The switches aren't MPLS or VXLAN capable by chance, are they?
On Sun, May 17, 2015 at 12:22 PM, Boris Epstein <[email protected]>
wrote:
> Hello all,
>
> Thanks again for all the input. Here is the basic diagram of the setup.
>
> Picture the following setup.
>
> You have the main network - let us call it "Headquarters" (HQ). Then you
> have multiple Satelite offices/networks. We will call them SAT1, SAT2, etc.
> For the purposes of this discussion they are all equivalent to each other.
> The only networking that exists between HQ and the SAT networks is untagged
> IP hence it is not possible to have a VLAN that exists in more than one
> location (i.e. no VLAN can span accross those WAN links).
>
> You have a Cisco switch (or multiple switches) at each of these locations.
> The one at HQ we will call sw-hq, the one at SAT1 we will call sw-sat1, etc.
>
> We have a PF server - let us call if pf-serv
>
> So here is our HQ network:
>
> pf-serv <------> sw-hq <=========> node1, node2, node3
>
> Here is the SAT1 network:
>
> sw-sat1 <==============> node1, node2, etc.
>
>
> In this notation <----> denotes IP connection, <=====> denotes direct
> Level 2 connection (Ethernet connection of a node to a switch).
>
> All of the switches have VLAN's defined on you. I used a non-overlapping
> numbering schema:
>
> in HQ:
> registration - VLAN2
> isolation - VLAN3
> voice - VLAN6
> production - VLAN7
>
> in SAT1:
> registration - VLAN12
> isolation - VLAN13
> voice - VLAN16
> production - VLAN17
>
> in SAT2:
> registration - VLAN22
> isolation - VLAN23
> voice - VLAN26
> production - VLAN27
>
> So, once again: the only way pf-serv can communicate to any of the
> switches is pure IP (SNMP, radius, DHCP, whatever).
>
> I hope this makes sense.
>
> At this point, I can get my switches to switch VLAN's as directed by the
> pf-serv. One thing I can not get to do is get the switches to report the
> IP's to pf-serv.
>
> And this is the stumbling block at this point.
>
> Once again - thanks for the great input I already got and thanks in
> advance for any and all feedback to come.
>
> Cheers,
>
> Boris.
>
>
> On Fri, May 15, 2015 at 9:14 AM, Fabrice DURAND <[email protected]>
> wrote:
>
>> Hello Boris,
>>
>> in fact if you find a way to have a couple mac/ip then we will be able to
>> update iplog.
>>
>> In other setup we did it by:
>> arp traffic
>> udp reflector
>> radius accounting
>>
>> and it should probably possible to do it with netflow traffic.
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2015-05-15 09:08, Boris Epstein a écrit :
>>
>> Hello Fabrice,
>>
>> Thanks very much for your response. Yes, I will put together a diagram.
>>
>> I have looked into the RADIUS log and accounting packet content from a
>> tcpdump capture and couldn't immediately see data on IP addresses. Where
>> specifically should I be looking for?
>>
>> And this goes back to the question I raised earlier, the question being,
>> is it necessary to use DHCP to update the PF server on the nodes' IP
>> addresses? My thought was it shouldn't be as there are other ways to obtain
>> that information; sounds like you are basically backing up this idea.
>>
>> Once again, that you very much for your help.
>>
>> Cheers,
>>
>> Boris.
>>
>>
>> On Fri, May 15, 2015 at 8:29 AM, Fabrice DURAND <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> i take the discussion on the fly but did you check if in the radius
>>> accounting you have informations about the ip of the device ?
>>> Sometimes it's the case and we will probably be able to update the iplog
>>> in this way.
>>>
>>> Regards
>>> Fabrice
>>>
>>> Le 2015-05-15 06:25, Tim DeNike a écrit :
>>>
>>> Yeah, just a basic diagram so we can see what other options there might
>>> be.
>>>
>>> On Thu, May 14, 2015 at 12:20 PM, Boris Epstein <[email protected]>
>>> wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> Thank you very much for your thoughtful responses.
>>>>
>>>> Tim, is there anything specific you mean by "Chicken scratch network
>>>> diagram" - or do you just mean any basic schematic outline? Let me work on
>>>> that - that is a good idea to diagram it for sure.
