.2.100 on one of the lab PC's, I can ping the IP address of the lab VLAN which is set to 192.168.2.10 and I can ping the IP of the default data vlan which is 192.168.1.30. However I can't ping the DHCP server address which is 192.168.1.2. Am I missing a route somewhere? Jay Dale Senior Systems Administrator P:281-574-2414 From: Glen Johnson [mailto:gjohn...@vhcc.edu]<mailto:[mailto:gjohn...@vhcc.edu]> Sent: Friday, January 27, 2012 2:27 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What isn't working. Do the machines on the lab vlan not get an IP address? What device is routing from lab vlan to the vlan where dhcp server is? From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Friday, January 27, 2012 2:36 PM To: NT System Admin Issues Subject: Setup separate lab VLAN Hey all, I'm truly stuck, hopefully I can find some assistance here. I have a client which is a school that is running out of IP addresses. Their subnet is 192.168.1.x/24 I would like to segment off their lab, which is around 50 PC's right there (in addition to all the youtube/facebook users) on it's own VLAN using subnet 192.168.2.x/24 I'm currently using 4 Extreme x460's - 1 of which is dedicated only to lab machines. I've set up another DHCP scope for the 192.168.2.x network. I created a VLAN on the switch and did the following commands: Create vlan Lab Configure vlan lab ipaddress 192.168.2.10/24 Configure vlan lab add ports 1:1-1:48 Enable bootprelay vlan lab Configure bootprelay add <ip of DHCP server> Configure bootprelay dhcp-agent information option Configure bootprelay dhcp-agent information check Enable ipforwarding vlan Lab I activated the scope, but it doesn't work. Is there a manual scope option that needs to be entered? Thanks, Jay Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414 Email:jd...@unetek.com<mailto:jd...@unetek.com> Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin