PHWinfo - Afficher un message

29/03/2006, 16h20

In article <1143627319.884847.64860@u72g2000cwu.googlegroups. com>,
Curious Joe <joebob.johnson@gmail.com> wrote:

>Just to ensure I understand you correctly.

Please quote context. Few of us use googlegroups as our usenet
interface, so the previous messages are not "right there" for us
to refer to.

>ISP Router IP=38.99.211.1/30
>L2 Switch IP=38.99.211.2/30
>L3 Switch IP=38.101.8.129/25 & 38.101.8.1/24

>I should set the default route in the L3 switch to 38.99.211.1 and do
>nothing with the L2 switch?

Refreshing the context: your ISP router is connected via fibre
to your L2 switch, which is connected via copper to your L3 switch.

Your L3 configure is slightly puzzling. Do I deduce correctly
that your ISP routes all of 38.101.8/24 to you, and that you
then break half of that off, 38.101.8.128/25 for some purpose?
If so, then the slight puzzle is what you do with the other half.

Would I be correct in figuring that this is a completely new
connection which you have never had working before? I suspect that
because not many routers would allow you to configure overlapping
subnets for interfaces -- your 38.101.8.129/25 interface overlaps
your 38.101.8.1/24 interface. What was your intention about this?

As I am not sure exactly what you want to do, the below will not
be an absolute recipie: it's a recipie for what I think it is
most -likely- that you want to do.

1) Remove 38.101.8.129/25 from your L3 switch.
2) Remove the IP address from your L2 switch, leaving it unnumbered for
now.
3) Add the new interface 38.99.211.2/30 to your L3 switch.
4) Add a default route (0.0.0.0 0.0.0.0) with destination
38.99.211.1 to the interface created in step 3
5) connect the interface of step 3 to your L2 switch via a cable
6) connect the ISP fibre to the L2 fibre module

At this point, internet traffic should start working. But now you
need to take further steps in order to be able to manage to L2 switch.

Rather than my listing off the various L2 management possiblities, I will
ask another series of details which will allow me to determine which
approach to suggest:

- Do you have another L2 switch that is connected to your LAN,
distinct from the L2 switch that has the fibre module?

- Is your only L2 switch the one that has the fibre module, with
you having it do double-duty as your LAN switch and your
connection to the ISP?

- Where is your security layer? Which device is acting as your
network firewall, and where is it in this topology?

- Does your L3 switch support IEEE 802.1Q VLANs? Does it allow
you to create different interfaces (with different IPs) attached
to different VLANs on the same physical interface?

- Does the L2 switch that you mentioned support 802.1Q VLANs?

- What kind of security is available on the management of the L2 switch
that you mentioned? Can it be configured to only accept management
connections from a set of IP addresses? Can it be configured to
only accept SNMP from a set of IP addresses? Can it be configured
to only accept management from a particular interface?

- If the L2 switch has essentially no security itself, then to
what extent do you need to be able to manage it? Do you need to
run MRTG or Optiview or something like that to pull statistics from
it and/or control it, or would it be acceptable to do all
configuration and information work through its serial port?

29/03/2006, 16h20	#4
Walter Roberson Messages: n/a Hébergeur:	Re: Layer 3 to Layer 2 In article <1143627319.884847.64860@u72g2000cwu.googlegroups. com>, Curious Joe <joebob.johnson@gmail.com> wrote: >Just to ensure I understand you correctly. Please quote context. Few of us use googlegroups as our usenet interface, so the previous messages are not "right there" for us to refer to. >ISP Router IP=38.99.211.1/30 >L2 Switch IP=38.99.211.2/30 >L3 Switch IP=38.101.8.129/25 & 38.101.8.1/24 >I should set the default route in the L3 switch to 38.99.211.1 and do >nothing with the L2 switch? Refreshing the context: your ISP router is connected via fibre to your L2 switch, which is connected via copper to your L3 switch. Your L3 configure is slightly puzzling. Do I deduce correctly that your ISP routes all of 38.101.8/24 to you, and that you then break half of that off, 38.101.8.128/25 for some purpose? If so, then the slight puzzle is what you do with the other half. Would I be correct in figuring that this is a completely new connection which you have never had working before? I suspect that because not many routers would allow you to configure overlapping subnets for interfaces -- your 38.101.8.129/25 interface overlaps your 38.101.8.1/24 interface. What was your intention about this? As I am not sure exactly what you want to do, the below will not be an absolute recipie: it's a recipie for what I think it is most -likely- that you want to do. 1) Remove 38.101.8.129/25 from your L3 switch. 2) Remove the IP address from your L2 switch, leaving it unnumbered for now. 3) Add the new interface 38.99.211.2/30 to your L3 switch. 4) Add a default route (0.0.0.0 0.0.0.0) with destination 38.99.211.1 to the interface created in step 3 5) connect the interface of step 3 to your L2 switch via a cable 6) connect the ISP fibre to the L2 fibre module At this point, internet traffic should start working. But now you need to take further steps in order to be able to manage to L2 switch. Rather than my listing off the various L2 management possiblities, I will ask another series of details which will allow me to determine which approach to suggest: - Do you have another L2 switch that is connected to your LAN, distinct from the L2 switch that has the fibre module? - Is your only L2 switch the one that has the fibre module, with you having it do double-duty as your LAN switch and your connection to the ISP? - Where is your security layer? Which device is acting as your network firewall, and where is it in this topology? - Does your L3 switch support IEEE 802.1Q VLANs? Does it allow you to create different interfaces (with different IPs) attached to different VLANs on the same physical interface? - Does the L2 switch that you mentioned support 802.1Q VLANs? - What kind of security is available on the management of the L2 switch that you mentioned? Can it be configured to only accept management connections from a set of IP addresses? Can it be configured to only accept SNMP from a set of IP addresses? Can it be configured to only accept management from a particular interface? - If the L2 switch has essentially no security itself, then to what extent do you need to be able to manage it? Do you need to run MRTG or Optiview or something like that to pull statistics from it and/or control it, or would it be acceptable to do all configuration and information work through its serial port?