Lab migration notes

VLANs by design

VLANs need to be defined somewhere by an ID, for example: 42. If a parent organization is defining networks by VLANs, there is already an existing ID. When I plug in a switch to a data center, they tell me what network VLANs they have assigned to me and I configure the switch accordingly. If I want to define my own VLANs, then I would set up a router with 2 interfaces (inside and outside), define my own VLAN IDs and tell the switch to keep track of those. If I can run cables from one switch to the next, I can pass my own VLAN IDs around. If I need to pass VLAN IDs over someone else’s wires, I need to communicate the VLAN ID so that we don’t pick the same number.

On the switch we can define VLANs in a database.

Per-interface:

  • define a pvid (which is the default)
  • declare which VLANs to participate in
  • declare which VLANs to tag
interface 0/42
storm-control broadcast level 30
storm-control multicast level 30
description 'You could descibe each interface'
mtu 9216
vlan pvid 42
vlan participation include 42,203
vlan tagging 203
exit

So in this example, a system plugging into the switch on port 42, would default participate in the 42 VLAN. Additionally (within the OS) an interface could be defined to communicate on 203 vlan (since participation is allowed and the frames will be tagged).

How can I see who is communicating on which VLAN?

From the switch, there may be a command to show the mac address table (show mac-addr-table). Entries expire quickly, so you may need to run it a few times to get a sense of which MAC addresses are talking on which VLANs.

Another way to see, is to query the network neighbor cache using arp -an (after doing something like nmap).

DHCP (Why configure each server?)

Install the service on Ubuntu using apt:

sudo apt install isc-dhcp-server

Edit the configuration file:

vim /etc/dhcp/dhcpd.conf

Some useful settings would be the range of IP addresses to give out for each subnet, the default gateway, DNS and NTP servers.

In Ubuntu 20, you will need to specify the interface (in two places).

Note: the settings are slightly different for publicly routable addresses

Finally sudo service isc-dhcp-server restart to apply the configuration.

There are several communtity guides and references around on this topic, but they all seem really simple (but nothing is as authoritative as the ISC page on DCHP.

Note: seeing DHCPDISCOVER/DHCPOFFER, but no DHCPACK could mean that a misconfiguration with DHCP snooping is intercepting the client server conversation. Consequently, such a problem should be investigated and resolved.

2021

Troubleshooting sound in Linux

less than 1 minute read

When your monitor connection is HDMI but the monitor doesn’t have speakers. Sound works over HDMI, but not in the headphone jack. Some have the opposite prob...

Lab migration notes

2 minute read

VLANs by design VLANs need to be defined somewhere by an ID, for example: 42. If a parent organization is defining networks by VLANs, there is already an exi...

Binary analysis

less than 1 minute read

If you want to start exploring binaries, this might be a good place to start: http://pwnable.kr/

Searching for elastic

less than 1 minute read

After reviewing the video guide on elastic’s website, it seems like it could be easy to just grab the executable and start it (now that Java comes with the p...

Back to top ↑