Re: Restart: VLAN question...
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||
|
Posted by anoop on August 26, 2006, 10:50 am
Please log in for more thread options Geir Holmavatn wrote: Do you know what the cause was for the intermittent connectivity? When I looked at the picture, it looked like the design ought to work. You might be able to get a clue by looking at what happens to the MAC address tables in the classroom's switch when the connection to the Internet switch is removed and then restored. Anoop | ||||||||||||||||||||||||||||
|
Posted by Geir Holmavatn on August 27, 2006, 6:56 pm
Please log in for more thread options anoop skrev: > Geir Holmavatn wrote:
> >> I take the chance of restarting this thread as I have still no working
>> solution. I tried with the PVE feature of the SRW2016 and I was able to >> connect to the internet, but very intermittently. It seemed that the >> workstation had trouble selecting which uplink port to select to get to >> the internet and which one to use for getting to the domain controller. >
Hi again, Anoop
> Do you know what the cause was for the intermittent connectivity? > When I looked at the picture, it looked like the design ought to work. > You might be able to get a clue by looking at what happens to the > MAC address tables in the classroom's switch when the connection > to the Internet switch is removed and then restored. > > Anoop > The classroom switches are not managed, how can I check their MAC address tables then..? Someone told me that the reason for the intermittent connections was that the computer did not know whether it should establish contact via the domain controller uplink or the gateway uplink, it could not connect to both simultaneously, he said. I don't know the theory behind this so I cannot judge ;-| However I will be more than glad to test any suggestion, so if there are alternatives, describe them ;-) /geir | ||||||||||||||||||||||||||||
|
Posted by anoop on August 27, 2006, 7:15 pm
Please log in for more thread options
Geir Holmavatn wrote: > The classroom switches are not managed, how can I check their MAC
> address tables then..? I guess you can't :-) > Someone told me that the reason for the intermittent connections was
> that the computer did not know whether it should establish contact via > the domain controller uplink or the gateway uplink, it could not connect > to both simultaneously, he said. I don't know the theory behind this so > I cannot judge ;-| That is incorrect. The computer knows which device it needs to reach. If it tries to get out on the Internet, then it knows to go through the default gateway (presumably the firewall) and it will ARP for the gateway's IP to get it's MAC address. If the link to the firewall has been removed, this ARP will never receive a response, but if once it is plugged in, then it should see a response. The ARPs will get forwarded to both uplinks but only the firewall will respond if it happens to be connected. > However I will be more than glad to test any suggestion, so if there are
> alternatives, describe them ;-) A few things that you can check for when the connectivity doesn't work: - Check to see if the computers in the classroom that are trying to connect to the Internet have resolved the default gateway's address, using for example, 'arp -a' at the windows command prompt. - Check to see if the computer's MAC address and the MAC address of the firewall have been learned in the "Internet Connection Switch". Do you observe only the connectivity to the Internet intermittent, or is all connectivity intermittent with this setup? Anoop | ||||||||||||||||||||||||||||
|
Posted by on August 28, 2006, 10:09 am
Please log in for more thread options
anoop wrote: > Geir Holmavatn wrote:
> > > The classroom switches are not managed, how can I check their MAC
> > address tables then..? >
> I guess you can't :-) > > > Someone told me that the reason for the intermittent connections was
> > that the computer did not know whether it should establish contact via > > the domain controller uplink or the gateway uplink, it could not connect > > to both simultaneously, he said. I don't know the theory behind this so > > I cannot judge ;-| >
> That is incorrect. The computer knows which device it needs > to reach. If it tries to get out on the Internet, then it knows to > go through the default gateway (presumably the firewall) and it > will ARP for the gateway's IP to get it's MAC address. If the > link to the firewall has been removed, this ARP will never > receive a response, but if once it is plugged in, then it should > see a response. The ARPs will get forwarded to both uplinks > but only the firewall will respond if it happens to be connected. > > > However I will be more than glad to test any suggestion, so if there are
> > alternatives, describe them ;-) >
Hi,
