Monday, March 19, 2012

VLAN crash course

A switch is a device that connects different devices together to form a similar physical network.

If you have two switches with devices connected to each of them, that means you have two separate physical network. In order to make them into one physical network, you join the two switches together by using appropriate connecting cable(s).

VLAN (Virtual Local Area Network) however is the total opposite of that. It allows you to create two or more separated networks on the same physical device.

The reason why VLAN is useful is because it makes no dollar sense to spend more on additional hardware just to support another network especially if it is just a small one and can fit into the current available resources. It is like having a big room separated by partitions to house two occupants rather than having two big identical rooms to house one occupant each.

This guide is meant to help you understand VLAN in the shortest time possible and hopefully allows you to plan and implement them in your network on your own.

Lets go through the technical details first. Take note, this guide is in reference to switches which is the device you will most commonly need to configure more than anything else.

Technical Terms
1. VLAN IDs

All VLANs in a switch must be identified with a number. The number to be used is directly connected to the maximum of VLANs the switch can support. If the switch supports 8 VLANs, then the ID(s) to be used must fall within the range of 1 to 8 only.

The ID are not restricted to any running order, as long as it meets the above requirements. For eg you can have two VLANs with IDs 1 and 5 and not necessarily 1 and 2.

2. Untagged/Tagged Mode

Untagged mode is the default mode and will exist in any VLAN capable/enabled switch. Untagged mode means the packet is not modified in any way as if no VLAN is configured on the switch. Simply put, in a non VLAN capable/enabled switch, all the ports on the switch is considered Untagged.

Tagged mode means that packets will be modified to identify them to a VLAN.

Using an analogy, imagine a post office that requires parcels intended for overseas destination to be marked (Tagged). If a post master receives a Tagged parcel, he knows that it is meant for overseas delivery and will inspect the destination country (VLAN ID). This automatically means that any unmarked parcels (Untagged) are for local delivery without even having to inspect the destination country.

Basic Rules

1. 
A port on a switch can support one or more VLANs subject to a maximum number of VLANs the switch can support.

2. If there is only one device connected to switch

2. If a port is configured with multiple VLANs, only one of those VLAN can be Untagged while the rest must be Tagged.

The reason for this is simple. Untagged means default. You cannot have more than one default as it will cause confusion.

Using the post office analogy, when the postmaster receives two Untagged parcels, he will assume they belong to one VLAN as there is no way to identify otherwise.

So even if it is possible to assign a port to two Untagged VLANs, it will be pointless because there is no way to identify and separate them.

3. The ID and tagging on the other end of the cable must be the same.

This means that if you set a port to VLAN ID 6 Tagged, the device at the other end of the cable must also be configured VLAN ID 6 Tagged.

Friday, March 2, 2012

Federating Microsoft Office Communications Server with XMPP

If you are trying to federate your OCS or Lync service with an XMPP domain using Microsoft Office Communications Server 2007 R2 XMPP Gateway, you will need to do the following

1. Create an SRV record on your DNS server

_xmpp-server._tcp.your-xmpp-domain-name SRV 0 0 5269 xmpp-gateway-hostname

You can test if your service record is correct by using nslookup command. The following is an example of a lookup for Google’s XMPP service.

system:~ # nslookup
> set type=srv
> _xmpp-server._tcp.gmail.com
Server: 165.21.83.88
Address: 165.21.83.88#53

Non-authoritative answer:
_xmpp-server._tcp.gmail.com service = 5 0 5269 xmpp-server.l.google.com.

2.  Install the latest patch for the XMPP gateway

3. Configure the XMPP gateway security settings to TCP dialback.

4. Set your XMPP server security settings to accept TCP dialback. You may need to disable TLS as well to force it to use TCP dialback.