>>>>
>>>> Cheers,
>>>>
>>>> Boris.
>>>>
>>>>
>>>> On Thu, May 14, 2015 at 11:34 AM, Tim DeNike <[email protected]>
>>>> wrote:
>>>>
>>>>> Your other option if you don't want to run a DHCP server outside of
>>>>> the switches is to run the remote arp sensor on a box attached to the
>>>>> switch (Ive never tried it), or setup a mirror port and mirror traffic to
>>>>> PF.
>>>>>
>>>>> I really don't know if the dhcp relay will work with the dhcp server
>>>>> enabled. Id guess not.
>>>>>
>>>>> Chicken scratch network diagram would be helpful.
>>>>>
>>>>> But seriously.. Look into running a couple central DHCP servers..
>>>>> much easier to maintain in the long run (IMHO).
>>>>>
>>>>> On Thu, May 14, 2015 at 11:21 AM, Derek Wuelfrath <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hello Boris,
>>>>>>
>>>>>> Most of the time, iphelpers are doing the job. Can you explain what
>>>>>> is ‘not working’ ?
>>>>>>
>>>>>> In your current setup, the DHCP server is running on the switch at
>>>>>> the edge or is it on a ‘core switch’ ? Let’s say you have 3 access
>>>>>> switches, connected back to one core switch, but doing L3 (VLANs stays at
>>>>>> the access switches level). DHCP server is on the access switches or on
>>>>>> the
>>>>>> core switch ?
>>>>>>
>>>>>> The things is, I’m unsure if, when the DHCP server running on the
>>>>>> same switch where the VLAN is ending (L2 connectivity), iphelpers can do
>>>>>> the job.
>>>>>>
>>>>>> If you can share a network design, that’d be great… I guess… ;)
>>>>>>
>>>>>> (Sorry if it was part of a previous discussion, I clicked the link
>>>>>> which was leading me to another previous conversation, which was also
>>>>>> leading me to another discussion… I’ve been lost in the Matrix while
>>>>>> trying
>>>>>> to figure out which conversation was the initial one!)
>>>>>>
>>>>>> Cheers!
>>>>>> dw.
>>>>>>
>>>>>> --
>>>>>> Derek Wuelfrath
>>>>>> [email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153
>>>>>> (x110)
>>>>>> Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu)
>>>>>> and PacketFence (www.packetfence.org)
>>>>>>
>>>>>> On May 14, 2015 at 06:12:01, Boris Epstein ([email protected])
>>>>>> wrote:
>>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> I have raised the issue previously:
>>>>>>
>>>>>>
>>>>>> http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg08765.html
>>>>>>
>>>>>> Basically, the issue is that I am trying to run a DHCP server on my
>>>>>> Cisco IOS (Catalyst) switches while I run my PF server that only has IP
>>>>>> connectivity to them (no VLAN connectivity as VLAN's are local to the
>>>>>> switches).
>>>>>>
>>>>>> The setup requires that IP update/status info for all nodes be
>>>>>> communicated back to the PF server. That is not happening for some
>>>>>> reason -
>>>>>> at least not via the Cisco's "ip helper-address" mechanism.
>>>>>>
>>>>>> So the question fundamentally is - how do I do that? What
>>>>>> implementations do any of you have out there that accomplish it? Sounds
>>>>>> like some people have DHCP servers separate from PF and switches. OK,
>>>>>> that
>>>>>> is an idea. What other implementations are out there?
>>>>>>
>>>>>> If you don't mind sharing that I will be very thankful.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Boris.
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>>
>>>>>> One dashboard for servers and applications across
>>>>>> Physical-Virtual-Cloud
>>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>>> Performance metrics, stats and reports that give you Actionable
>>>>>> Insights
>>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>>>
>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> One dashboard for servers and applications across
>>>>>> Physical-Virtual-Cloud
>>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>>> Performance metrics, stats and reports that give you Actionable
>>>>>> Insights
>>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> One dashboard for servers and applications across
>>>>> Physical-Virtual-Cloud
>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>> Performance metrics, stats and reports that give you Actionable
>>>>> Insights
>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>> Performance metrics, stats and reports that give you Actionable Insights
>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM
>>> Insight.http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> --
>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>> www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM
>> Insight.http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