> A few things that you can check for when the connectivity doesn't > work: > - Check to see if the computers in the classroom that are trying > to connect to the Internet have resolved the default gateway's > address, using for example, 'arp -a' at the windows command > prompt. > - Check to see if the computer's MAC address and the MAC > address of the firewall have been learned in the "Internet > Connection Switch". > > Do you observe only the connectivity to the Internet intermittent, > or is all connectivity intermittent with this setup? > > Anoop It looks to me as if you want:- NO VLANS - well one on each switch i.e. the default. On the Domain Controller switch:- Configure all ports except the Domain Controller as PVE Configure the Domain Controller port as the uplink On the Internet switch:- In order to prevent classes talking to each other when more than one is pluggeg into the internet you do the same thing on the Internet switch. i.e. Firewal port PVE Nothing else Done. This will allow the following. All PCs/printers will be able to talk to the DC No PCs will be able to talk to another class No PCs will be able to talk to the internet PCs within a class will be able to talk to each other. Then you can plug in the Internet cable to class room switches as you require. Is that what you want? The only think left though is that you mentioned "subnets". I think you didn't mean it. I bet you have a central printer:-((( A professional level solution to this would be to put each PC on a different subnet and change the firewall permissions as required to permit/deny access. Possibly- You could manually assign IP addresses (via DHCP) such that each class had a range and then do the firewall permissions thing to control access. Many firewalls have time of day rules so you could easily set things up in advance. | ||||||||||||||||||||||||||||
|
Posted by Geir Holmavatn on August 28, 2006, 12:50 pm
Please log in for more thread options
Bod43@hotmail.co.uk wrote: > anoop wrote:
> Hi, > > It looks to me as if you want:- > NO VLANS - well one on each switch > i.e. the default. > > On the Domain Controller switch:- > Configure all ports except the Domain Controller as PVE > Configure the Domain Controller port as the uplink > > On the Internet switch:- > In order to prevent classes talking to each other > when more than one is pluggeg into the internet > you do the same thing on the Internet switch. > i.e. Firewal port PVE > Nothing else > > Done. Can both the domain controller switch and the internet switch be combined into one SRW2016? Domain range: Port 1-6 with uplink Port 8 and Internet range: Port 9-14 and uplink port 16? Or will this cause unexpected side effects? > This will allow the following.
> > All PCs/printers will be able to talk to the DC > No PCs will be able to talk to another class > No PCs will be able to talk to the internet > PCs within a class will be able to talk to each other. > > Then you can plug in the Internet cable to class > room switches as you require. > Is that what you want? Yeah, exactly. However, in another forum one guy wrote: PVE's are used between like switches to extend your VLAN topology across your switch topology so if you had 2 or more SRW2016s, they can all be combined to make it look like you had on really big SRW2016 that had 32 ports or more that you can then split up into separate VLANs. It does not apply here to the specific scenario that you want a solution to. And per the parameters that you gave, this feature does not work with non-linksys, non-PVE capable switches, so the 2 unmanaged switches fitting into the non-linksys, non-PVE capable catagory will not work. > The only think left though is that you mentioned
> "subnets". I think you didn't mean it. All workstation computers, the domain controller and the router's LAN address are on the same subnet. > I bet you have a central printer:-(((
Yes, several. > A professional level solution to this
> would be to put each PC on a different subnet and > change the firewall permissions as required to > permit/deny access. The classes consist almost always of different students (with different subject choices) so this will be very difficult to manage. regards geir | ||||||||||||||||||||||||||||
| Similar Threads | Posted |
| Re: Restart: VLAN question... | August 26, 2006, 10:50 am |
| VLAN question... | August 3, 2006, 10:24 am |
| VLAN/Broadcast Question | March 10, 2007, 2:50 pm |
| Question about VLAN tagging for packets | March 21, 2007, 2:43 pm |
| What is VLAN, how it is used?. I have 4 PC's on one LAN connectd to router, how can I apply VLAN concept here?. | February 4, 2005, 1:16 am |
| Which router for vlan - vlan to internet | September 7, 2004, 2:37 pm |
| Vlan Add and Vlan Strip | August 30, 2004, 2:39 am |
| VLAN Help (for a Vlan newbie) | November 6, 2006, 12:09 pm |
| port-based vlan and tag-based vlan | October 21, 2008, 2:03 pm |
| port-based vlan and tag-based vlan | October 21, 2008, 2:03 pm |
| STP question | October 29, 2004, 1:59 pm |
| a question about STP 802.1d | December 7, 2004, 3:03 pm |
| NAT question... | January 21, 2005, 5:07 am |
| Question regarding 802.1x | March 2, 2005, 7:32 pm |
| Re: A question for the NG | December 11, 2006, 1:44 pm |
> solution. I tried with the PVE feature of the SRW2016 and I was able to
> connect to the internet, but very intermittently. It seemed that the
> workstation had trouble selecting which uplink port to select to get to
> the internet and which one to use for getting to the domain controller.