VLAN Mapping (VLAN Translation) – Part 3

VLAN Translation on Juniper Devices

On Juniper devices, VLAN translation term is used for mentioning the swap of incoming VLAN id to a new VLAN id. In the below configuration examples, we will do this job on Juniper devices.

In the first example, we will swap the incoming VLAN 60 tag with the new VLAN 120 tag and incoming VLAN tag 70 with the new VLAN tag 140. The other packets with the different VLAN tag than 60 and 70, will be dropped if there is no other VLAN translation configuration. Only the incoming packets with the VLAN tag 60 and VLAN tag 70 will be passed and they will be swapped with VLAN id 120 and 140.

The configuration of the above scenario is below:

[edit]
Router# set vlans VLAN_120_Outgoing vlan-id 120
[edit]
Router# set interface ge-0/0/0.0 mapping 60 swap
[edit]
Router# set vlans VLAN_140_Outgoing vlan-id 140
[edit]
Router# set interface ge-0/0/0.0 mapping 70 swap

Router# show configuration vlans
vlan-120 {
vlan-id 120;
interface {
ge-0/0/0.0 {
mapping {
60 {
swap;
}
}
}
}
dot1q-tunneling;
}
vlan-140 {
vlan-id 140;
interface {
ge-0/0/0.0 {
mapping {
70 {
swap;
}
}
}
}
dot1q-tunneling;
}

Here, we use “dot1q-tunneling” command because of the fact that there are more than one VLAN. If we make this translation for one VLAN, we do not need this command.

As a second example, we can use a double tagged packets. In this example the configuration is the same. But here, there are two tag, inner and outer. The outher tag will be swapped as tthe previous example. But the inner tag remains. It is used as inner of the frame with the new outher tag.

As mentioned in the above shape, we have a packet that has VLAN tag 60 as outer tag and VLAN 30 as inner tag. And we have another packet that has only one VLAN tag 70. In this example, the doubled tagged packet’s inner tag, VLAN 30 will remain. But the outher VLAN tag, VLAN 60 will be changed with VLAN 120. The other packet has only one VLAN tag, VLAN 70. So, this will translate to the VLAN 140.

The related configuration is below:

[edit]
Router# set vlans VLAN_120_Outgoing vlan-id 120
[edit]
Router# set interface ge-0/0/0.0 mapping 60 swap
[edit]
Router# set vlans VLAN_140_Outgoing vlan-id 140
[edit]
Router# set interface ge-0/0/0.0 mapping 70 swap

Router# show configuration vlans
vlan-120 {
vlan-id 120;
interface {
ge-0/0/0.0 {
mapping {
60 {
swap;
}
}
}
}
dot1q-tunneling;
}
vlan-140 {
vlan-id 140;
interface {
ge-0/0/0.0 {
mapping {
70 {
swap;
}
}
}
}
dot1q-tunneling;
}

In this article series, we have talked about the VLAN mapping (translation) configurations for Cisco and Juniper devices. I hope this article will be useful for you.

VLAN Mapping (VLAN Translation) – Part 2

VLAN Mapping on Cisco Devices

On Cisco devices, VLAN mapping term is used for mentioning the swap of incoming VLAN id to a new VLAN id. In the below configuration examples, we will see Cisco configuration for this swapping. Lets check this configuration for a Cisco switch. The related congfiguration steps are:

Switch# configure terminal
Switch(config)# interface interface-id
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport vlan mapping vlan-id translated-id
Switch(config-if)# end

And to verify, the below command scan be used:

Switch# show vlan mapping
Switch# copy running-config startup-config

As an example, we can configure the customer 10,20,30 and 40 VLANs(C-VLAN s) to the Service provider vlans(S-VLAN s),110,120,130 and 140.

Switch(config)# interface gigabiethernet 0/1
Switch(config-if)# switchport vlan mapping 10 110
Switch(config-if)# switchport vlan mapping 20 120
Switch(config-if)# switchport vlan mapping 30 130
Switch(config-if)# switchport vlan mapping 40 140
Switch(config-if)# exit

Q-in-Q Mapping on a Trunk Port

By default all the packets in a tunnel mapped to the configured S-VLAN . In the example below, VLAN 1 to 4 is configured as allowed VLAN in the trunk. By default this means that these VLAN tagged packets will be allowed by Service Provider.

