Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 51
  1. #21
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    So you're running three layer 3 networks on a single layer 2 network? ie, if I changed my IP from 192.168.200.5 to 192.168.201.5 I could talk to all the machines on the 192.168.201.0/24 subnet? Is there a reason for this?

    How is the router cabled to the switch? What features are you using on the router that can't be performed by the Untangle?
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  2. #22
    Untangler
    Join Date
    Mar 2011
    Posts
    48

    Default

    Quote Originally Posted by sky-knight View Post
    Untangle will work in your case, you must disable ARP defenses in the Procurve, and the Watchguard, then install Untangle with the /16 netmask as described and it should simply work.
    What ARP defnses? I have never had to look into it before. As to my time, that is fine with them as long as they do not have to spend hard cash. Penny wise and pound foolish is the order of the day here.

  3. #23
    Untangler
    Join Date
    Mar 2011
    Posts
    48

    Default

    Quote Originally Posted by mrunkel View Post
    So you're running three layer 3 networks on a single layer 2 network? ie, if I changed my IP from 192.168.200.5 to 192.168.201.5 I could talk to all the machines on the 192.168.201.0/24 subnet? Is there a reason for this?

    How is the router cabled to the switch? What features are you using on the router that can't be performed by the Untangle?
    Partially because that is the way it was when I got here. At one time there were separate VLANS and the network was segmented. All of that has been removed. It would probably be better for us to use a CLASS B private network internally given that we have more devices than a Class C can provide.

    Technically we have 4 Class Cs, one is for our phone system.

    It looks like pfSense will not give me the reporting that I need, so I am going to try Untangle again. The previous post mentioned removing ARP defences on my core switch...but I do not know what they mean by that. I have never had to play with ARP on a Procurve.

  4. #24
    Untangler GenieonWork's Avatar
    Join Date
    Apr 2011
    Location
    The Netherlands
    Posts
    64

    Default

    A sledgehammer will do the trick on removing the ARP-defenses on the Procurve

    But I sure would recommend going to class B internal network.
    That's what I did at my previous job (and no, that wasn't the reason I switched jobs ).
    It makes work so much easier!
    You still can devide the devices by using DHCP-reservations.
    Just set it up once, and you'll never have to look at it again (or at least, that's the case when you set it up right).

    Once again, that's what I did at my previous job, and it all worked out fine!
    Went from 7 class C subnets to 1 class B.

  5. #25
    Untangler
    Join Date
    Mar 2011
    Posts
    48

    Default

    I have read the documentation on the procurve, and mine does not seem to have the commands arp-protect, etc (yes I was in config mode) so I cannot even check the status.

  6. #26
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Quote Originally Posted by don_bedlam View Post
    Partially because that is the way it was when I got here. At one time there were separate VLANS and the network was segmented. All of that has been removed. It would probably be better for us to use a CLASS B private network internally given that we have more devices than a Class C can provide.

    Technically we have 4 Class Cs, one is for our phone system.

    It looks like pfSense will not give me the reporting that I need, so I am going to try Untangle again. The previous post mentioned removing ARP defences on my core switch...but I do not know what they mean by that. I have never had to play with ARP on a Procurve.
    Unless you're in a time warp, you don't have any class anythings. You have 4 /24's.

    Don't worry about ARP defenses, I'm not sure what he was getting at there.

    Untangle is not going to work in your environment as a bridge in the position you're placing it, not with the 2/3rds of the devices disagreeing on what is local and what isn't with the Untangle.

    If you can expand the netmask on all your devices to /16, that would be ideal.

    1.) You'll stop forcing your router to move packets around
    2.) You'll be able to use the Untangle.

    If you have DHCP enabled, this should be no more than a weekend's worth of work.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  7. #27
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    If you don't have arp protection features, then don't worry about it.

    And Mrunkel I was only pointing it out because I've got some ASAs that freak out with Untangle behind them thanks to layer2 not being maintained.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #28
    Untangler
    Join Date
    Mar 2011
    Posts
    48

    Default

    Quote Originally Posted by mrunkel View Post
    Unless you're in a time warp, you don't have any class anythings. You have 4 /24's.

    Don't worry about ARP defenses, I'm not sure what he was getting at there.

    Untangle is not going to work in your environment as a bridge in the position you're placing it, not with the 2/3rds of the devices disagreeing on what is local and what isn't with the Untangle.

    If you can expand the netmask on all your devices to /16, that would be ideal.

    1.) You'll stop forcing your router to move packets around
    2.) You'll be able to use the Untangle.

    If you have DHCP enabled, this should be no more than a weekend's worth of work.
    Most of the desktops are DHCP. We do have a lot of things that are not, like development kits for PS/2 and Xbox360 and servers. I have never just changed the netmask before on a network (I have done the whole network readdress from Class C to Class B).

    We do need to come in at some point and rewire much of the office because we have all these little desktop switches around and we want to get rid of as many as possible.

    Any chance that by doing this it could improve network performance because things would not have to be routed at the firewall? That would be lots of win

  9. #29
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Removing the router may improve performance, it can also make it worse. Right now you have multiple broadcast domains living on a single collision domain. Making everything a single /16 would make a single broadcast domain on a single collision domain.

    I doubt layer 2 wise the two configurations make any difference at all. The difference is your stations would all have more broadcast work to do to track all the resources. And Microsoft devices tend to be chatty things on networks, their game consoles included.

    You have your work cut out for you.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #30
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    If devices from one subnet are communicating with devices in another subnet, then yes, you will instantly gain performance for those links.

    Expanding the subnet range should have no other affect. Your just modifying the layer 3 broadcast domain and allowing the two devices to communicate directly instead of through the router.

    Your layer 2 broadcast and collision domains are unaltered.

    I forsee no if very few problems with this, as long as all the subnet masks are the same.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

Page 3 of 6 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2