The private network consists of five 7304 routers, four at the user level and one at the top level. User networks are connected via trunks to the main switches. The address space being assigned for guest-reg is 10.64/14 for the main campus and 10.12/16 for the dorms. One for one address assignments are made up to /24, but shorter prefixes than /24 are not being assigned at this time. DHCP on the standard network is used to assign unregistered hosts an address in the net-10 space and the router address to the private network.
Lea has drawn network overview documents for the Self/Guest Reg System, and the PRV-* routers/network.
The web page explaining self-reg is: http://www.stanford.edu/services/selfreg/index.html
1) Verify that the appropriate vlan is active in the prv-network for
the subnet requested. Most vlans have been pre-configured on the
prv-routers but the vlans not added at the switch end of the trunk.
the prv-routers are (and connect to):
prv-west-rtr Gi1:rtf6000(3/16) and Gi2: Yoza-rtr Gi3/11
Gi3/0/0: roza-dsw 5/0/10
Gi3/0/1: boza-dsw 5/0/9
prv-east-rtr Gi1:press6000(3/14) and Gi2:gsb, gsbmaster(9/16)
Gi2/0/0: poza-dsw 5/0/11
Gi2/0/1: goza-dsw 5/0/11
prv-quad-rtr Gi1:medech-6509(6/11) and Gi2:wireless3750(1/0/24)
To verify for Polya, ssh to prv-west-rtr and type "show ip route
10.64.18.1" and see if it shows up as "connected."
If the network is not found on the prv router, either create it,
if you're feeling brave about configuring a router, or ask the backbone group
(really Lea) to create the interface for you.
Net to OZ relationships.
2) Set the vlan to be active in the trunk from the dsw switch to the
prv-router.
i.e.: For Polya, boz-vlan500, add VLAN 500 to the trunk of port
5/0/9 of boza-dsw:
boza-dsw# interface GigabitEthernet5/0/9
switchport trunk allowed vlan add 500
3) Add the 10.6x address space to the network entry in NetDB. In most
cases, the address space should be /24. for prefix lengths >24,
match the 171.6x.yy.zz prefix. Add "permit=only-unknown-clients" as a
DHCP option for that address space. You also need to create IPC addresses, too,
probably around 60, start at 20.
3a: As an example, here's the y2e2-net entry:
name: Y2E2-net
type: Network
group: Networking
comment: ROZ-vlan810
ip-subnets:
1) addr space: 10.62.44.168/30 lo: 1 hi: 1
2) addr space: 10.63.44.168/30 lo: 1 hi: 1
3) addr space: 10.67.80.0/24 lo: 5 hi: 5
comment: SNSR range
dhcp-opt: domain-name-servers=10.64.10.100,10.64.10.101,10.64.10.102
permit=only-unknown-clients
dhcp-addr: 10.67.80.10 DN0a43500a.SUNet
...
(Note, that network is a "host reg" network, not a "SNSR" network, so it references
captive DNS servers that are no longer needed for SNSR. After Fall 2009, we will have
to remove all the captive DNS references).
4) Add the 10.6x.yy.2 address (unmarking active) to the NetDB entry for
the OZ-A dhcp router interface for that network. This allows DHCP to
work for the 10.xx range on that network. To find the oz-a dhcp router
for an address range, look for the 10.62.xx.yy/30 entry and add 1 to it.
4a: Here's what RozA-dhcp-rtr looks like for Y2E2's entry:
name: roza-dhcp-rtr.NoDomain
...
30) ip-addr: 10.62.44.169 roza-vlan810-dhcp
10.67.80.2 off
171.67.81.254 off
172.27.80.254 off
5) Add the 10.6x.yy.3 address (unmarking active) to the NetDB entry for either
the OZ-B dhcp router for firewalled nets, or to the OZ-A regular router for
non-firewalled nets. Since this involves extra work when converting from a
non-firewalled net to a firewalled net, you may want to wait until the network
has been moved to the firewall before activating SNSR. To find the oz-b dhcp
router, look for the 10.63.xx.yy/30 for that network and add 1 to it.