The related configuration is below:

Switch# configure terminal
Switch(config)# interface gigabiethernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 1-4
Switch(config-if)# end

But we can select the VLAN by selective Q-in-Q. In the below example we configure the mapping for C-VLAN 1-4 to the VLAN 100. Th other traffic than VLAN 1-4 will be dropped.

Switch(config)# interface gigabiethernet0/1
Switch(config-if)# switchport vlan mapping 1-4 dot1q-tunnel 100
Switch(config-if)# exit

To verify, use the below verification command:

Switch# show interfaces gigabiethernet0/1 vlan mapping

VLAN Mapping (VLAN Translation) – Part 1

In the different locations of the customer, the same VLAN tag means the same. But there is a service provider network between the customer locations. Customers and the service provider use different VLAN tags in their networks. So, here there must be VLAN mapping or in other words VLAN translation must be done in the edge of the network.

This two diffferent network’s VLANs are mentioned as C-VLAN and S-VLAN . C-VLAN is thecustomer VLAN and S-VLAN is the service provider VLAN.

In different vendors, VLAN mapping is defined with different words. VLAN mapping term is used with Cisco configuration, VLAN translation is used for Juniper configuration.

In this article, we will check the translation of one VLAN to another VLAN for diffferent vendor’s configurations. This can be mentioned as swapping an incoming VLAN tag with a new VLAN tag.

NTP Time Server Configuration in Windows Server 2008R2

Introduction
Time synchronization is one one of the most important aspect in a modern computer network. Network Time Protocol (UDP 123) is the protocol designed to synchronize the clocks of your computers over the network. This tutorial will guide you to configure an NTP Time server in your network. This server will act like an authoritative time server in your domain which will serve the client computers. The NTP Time server in your network will get time from an external time source like time.windows.com or time.nist.gov or from the system BIOS. In our scenario I am going to configure an NTP Server in a PDC Emulator that will obtain time from an external source.But Windows recommend us to configure an NTP server to obtain the time from a hardware source for improved security and accuracy. So optionally I will mention how to get the time from an internal source too.
Here I am listing out few importance of Time synchronization in a network:1. Effective DC & DFS Replication.2. Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.

3. To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.

This document will help you to configure a NTP Time server in Windows Server 2008.
Enabling & Configuring NTP Server
1. Change the server type to NTP.
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the pane on the right, right-click Type, and then click Modify. In Edit Value, type NTP in the Value data box, and then click OK.
2. Set AnnounceFlags to 5. 
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the pane on the right, right-click AnnounceFlags, and then click Modify. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
3. Enable NTPServer.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

In the pane on the right, right-click Enabled, and then click Modify .In Edit DWORD Value, type 1 in the Value data box, and then click OK.

4. Specify the time sources.
Open a command prompt and type the command as below: w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

peers: time.windows.com or time.nist.gov

5. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
   net stop w32time & net start w32time 

Some Useful commands
1. To resynchronize time : w32tm /resync
2. To verify the configuartion : w32tm /query /configuration and w32tm /query /status
3. Display the current time zone settings : w32tm /tz
4. To reset the registry settings of NTP server:
     net stop w32time
     w32tm /unregister
     w32tm /register
     net start w32time
5. To synchronize time with a linux client : ntpdate server_IP
 
Allow UPD Port 123 through Firewall

Make an exception in your firewall to allow UDP port number 123.

Apply the NTP client settings via Group Policy(Optional)

Now we have to tell the client computers to obtain the time from the NTP Server. The policy is applied via GPO. The procedure is as follows:

1. Locate the Group Policy Object : Computer configuration/ Policies/Administrative Templates/ System /Windows Time Services/ Time providers

2.  Enable the below settings:
Configure Windows NTP Client (In our case, it is the IP of the PDC)
Enable Windows NTP Client


Obtaining time from a Local Source (Optional)This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:1. Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right-pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type A in the Value data box, and then click OK.
Close Registry Editor.
At the command prompt, type the following command to restart the Windows Time service:
  net stop w32time && net start w32time

By accomplishing the above tasks you can configure an NTP server in your domain.

For more information about NTP you can visit : http://www.ntp.org/