CF Web>Networking>VLANInformation (2022-11-30, TomCauduro)

VLAN and IP address-space information

This page documents established network assignments (that is manually maintained). For the definitive list of VLans in use (that includes projects under developement) refer to this CSCF Vlan Information or IST's nsbuild application. For a discussion about general policies and our general network architecture, see the network schema discussion.

VLAN and IP address-space information

Additional references

Lan Switching: https://en.wikipedia.org/wiki/LAN_switching - definitions of Layer 2,3,4 ... etc switching
A reference to the VLAN and firewall information in the DRCSCS public web-space is at http://www.cs.uwaterloo.ca/cscf/policies/firewall. However, this information is obsolete as of January 2010. There is an accurate firewall zone quick reference in "Firewall Zones".

Router configurations

All of our vlans are routed one of five HP routers, as shown in the "Location" column of the reference tables below. The ONA links to their configurations are:

mc (ie mc-cs2): https://istns.uwaterloo.ca/ona/viewconfig.php?ipname=mc-cs2
mc border (ie cs-rt-mc-3015-a) : https://istns.uwaterloo.ca/ona/editdevice.php?ipname=cs-rt-mc-3015-a
dc (ie dc-cs2): https://istns.uwaterloo.ca/ona/viewconfig.php?ipname=dc-cs2
dc2303a (ie cs-rt-dc-2303a): https://istns.uwaterloo.ca/ona/viewconfig.php?ipname=cs-rt-dc-2303a
m3 (ie cs-rt-m3-3101): https://istns.uwaterloo.ca/ona/viewconfig.php?ipname=cs-rt-ms-3101

If two location labels appear (eg: mc-dc) that indicates an inter-building trunk (typically a /30 point-to-point network).

"Network name" column in the following tables

The network name column is intended to show the router name of the network, not the DNS name. The DNS name for the network is, by convention, assigned to the ".0" address (the address of the network) and can be determined from a standard DNS lookup.

Please be sure to use the correct name in the column. Router network names can be determined from the ONA vlan summary for the router on which the network is routed (see the bullet list above).

Current VLAN assignments

VLAN 438 is IST wired authentication or 802.1x (building independent)

Date: Thu, 14 Feb 2013 13:54:30 -0500
To: <noc@ist.uwaterloo.ca>, <ist-mgmt@lists.uwaterloo.ca>,
   <ctsc@lists.uwaterloo.ca>, <cnsc@lists.uwaterloo.ca>, <watcard@uwaterloo.ca>,
   <ist-css@lists.uwaterloo.ca>, <ist-itms@lists.uwaterloo.ca>,
   <acohelp@watarts.uwaterloo.ca>, <admin-support@lists.uwaterloo.ca>,
   <tg-networks@cscf.cs.uwaterloo.ca>, <kevin.kennedy@family-medicine.ca>,
   <esag@engmail.uwaterloo.ca>, <cmseitz@uwaterloo.ca>,
   <admin@pdeng.uwaterloo.ca>, <faccus@lists.uwaterloo.ca>,
   <isthd@ist.uwaterloo.ca>, <acoccia@uwaterloo.ca>, <sbradley@uwaterloo.ca>,
   <wcarroll@uwaterloo.ca>, <tkanerva@uwaterloo.ca>,
   <uw.network@rumours.uwaterloo.ca>, <reshelp@uwaterloo.ca>,
   <cskingle@uwaterloo.ca>, <rddigby@uwaterloo.ca>, <arbhagat@uwaterloo.ca>,
   <kjjack@uwaterloo.ca>
Subject: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: <daldwinc@uwaterloo.ca>

Description:     Activation of 802.1x in MC
Date: (YYYY-MM-DD)     2013-02-19
Start Time:              7 AM
End Time:   8 AM   
Impact:           
Resolution:     
Submitted By: daldwinc@uwaterloo.ca

Comment:        On the morning of February 19th, a number of network ports in MC will have 802.1X authentication turned on.

Ports in public locations may require users to authenticate before the port becomes fully active.

