cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
0
Helpful
4
Replies

How to Manage IP's + Vlans

existhosting
Level 1
Level 1

Hello,

We need some expert advice on how to manage + setup the IP's and vlans for our dedicated server customers.

We have 2 /22 IP range to provide all our dedicated server clients. We are in the business of dedicated server rental.

Currently we setup 1 vlan per switch (24 or 48 ports) but it allows client to steal IP from other client and it is hard to manage when a client needs new IP's and we do not have any more empty IP in the same range of the VLAN. We usually manually route IP to the vlan but now it has given us a big routing table with xxx.xxx.xxx.xxx 255.255.255.255 entry

So our routing table is full of single IP routing to Vlans for the customers and it has become more of a hassle to manage than anything else.

We are not sure how the "GOOD" way to do it is. There are a lot of dedicated server hosting companies out there and we are very much interested to know how they manage that in their switches.

Can anyone provide a solution to this?

Thank You

4 Replies 4

jackyoung
Level 6
Level 6

I assume you are using layer 3 VPN, i.e. inteface VLAN and configure the IP in this interface. Each server or customer use separated VLAN, i.e. each customer has their IP segment.

If this is the case, you can use dynamic routing protocl then redistribute the connected interface (interface VLAN w/ IP) to the dynamic routing protocol. You will have a routing table w/ all VLAN. If the VLAN or interface which should not be included in the routing protocol, you can use"passive interface" to let those interface not be included in the routing protocol.

Or you can consider to use private VLAN to let each private VLAN not able to talk to each other but able to talk to common VLAN.

Check below for private VLAN info.:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e717.html

In both suggetions, you do not require static route per host.

Hope this helps.

Hello,

First as a correction to Jack's post, passive interface is not used to advertise or not advertise an interface subnet. Passive interface in EIGRP and OSPF means do not form any neighbor adjacency on this interface as for RIP it means do not send RIP updates but the interface will keep receiveing RIP updates. Therefore, passive interface is not used to set which network to advertise.

Using Private VLANs is a solution to have all users on same subnet but they can communicate with only one gateway. On the other hand, this does not prevent one of your clients changing his IP address and using any IP address range he would require. You don't want this to happen in your scenario.

I suggest the below:

- Divide the /22 subnets into smaller subnets and assign each customer a subnet based on his requirements.

- Create a VLAN on per subnet basis => on per client basis.

- IF you are using L3 switch it will do inter VLAN routing where all clients will be able to communicate to each others. If you don't want them to communicate with each others you filter traffic using a VLAN Access List and allow this client to communicate to his server on the same subnet and nothing else.

- If you are using L2 switches, then you creak a trunk to a router and create sub-interfaces on the router. This is called Router on a stick. Also, filter traffic between interfaces using ACLs.

I don't know if the above is clear enough but if you need further clarification let me know,

Appreciate your rating,

Regards,

Hi Mohamand, thanks a lot for your correction. It is my mistake, I suggest to filter the interface which should not be advertised by route-map in redistribute connected command.

Moreover, it is correct that if it is not required to make negibhor with adjacency, the passive interface is still required.

Thanks again to point out my mistake.

george_daly
Level 1
Level 1

My suggestion for a layer2 solution would be to use the ARP ACL functionality you get with IP ARP inspection to effectively glue an IP address to a MAC address. http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a0080211351.html#wp1039773

Cheers,

George

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: