Difference between revisions of "General Network Configuration Notes"
| Line 9: | Line 9: | ||
* The "default" VLAN for ports 23 & 24 is id 2, the UNH network. | * The "default" VLAN for ports 23 & 24 is id 2, the UNH network. | ||
* Thus port 24 should be connected to a wall jack, port 23 may be used as a spare UNH port, just as if it were a two port switch plugged into a wall jack. All other hosts using the farm switch will see only the farm, unless they are configured for VLAN, in which case they see UNH as VLAN id 2. All this just makes one physical network segment appear as several, with all the security benefits thereof. (When properly implemented.) | * Thus port 24 should be connected to a wall jack, port 23 may be used as a spare UNH port, just as if it were a two port switch plugged into a wall jack. All other hosts using the farm switch will see only the farm, unless they are configured for VLAN, in which case they see UNH as VLAN id 2. All this just makes one physical network segment appear as several, with all the security benefits thereof. (When properly implemented.) | ||
| + | * We use an IEEE802.1Q VLAN. | ||
| + | |||
| + | For VLAN ID1, ports 1-22 should be marked "U" for untagged, and 23, 24 should be left blank. | ||
| + | For VLAN ID2, ports 1-22 should be marked "T" for tagged, and 23, 24 should be marked "U" for untagged. | ||
| + | In the VLAN PVID settings, ports 1-22 should be PVID 1, which means that traffic on those ports defaults to VLAN ID1. Ports 23 and 24 should be PVID 2. | ||
| + | |||
Currently, the only special port being used is port 24, hooked up to the UNH network wall jack. | Currently, the only special port being used is port 24, hooked up to the UNH network wall jack. | ||
Revision as of 18:27, 7 November 2008
The network switch has a VLAN setup with ports 23 and 24 "special" to the outside world. No systems should be plugged into these ports.
The farm switch is set up as follows:
- Standard NPG auth scheme + "sw" (it's switch.farm.physics.unh.edu).
- Ports 1-22 members of VLAN id 1, the private farm network.
- All 24 ports members of VLAN id 2, the unh network.
- Normal, "untagged" ethernet frames into the switch will go into a default VLAN and exiting the switch, ethernet frames of that same default VLAN come out normal, "untagged".
- The "default" VLAN for ports 1-22 is id 1, the farm network.
- The "default" VLAN for ports 23 & 24 is id 2, the UNH network.
- Thus port 24 should be connected to a wall jack, port 23 may be used as a spare UNH port, just as if it were a two port switch plugged into a wall jack. All other hosts using the farm switch will see only the farm, unless they are configured for VLAN, in which case they see UNH as VLAN id 2. All this just makes one physical network segment appear as several, with all the security benefits thereof. (When properly implemented.)
- We use an IEEE802.1Q VLAN.
For VLAN ID1, ports 1-22 should be marked "U" for untagged, and 23, 24 should be left blank. For VLAN ID2, ports 1-22 should be marked "T" for tagged, and 23, 24 should be marked "U" for untagged. In the VLAN PVID settings, ports 1-22 should be PVID 1, which means that traffic on those ports defaults to VLAN ID1. Ports 23 and 24 should be PVID 2.
Currently, the only special port being used is port 24, hooked up to the UNH network wall jack.
One more thing: our Netgear "Smart Switch", doesn't live up to it's name. The VLAN configuration for ports 23 and 24 must match. This may be because 23 and 24 are the GBIC fiber modules, but it may be that other sets have this odd, undocumented requirement. The thing works perfectly in operation, but gets easily confused during configuration. Reconfigure at your peril.
The switch is plugged into a UPS.