Dave Aldwinckle
IST Network Services

Notice Submitted:    Thu Feb 14 13:54:30 EST 2013

Note:   If you have any questions or concerns please contact the IST Help Desk at ext: 84357 or helpdesk@uwaterloo.ca

Subject: [UW-RT #273071] FW: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: David Aldwinckle via RT <rt@rt.uwaterloo.ca>
To: <isthelpd@uwaterloo.ca>
CC: <trevor.grove@uwaterloo.ca>
Date: Fri, 15 Feb 2013 11:26:58 -0500

The ports in question are all on either MATH or AS switches. There will be no changes to CS devices at this time.

> 1) which ports are affected?

Those that have historically had authentication enabled (the old aruba captive portal page), and are now sitting on VLAN 438 with no authentication enabled.

> 2) how will users know if they are supposed to authenticate?

Users will DHCP a private address and all of their web traffic will be redirected to a web page that explains that they are using a port that requires authentication.

> 3) how will they authenticate (if necessary)?

The page mentioned above will have instructions on how to configure 802.1x for Windows 7 and Ubuntu 12.04. OS X clearly prompts the user for authentication. 

The most important things to note are:

Authentication Type: PEAP
Inner authentication: MSCHAPv2
Certificate: GlobalSign Root CA (built-in to Windows, Ubuntu, OS X)
UserID: MUST have the @uwaterloo.ca suffix.

Specific user issues can be handled through RT.

Please let me know if you have any additional questions.

Dave

VLAN 439 in the future will be wired authentication or 802.1x (building independent)

Research external network

CS VLAN summary -- external
521	dc	198.96.155.0/28	Ian Goldberg's external research network	ex-iangoldberg.net
VLAN id	Location	IP range	Description and notes	Network name

VLANs in 129.97.0.0/16

CS VLAN summary -- public networks
VLAN id	Location	IP range	Description and notes	Network name
105	dc	129.97.105.0/24	Shoshin research group	flash-csnet
114	dc	129.97.114.0/24	CGL lab network	CGLnet
134	mc	129.97.134.0/24	Mathsoc & other student orgs	mathstudentorgnet
15	dc	129.97.15.0/24	CSCF internal operations & staff workstations	cscfnet
152	dc,mc	129.97.152.0/24	No longer exists Was: CS public servers; NB: upper half DC, lower MC	csservernet1
1594	dc	129.97.59.128/26	imacs and other ISG systems in DC;	cslabdcnet
1595	dc	129.97.59.192/26	SW.Eng lab in DC	cslab2dcnet
167	dc2303a	129.97.167.64/26	public CS servers in dc2303a	cs-srv2-dc-pub
168	dc	129.97.168.0/24	cs client-only hosts	csclient1net
169	dc	129.97.169.0/24	cs client-only hosts	csclient2net
170	dc	129.97.170.0/23	cs client-only hosts -- NB this is a /23 network comprising both the 170 and 171 /24 networks	csclient3net
1731	dc	129.97.173.128/26	DC Nettops	csreservenet
1732	dc	129.97.173.192/26	CSG lab network effective 2009-5-12	csg2net
186	dc	129.97.186.0/24	PLG lab network	wheatnet
1892				VLAN1892
26	dc	129.97.26.1/24	research server network #2	csresearch2
421	m3	129.97.173.32/27	M3 3101 server room Internet Vlan	m3-cs-inet-server1
421	dc	129.97.167.128/25	public CS servers in DC	csserver1-dc
422	mc	129.97.167.0/26	public CS servers in MC	csserver1-mc
422	dc	129.97.173.0/27	32-host SCS admin workstation network	dc-cs-admin
424	mc	129.97.173.64/26	64-host Ugster network	mc-cs-ugrad
426	dc	129.97.119.128/26	62-node Boutaba research network ST#88103	cs-savi-dc
51	mc	129.97.51.0/24	MAC lab workstations and servers	cslab1net
510	phy	129.97.119.192/26	RIPPLE admin network SHARCNET	cs-sw-phy-1002
52	mc	129.97.16.192/26	Mac Lab workstations and servers	cslab2net
528	mc	129.97.152.128/29	cs-mc-server IST RT#350945	cs-mc-server9
529	mc	129.97.152.136/29	cs-mc-server IST JSM #IST-75517	cs-mc-server10
530	mc	129.97.152.144/29	cs-mc-server IST JSM #IST-75517	cs-mc-server11
59	mc	129.97.59.0/25	MC-only Linux Stations (GL & Nettops)	cstc2net
7	dc	129.97.7.0/24	research server network #1	csresearch1net
719	mc	129.97.1.72/30	OSPF trunk between mc-cs1 and cn-rt-mc (IST managed)	cn-rt-mc-cs-rt-mc
720	dc	129.97.1.76/30	OSPF trunk between dc-cs1 and cn-rt-phy (IST managed)	cn-rt-phy-cs-rt-dc
74	dc	129.97.74.0/24		csnet
75	dc	129.97.75.0/24		cs2net
84	dc	129.97.84.0/24	cs client-only hosts	csclientnet
851	dc	129.97.151.128/27	32-node research network CSCF ST#78148	csnet-research
864				cspriv-zone4-net
880				cspriv-zone5-0et
	dc	129.97.60.128/25	managed by IST	cs-auth-dc
	mc	129.97.141.160/27	managed by IST	cs-auth-mc
	dc	129.97.63.160/27	completely unknown -- doesn't show in ONA's vlan summary	dcsci.net

