gillbot Posted March 31, 2016 Report Share Posted March 31, 2016 I know there are a bunch in here involved in IT so i'm looking for advice. I'm mostly self taught in networking and I know enough to be dangerous at my job. I can ping, know what ARP is, etc. I have ZERO certifications nor desire for any of that. With that said, I'm looking into learning about VLANs as we have a couple customers running them and I believe they are causing issues with our systems. For the inevitable "What is your system" question: http://www2.emersonprocess.com/en-us/brands/csitechnologies/cppm/csi6500/pages/csi6500machineryhealthmonitor.aspx I basically give it a static IP per "rack", the server has a static IP and they all communicate. You access the server to do pretty much anything and the server sends commands to the racks. This entire setup is on it's own VLAN and they use a tunnel to allow people onsite on a different VLAN to access the system. The problem is, the system seems to stop responding from their other VLAN sporadically but locally the system is alive and 100% operational. This tells me that the tunnel from one VLAN to the other isn't working right but they insist "it's fine". Furthermore, this happens most from ~7am till about ~5pm which says their network traffic from people being in the office is cluttering it up or something. What I want to do is use one of our systems and set up a VLAN similar to theirs at my house so I can mimic what they are doing. What I need are some good guides or tutorials I can read on VLANs and how to tunnel traffic between them to specific IPs. Quote Link to comment Share on other sites More sharing options...
Tractor Posted April 1, 2016 Report Share Posted April 1, 2016 Googling how to set them up is pretty easy and straight forward. They must be on different IP schemes in order to avoid conflict unless your setting up and managing DHCP correctly and they are connecting to a main office server that is correctly configured. Are you using hardware VLANs or doing this through something like server 2012. I only have experience doing it over windows, but I hear it's better using third party VLAN software or hardware is even better. Quote Link to comment Share on other sites More sharing options...
gillbot Posted April 1, 2016 Author Report Share Posted April 1, 2016 Googling how to set them up is pretty easy and straight forward. They must be on different IP schemes in order to avoid conflict unless your setting up and managing DHCP correctly and they are connecting to a main office server that is correctly configured. Are you using hardware VLANs or doing this through something like server 2012. I only have experience doing it over windows, but I hear it's better using third party VLAN software or hardware is even better. There will be no DHCP, all IP's will be set manually. I can create the VLAN groups in the switch right? Quote Link to comment Share on other sites More sharing options...
Zx2guy19 Posted April 1, 2016 Report Share Posted April 1, 2016 I work in HR supporting the IT organization. Open to looking? We have an architect role open, highest technical level we have. Quote Link to comment Share on other sites More sharing options...
mrhobbz Posted April 1, 2016 Report Share Posted April 1, 2016 What kind of tunnel are you using? Do you have access to its logs? Also do you have the public IPs for both of those end points? If so you can start narrowing it down easier, I would start running tests between that time frame you provided to see if you're potentially looking at an issue with a specific ISP or hop in that path. What are your VLANs managed with right now? It's hard to say here is how you create a VLAN and a bridge without knowing where they're being created (cisco/other hardware device, linux based router, etc?) Setting up a VLAN in IOS is typically very different from most other hardware devices and even more different than creating them on a linux router. I know there are a bunch in here involved in IT so i'm looking for advice. I'm mostly self taught in networking and I know enough to be dangerous at my job. I can ping, know what ARP is, etc. I have ZERO certifications nor desire for any of that. With that said, I'm looking into learning about VLANs as we have a couple customers running them and I believe they are causing issues with our systems. For the inevitable "What is your system" question: http://www2.emersonprocess.com/en-us/brands/csitechnologies/cppm/csi6500/pages/csi6500machineryhealthmonitor.aspx I basically give it a static IP per "rack", the server has a static IP and they all communicate. You access the server to do pretty much anything and the server sends commands to the racks. This entire setup is on it's own VLAN and they use a tunnel to allow people onsite on a different VLAN to access the system. The problem is, the system seems to stop responding from their other VLAN sporadically but locally the system is alive and 100% operational. This tells me that the tunnel from one VLAN to the other isn't working right but they insist "it's fine". Furthermore, this happens most from ~7am till about ~5pm which says their network traffic from people being in the office is cluttering it up or something. What I want to do is use one of our systems and set up a VLAN similar to theirs at my house so I can mimic what they are doing. What I need are some good guides or tutorials I can read on VLANs and how to tunnel traffic between them to specific IPs. Quote Link to comment Share on other sites More sharing options...
kshymkiw83 Posted April 1, 2016 Report Share Posted April 1, 2016 In short - VLANS don't 'tunnel' anything. VLAN - means Virtual LAN. All it does it drop a 4 byte VLAN ID on top of every Frame when it enters the network. To configure it depends on the network hardware in place. In the Cisco world - you build a VLAN 'vlan <vlan_id/#>' and then name 'FOO' then an interface/port as 'switchport mode trunk' and then a 'switchport trunk allowed vlan <vlan_id>' . At the end of the day - VLAN implies Layer2 before IP. To route between VLANS - you need a router or a routing device of some kind (Router/Layer 3 switch) Quote Link to comment Share on other sites More sharing options...
gillbot Posted April 1, 2016 Author Report Share Posted April 1, 2016 I work in HR supporting the IT organization. Open to looking? We have an architect role open, highest technical level we have. I'm open, but I highly doubt i'm qualified TBH. What kind of tunnel are you using? Do you have access to its logs? Also do you have the public IPs for both of those end points? If so you can start narrowing it down easier, I would start running tests between that time frame you provided to see if you're potentially looking at an issue with a specific ISP or hop in that path. What are your VLANs managed with right now? It's hard to say here is how you create a VLAN and a bridge without knowing where they're being created (cisco/other hardware device, linux based router, etc?) Setting up a VLAN in IOS is typically very different from most other hardware devices and even more different than creating them on a linux router. It's on a customer's network so they will not share much. I know they won't let me see logs or anything, so i'm going to get some setup info from them and try to duplicate the issue to help them get a workaround if possible. In short - VLANS don't 'tunnel' anything. VLAN - means Virtual LAN. All it does it drop a 4 byte VLAN ID on top of every Frame when it enters the network. To configure it depends on the network hardware in place. In the Cisco world - you build a VLAN 'vlan <vlan_id/#>' and then name 'FOO' then an interface/port as 'switchport mode trunk' and then a 'switchport trunk allowed vlan <vlan_id>' . At the end of the day - VLAN implies Layer2 before IP. To route between VLANS - you need a router or a routing device of some kind (Router/Layer 3 switch) I believe they are all Cisco devices, but I can confirm that to be sure. All I know is they have two (maybe more) separate VLANs configured. One set of ports is our systems and server, the other set is their maintenance network. They have permissions set (IIRC via HOSTS file) to allow certain machines access to our VLAN so they can talk to the server and units. We can get access outside of their plant via TeamViewer but not from 7am to 5pm (approximately) and they say it's our server. However, when i'm onsite I can get out fine and the system is 100% operational which tells me that there is traffic or something not allowing traffic to get in. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.