sorry if this is not exactly a "programming" question! I have two PCs on a LAN, connected to two different subnets: one on 192.168.95.x and the other on 192.168.200.y. I have DHCP enabled and if I ping one of the two with PC name, the DNS resolves the IP address correctly for both. However, the ping fails with request timed out every time. I expected that with DHCP enabled both PC should be able to communicate without problem, but apparently not? Thanks!
1 - Try doing it with firewalls off on both devices
2 - Try do a tracert (if these are Windows Machines) from one PC to another.
3 - You need to set up routing between the subnets, did you check this?
4 - Did you troubleshoot the switches they are connected to?
Related
Is it possible to ping mininet ip? I found mininet's ip starts with 10.0.2.15 . I can ping from mininet to others. However, I failed to ping other place to mininet. How can I setup this?
10.0.0.0/8, which is 10.0.0.0 - 10.255.255.255 are IP addresses used only locally, they are not accessed from the internet (other networks). Here is some info from IANA:
These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.
These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records.
I have to build up a second network with Windows Server 2012 as DHCP and AD.
The PC for the Windows Server 2012 has two NIC's:
The first one 192.168.10.* (NIC1) should get the IP-Addresses from our Windows-Server and lives in it's own subnet. Except for the Internet-com, that should be handled over the NIC2.
The second one 192.168.20.* (NIC2) gets its IP-addresses from a Linux DHCP but has the connection to the internet.
Is that possible and would there be an easy solution?
You just have to make sure that NIC1 doesn't get a default gateway by DHCP.
On the DHCP server, use a reservation and in its options set option 003 Router to nothing. The PC will then use only the default gateway from NIC2.
I am very new to Cisco networking (haven't done any course either). I have been trying to learn a bit of networking myself and had no trouble in doing some of the basic stuff which i needed for my personal work. But i am planning to buy a new Cisco switch(a gigabit switch) and configure it to 2 different networks (1 being an internet and other being a separate network for a specific job). I want to configure the ports in such a way that the first few slots for normal internet and the rest for my other network. For example if its a Cisco 2950 48 port switch, the first 1-16 port for my local internet network and the ports from 17-32 for my other network. Can somebody give me a run down on how to achieve this? Sorry for such a long but basic question, i am just trying to save few $$ and learning something new. Any help would be appreciated. Cheers
You can just create the 2 different Vlans and Give the Access port to the 1st vlan with port 1 - 16 , And for Second vlan Give access port remaining Ports. As well you can also configure 2 different network on Single Switch .
Vlans can separate the network traffic away from each other. For Example
Int range gi 0/1 - 16
Desc Local Internet Network
Switchport access vlan 444
Switch port mode access
Int range gi 0/17 - 32
Desc Other Network
Switchport access vlan 555
Switch port mode access
Of course it depends on what you plug into the ports? depends on what type of switchport it is going to be.
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name Local_Internet_Network
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name my_other_network
Switch(config-vlan)#exit
Switch(config)#interface range gigabitEthernet 0/1-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range gigabitEthernet 0/17-32
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#exit
Switch#write memory
and check on trunk
The 2950 switch was a L2 switch only last time I checked so it will not be able to route between the VLANs. You may want to consider a small firewall in order to provide the layer 3 element (routing) and block any internet traffic from hitting your LAN. You can then also utilise a switch with this topology.
The respective switch VLANs for Internet and LAN would be connected to the relevant Internet /LAN firewall ports and your servers would be connected to the LAN. The switch management port should also be on the trusted LAN network or a dedicated management VLAN.
I have a PFsense setup with a WAN, LAN and Management interface.
On the LAN interface, I want to block access to several LAN ip`s. These are accesspoints with a webinterface.
My rules are below. What am I doing wrong?
https://www.dropbox.com/s/nyrr2ot61tna3pj/fw.png?dl=0
Argh, ofc this cant be done using a router as it doenst pass traffic on the LAN, devices communicate directly with eachother
To elaborate, what you've done is create two rules. The rules say that any traffic coming in from any device on the LAN, can't have a destination of '5.1 ports 22-443 (or '5.2 any port) otherwise it'll be blocked. The problem is that if its already on the LAN and its destination is on the LAN as well, it'll never go via your router in the first place, so the rules won't ever be acted on.
Its a bit like having 3 PCs on a LAN and one of them has a firewall rule that if the other 2 send traffic between them it should be blocked - its useless and can't do anything.
I have the following problem:
I have Windows 2003 RAS VPN server configured with a single Nic (let's call it LAN1) behind a firewall (lets call it's public address WAN1). PPTP & L2TP ports are forwarded to the Server.
When a client (Windows or LINUX) in a remote network behind a firewall (LAN2) tries to connect to a PPTP VPN on the WAN1 everything goes fine.
When a second client in the same LAN2 tries to connect to the same VPN on the same WAN1 I get an error 629.
It's independant of which machine gets the first connection.
Apparently the problem is also independant of the router/firewall hardware of LAN2 (We have tested it from at least five different types of remote small router/firewalls - linksys, huawey, d-link, etc.)
The firewall WAN1 listens to two internet connections. The problem is independant of which external address the clients are pointing to (even if two different workstations point to different IP addresses to attempt to stablish a vpn).
Inside LAN1, there is no such limitation and multiple workstations connect just fine.
Theres also no limitation from different remote LANs.
Is this a limitation of PPTP protocol?
Thanx in advance.
From your description it sounds like the issue is at the remote end. You mention that when a second user from LAN2 attempts to reach the same VPN server at WAN1 you receive an error.
Depending on the firewall mechanism in use there can be a "limitation" that exists with regard to PPTP connection tracking and multiple VPN connections to the same server address.
Google: pptp multiple connections to same ip
Due to the way in which NAT tracks PPTP connections, specific modules need to be loaded in order to handle multiple connections to a single server.
If it's netfilter based, make sure 'nf_conntrack_pptp' and 'nf_nat_pptp' are loaded.