5a: Here's what the RozB-dhcp-rtr looks like for Y2E2:
name: rozb-dhcp-rtr.NoDomain
...
interfaces:
2) ip-addr: 10.63.44.169 rozb-vlan810-dhcp
10.67.80.3 off
171.67.81.253 off
172.27.80.253 off
6) In the prv-router NetDB entry, create a new interface for the
10.xx.yy.1 address for the private network router which connects to
that vlan.
6a: Here's the part relevant for Y2E2 net:
name: prv-west-rtr.SUNet
alias: wax-rtr.SUNet
interfaces:
... 13) ip-addr: 10.67.80.1
7) Create the templates, either one for the whole network, and/or organizational templates.
Create the snsr-<networkname>-net template exists for that vlan. Note that templates must either end in "-net" or begin with "mednet-"
From NetDB, open the master template, called hostreg-netname. Make a template from it. DO NOT MODIFY IT!
After clicking "Use as a Template" the first thing to do is to check the template box so that the new record you create is really a template. You're making a new template from a template, so check that box.
Make the name hostreg-networkname-net. I.e. for 171.64.20.0/24, listed as pine-b-net, the template is called hostreg-pine-b-net (not hostreg-pine-b-net-net, or hostreg-pine-net). If the network name doesn't end in -net already, you have to ???.
What to do for each field:
Department: If the LNA didn't specify, use whatever their "LNA Department" is from their NetDB user record.
Location: If they didn't specify, look up the specified IP range in https://www.stanford.edu/group/networking/dist/sunet.reports/bldg2subnet.html and choose the building with the most hits.
Administrators: If they didn't specify an admin team, list them. That'll learn 'em!
Custom Fields: Leave blank, they can modify if they wish.
Template Default IP address Space: Should match the IP range they specified, if they didn't specify, ask them, it's safer for us to set this instead of the LNA.
NetDB Groups: If they didn't specify, list every group that shows up under that IP space in the network record.
Save it, send them an email, let them know they can play with it as they wish, admonish them not to un-check the "template" checkbox.
Here's the finished Polya Template (Jeanmarie and Yue must be brave women...) as an example:
Look up the 4-character organizational code for the department. Most of them are already in NetDB according to NetDB departments at https://netdb.stanford.edu/DepartmentsList or, if it isn't listed, go to the master list and figure it out. You can correct the org codes and or add missing ones in NetDB by the manage...department link of the NetDB main page.
From NetDB, open the master template, called hostreg-netname (it's the same master template for either network-wide or organizational templates). Make a template from it. DO NOT MODIFY IT!
After clicking "Use as a Template" the first thing to do is to check the template box so that the new record you create is really a template. You're making a new template from a template, so check that box.
Name the record hostreg-orgcode-org (optionally -1, -2, etc.). I.e., for Philosophy, Org Code PJIM, which has people in two locations (Bldg 90 and Bldg 100), we need to make one for each location. The hostreg-PJIM-1-org template is for Bldg 90 and hostreg-PJIM-2-org template is for Bldg 100. Once you create the -1, you should use it as a template for the -2 etc. templates.
What to do for each field:
Department: This needs to match the department specified by the Org Code. Generally, the reason for doing organizational templates is because there is more than one department in a network, and/or a department spans networks or buildings.
Location: If they didn't specify, look up the specified IP range in https://www.stanford.edu/group/networking/dist/sunet.reports/bldg2subnet.html and choose the building with the most hits. If, as in the case of the Philosophy group, the whole point of making organizational templates is to deal with multiple buildings, confirm with the LNA which buildings are used.
Administrators: If they didn't specify an admin team, list them. That'll learn 'em!
Custom Fields: Leave blank, they can modify if they wish.
Template Default IP address Space: Should match the IP range they specified, if they didn't specify, ask them, it's safer for us to set this instead of the LNA.
NetDB Groups: If they didn't specify, list every group that shows up under that IP space in the network record.
Save it, send them an email, let them know they can play with it as they wish, admonish them not to un-check the "template" checkbox.
Here's the finished Philosophy in Bldg 90 template:
