10-09-2008, 11:37 PM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
/29 VLANs and switch setup
Hi guys,
I need some help calculating /29 so I configure my switch correctly.
My switch will take CIDR config commands, but I need to know exactly where a /29 starts and where the next one comes in. Tips?
Also, my provider (borrowed switch) claims that the switch I have is running Layer 2 only, and the switch's IP is the first 200.xx.xx.1.
Though I am unsure if on my new switch I can give it 200.xx.xx.1 IP as well, while allowing a VLAN for 200.xx.xx.2 to - .6
__________________
^_^
|
10-10-2008, 12:01 AM
|
|
Web Hosting Master
|
|
Join Date: Oct 2002
Location: Vancouver, B.C.
Posts: 1,867
|
|
A /29 is a block of 8 IP's. 2^(32-29) = 8. Therefore, valid network addresses for a /29 is anything where the last octet is divisible by 8, i.e. addresses such as *.*.*.0, *.*.*.8, *.*.*.16, etc.
If the switch is running in layer 2 only, its IP is irrelevant for your purposes. What's more important is your IP address allocation, and you need to know whether your provider is routing your IP's for you (which is probably the case), and/or how they are routing the IP's for you (requires layer 3).
Even without running your switch in Layer 3 mode though however, you can still use VLANs. VLANs and IP subnets are not the same thing. A VLAN is basically just a virtual layer 2 segment.
If you would like to configure multiple VLAN's on your layer 2 switch, you will need your link to your provider to be a trunk port, and to have the VLANs and IP's configured on your provider's side. You could then assign your ports to whichever VLAN you would like to use.
You should definitely contact your provider and discuss your setup in more detail, as they would be best suited to help you in this situation.
__________________
Han Hwei Woo, ASTUTE HOSTING AS54527 *Advanced and customized solutions for the savvy customer!*
Dedicated Hosting and CDN out of Vancouver, Seattle, LA, Toronto, NY, Miami, and (soon) London
We include CDN, anycast DNS, onboard KVMoIP, firewall, local and global load-balancing, and privatenet with all servers.
sales@astutehosting.com
|
10-10-2008, 12:08 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
Quote:
Originally Posted by hhw
A /29 is a block of 8 IP's. 2^(32-29) = 8. Therefore, valid network addresses for a /29 is anything where the last octet is divisible by 8, i.e. addresses such as *.*.*.0, *.*.*.8, *.*.*.16, etc.
If the switch is running in layer 2 only, its IP is irrelevant for your purposes. What's more important is your IP address allocation, and you need to know whether your provider is routing your IP's for you (which is probably the case), and/or how they are routing the IP's for you (requires layer 3).
Even without running your switch in Layer 3 mode though however, you can still use VLANs. VLANs and IP subnets are not the same thing. A VLAN is basically just a virtual layer 2 segment.
If you would like to configure multiple VLAN's on your layer 2 switch, you will need your link to your provider to be a trunk port, and to have the VLANs and IP's configured on your provider's side. You could then assign your ports to whichever VLAN you would like to use.
You should definitely contact your provider and discuss your setup in more detail, as they would be best suited to help you in this situation.
|
Thanks for the details.
My switch is capable of Layer 3 routing as well as VLANS. I would like to have control over that. Right now VLANS are not used. I have the Extreme Summit 48si sitting here which is going to be deployed at our colo.
According to my provider they just plugged in the "borrowed" switch that I have now to the patch panel and it worked...
I believe that if I run my own VLAN I would need to give my switch an IP from my /24 and it would work after that? -- any ideas of anything my ISP setup in order for the "borrowed" switch to work out of the box like a hub?
Thanks
__________________
^_^
|
10-10-2008, 12:37 AM
|
|
Web Hosting Master
|
|
Join Date: Oct 2002
Location: Vancouver, B.C.
Posts: 1,867
|
|
If you would like to run your switch in layer 3, and do your own routing, you will definitely need your provider to set things up as well.
Firstly, you will need a point-to-point block, with your layer 3 switch communicates with your provider's router. You will need a /29 if your provider runs some form of HSRP or VRRP, but otherwise a /30 will do. This point-to-point block does not even need to be valid IP space. It would be best if this block was not part of your /24, so that your provider can route your /24 to you as a whole, which makes for a much cleaner setup (both for them and for you).
You can then divide up your /24 anyway you like on your side, assigning whichever subnets you want to whichever VLAN's, and setup your switch as the gateway IP for each of those subnets. You can even have multiple subnets on the same VLAN if you like.
__________________
Han Hwei Woo, ASTUTE HOSTING AS54527 *Advanced and customized solutions for the savvy customer!*
Dedicated Hosting and CDN out of Vancouver, Seattle, LA, Toronto, NY, Miami, and (soon) London
We include CDN, anycast DNS, onboard KVMoIP, firewall, local and global load-balancing, and privatenet with all servers.
sales@astutehosting.com
|
10-10-2008, 01:20 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
Quote:
Originally Posted by hhw
If you would like to run your switch in layer 3, and do your own routing, you will definitely need your provider to set things up as well.
Firstly, you will need a point-to-point block, with your layer 3 switch communicates with your provider's router. You will need a /29 if your provider runs some form of HSRP or VRRP, but otherwise a /30 will do. This point-to-point block does not even need to be valid IP space. It would be best if this block was not part of your /24, so that your provider can route your /24 to you as a whole, which makes for a much cleaner setup (both for them and for you).
You can then divide up your /24 anyway you like on your side, assigning whichever subnets you want to whichever VLAN's, and setup your switch as the gateway IP for each of those subnets. You can even have multiple subnets on the same VLAN if you like.
|
Well to do my own routing I would need an ASN number. Which is something I plan to deploy later on once we obtain our own IP directly.
What would the easiest way to setup the network? Only thing I need to control is the VLANs for each port on the switch. I shouldn't need anything fancy, do I?
These commands were given to me by a fellow member trying to help me out, it is the commands needed to do a basic setup like I need:
create vlan provider
config provider add port 1
config provider ipaddress 0.0.0.0 0.0.0.0 (Provider provided IP address)
enable ipforwarding provider
config iproute add default 0.0.0.0 (providers IP facing you)
that will get your provider running. then create vlans for the servers:
create vlan vlan101
config vlan101 ipaddress 0.0.0.0/29
enable ipforwarding vlan101
config vlan101 add port 2
then do this for each /29 on each port.
Thanks
__________________
^_^
|
10-10-2008, 03:17 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
Guys I got some further inforrmation on how I am obtaining an internet connection on the "borrowed" switch that is being replaced by my own.
Quote:
|
My provider assigned a VLAN to my entire IP allocation /24 and then is trunking the VLAN to their edge routers (patch panel) and then to me.
|
1. I notice I am setting up my router (above commands) as Layer 3 routing (which is fine), will the IP address I assign my switch need be outside my /24 or can it be within my /24?
2. What do I have to ask my datacenter to do, if I were to setup my network using Layer 3, tell them remove the general VLAN they setup for me? Anything else?
3. If I were to leave my switch as is (not execute the above commands), I would need to setup the switch to accept VLAN trunking before any traffic would go thru my new switch (basically doing the same thing as the 2924XL on loan). Can Extreme/Cisco talk to each other on VLAN trunking?
4. If I left that giant VLAN created by the datacenter, can at my switch level break up that /24 into smaller /29 without routing issues?
Thanks!
__________________
^_^
|
10-10-2008, 03:27 AM
|
|
antitheistic atheist
|
|
Join Date: Oct 2005
Location: Fleet Street
Posts: 3,243
|
|
Quote:
Originally Posted by Francisco
1. I notice I am setting up my router (above commands) as Layer 3 routing (which is fine), will the IP address I assign my switch need be outside my /24 or can it be within my /24?
2. What do I have to ask my datacenter to do, if I were to setup my network using Layer 3, tell them remove the general VLAN they setup for me? Anything else?
|
Provider should assign you a separate prefix (usually a /30). Bind the IP from that to your "uplink" vlan and ask your provider to begin routing your IPs through that.
Quote:
|
4. If I left that giant VLAN created by the datacenter, can at my switch level break up that /24 into smaller /29 without routing issues?
|
Not actual /29s - it would just be layer 2, so you'd be assigning them a block of however many IPs to use (but they'd be usable by anyone else).
|
10-10-2008, 04:00 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
[QUOTE=avythe;5353152]Provider should assign you a separate prefix (usually a /30). Bind the IP from that to your "uplink" vlan and ask your provider to begin routing your IPs through that.
[\QUOTE]
Thanks. Here's what it would look so far, please confirm:
1 - Remove giant VLAN
2 - Setup a /30 outside my assigned addresses (/24)
3 - Route /24 thru the /30
4 - Do my VLAN tagging setup as i please.
This is the setup of the switch (what it looks like, please let me know).
create vlan provider
config provider add port 1
config provider ipaddress 200.44.32.12 (switch's IP in /30)
enable ipforwarding provider
config iproute add default 200.44.32.11 (providers IP)
that will get your provider running. then create vlans for the servers:
create vlan vlan101
config vlan101 ipaddress 0.0.0.0/29
enable ipforwarding vlan101
config vlan101 add port 2
Thanks
__________________
^_^
|
10-10-2008, 01:24 PM
|
|
antitheistic atheist
|
|
Join Date: Oct 2005
Location: Fleet Street
Posts: 3,243
|
|
Yep, that looks about right.
|
10-10-2008, 08:06 PM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
any idea why the summit would error out?
* Summit48si:29 # config liberty ipaddress 216.xxx.xxx.0/29
ERROR: Network address (216.xxx.xxx.0/29)
* Summit48si:30 #
__________________
^_^
|
10-10-2008, 08:31 PM
|
|
WHT Addict
|
|
Join Date: Jul 2005
Posts: 131
|
|
216.xxx.xxx.0/29 Breakdown
Network 216.xxx.xxx.0
Gateway 216.xxx.xxx.1
Broadcast 216.xxx.xxx.7
Usable range 216.xxx.xxx.2 - 216.xxx.xxx.6
You shouldn't be configuring the network address on the interface. If your intention is to have gateway for that block on your interface, then use the .1. If it is just a host in the IP range, start with .2
|
10-10-2008, 10:15 PM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
hmm,
I cannot get my switch to forward traffic to servers connected to it.
Quote:
* Summit48si:30 # show ipconfig vlan provider
Router Interface[1] on VLAN provider is enable and up.
UDP Forwarding profile: none.
inet 216.152.xx.xx netmask 0xfffffffc broadcast 216.152.255.199
Multicast ttl 1 metric 1 mtu 1500
Locally registered multicast address (Last Querier=216.152.255.198):
224.0.0.2 224.0.0.1
Flags:
AddrMaskRly NO BOOTP Host NO DirBcstHwFwd NO DVMRP NO
ESRP NO Fwd Bcast NO IGMP YES IGMP Ver V2
IgnoreBcast NO IP Fwding YES IPmc Fwd NO IRDP Advert NO
ISIS NO ISQ NO LDP NO LPM-routing NO
MPLS NO NAT-Inside NO NAT-Outside NO OSPF NO
PIM NO RIP NO RSVP NO SendParam YES
SendPortUn YES Send Redir YES SendTimxceed YES SendUnreach YES
SLB-Cli NO SLB-Srv NO SubVLAN Prxy YES TimeStampRly NO
VRRP NO
* Summit48si:31 #
|
Quote:
* Summit48si:31 # show vlan
Name VID Protocol Addr Flags Proto Ports
Default 1 0.0.0.0 /BP -------------- ANY 0/0
MacVlanDiscover 4095 ------------------ -------- ANY 0/0
provider 4094 216.152.xx.xx/30 ------f------- ANY 1/1
vlan101 4093 216.151.xx.xx /29 ------f------- ANY 1/1
|
IP config at the server is using
255.255.255.248 broadcast.
gateway is .1
IP addr is .2
VLAN was setup using the commands above, ipforwarding seems to be on. Switch can ping/trace the internet but not servers connected to the ports assigned to that VLAN.
Quote:
Total number of Vlan(s) : 4
* Summit48si:32 # show iproute
Ori Destination Gateway Mtr Flags VLAN Duration
*d 216.152.255.196/30 216.152.255.198 1 U------u--- provider 0d:0h:21m:10s
*d 216.151.144.40/29 216.151.144.41 1 U------u--- vlan101 0d:0h:18m:28s
*d 127.0.0.1/8 127.0.0.1 0 U-H----um-- Default 0d:0h:23m:34s
*s Default Route 216.152.255.197 1 UG---S-um-- provider 0d:0h:20m:02s
Origin(OR): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1
(i2) ISISL2, (ma) MPLSIntra, (mr) MPLSInter, (mo) MOSPF
(o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2, (oa) OSPFIntra
(oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred route
Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route
(L) Direct LDP LSP, (l) Indirect LDP LSP, (m) Multicast
(P) LPM-routing, (R) Modified, (S) Static, (T) Direct RSVP-TE LSP
(t) Indirect RSVP-TE LSP, (u) Unicast, (U) Up
Mask distribution:
1 default routes 1 routes at length 8
1 routes at length 29 1 routes at length 30
Route origin distribution:
3 routes from Direct 1 routes from Static
Total number of routes = 4.
|
__________________
^_^
Last edited by hostbox; 10-10-2008 at 10:20 PM.
|
10-11-2008, 12:04 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
Is my VLAN math wrong?
216.100.22.40/29
216.100.22.40 -reserved
216.100.22.41 - gateway
216.100.22.42 - first usable
216.100.22.46 - last usable
Somehow if I setup linux to be 216.100.22.43 instead of 216.100.22.42 it will ping and work like it should. Being 216.100.22.42 it won't.
__________________
^_^
|
10-11-2008, 12:15 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Posts: 2,428
|
|
the summit wont take:
config vlan101 ipaddress 216.100.22.40/29
however
config vlan101 ipaddress 216.100.22.41/29 does work, but I cannot use .43 IP address.
Should I be running this instead?
config vlan101 ipaddress 216.100.22.46/29 (wont take .47)
__________________
^_^
|
10-11-2008, 02:03 AM
|
|
antitheistic atheist
|
|
Join Date: Oct 2005
Location: Fleet Street
Posts: 3,243
|
|
Quote:
Originally Posted by Francisco
the summit wont take:
config vlan101 ipaddress 216.100.22.40/29
however
config vlan101 ipaddress 216.100.22.41/29 does work, but I cannot use .43 IP address.
Should I be running this instead?
config vlan101 ipaddress 216.100.22.46/29 (wont take .47)
|
Download SolarWind's Advanced Subnet Calculator - it's a neat tool to organize your IP space and stuff.
http://www.solarwinds.com/products/f...alculator.aspx
It should be "config vlan101 ip 216.100.22.41/29"
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