129.97.152.0/24 Notes

On IST RT#350945 and CS ST#94616 129.97.152.0/24 was split into small networks as follows (to allow for CS networks in other buildings)
- 129.97.152.0/25 into /28 (16 IPs) blocks
- 129.97.152.128/25 into /29 (8 IPs) blocks

VLANs in 192.168.0.0/16

CS VLAN summary -- non-infrastructure networks
4000	n/a	192.168.15.0/24	Netscreen 500 management network default	n/a
4003	dc	192.168.2.0/24	for Mac imaging; has its own DHCP	n/a
420	dc	192.168.1.0/24	routed and natted on asimov.cscf	CSCFPrivateNet
500	dc	192.168.2.0/24	local to dc3556: dc3556-cs2a, dc3556-cs2b	cs-rsch1-dc
n/a	n/a	192.168.56.0/24	Sun Virtualbox	n/a
n/a	n/a	192.168.10.0/16 ??	behind cabernet.cs.uwaterloo.ca	n/a
n/a	n/a	192.168.100.0/24	behind m160.cs.uwaterloo.ca	n/a
n/a	n/a	192.168.0.0/24	Bioinformatics	n/a
n/a	vmserver212	192.168.100.0/24	VM-only interior network for Adobe Connect
VLAN id	Location	IP range	Description and notes	Network name

VLANs in 172.19.0.0/16

CS VLAN summary -- campus-routable private networks
VLAN id	Location	IP range	Description and notes	Network name
1	mc	172.19.2.0/25	mc routed but unused? to be renamed to mc-HPmanagement	HPmanagementnet
1	dc	172.19.2.128/25	dc unused? to be renamed to dc-HPmanagement	HPmanagementnet
1799	dc	172.19.5.0/29	addresses for the firewall(s)	fwuntrustnet
1800	dc	172.19.0.0/24	used for testing	cscore
1801	dc	172.19.1.16/30	OSPF point-to-point dc-cs1 to dc-cs2	trk1interconnect
1801	mc	172.19.1.8/30	OSPF point-to-point mc-cs1 to mc-cs2	trk1interconnect
1802	dc-mc	172.19.1.0/30	OSPF point-to-point main dc to mc connection	trk2interconnect
1803	mc1-dc2	172.19.1.12/30	OSPF point-to-point mc-cs1 to dc-cs2	trk3interconnect
1803	mc2-dc1	172.19.1.4/30	OSPF point-to-point mc-cs2 to dc-cs1	trk3interconnect
1810	mc	172.19.10.0/24	MC device/switch management	mc-cs-cvl
1812	dc	172.19.12.0/24	CSCF switch/net-device management, a /22 netblock implemented as 4 /24s	dc-cs-cvl
1832	dc	172.19.32.0/24	campus-wide "public" services in dc	dc-cs-server1-campus
1833	dc	172.19.33.0/24	printers in DC	dc-cs-printer
1834	dc	172.19.34.0/25	DC Virtual Machines root OS (not Virtual Hosts)	dc-cs-vm1net
1835	mc	172.19.47.0/24	campus-wide "public" services in mc	mc-cs-server1-campus
1836	dc	172.19.4.224/27	cscf systems campus-only	dc-cscf-campus
1894	dc	172.19.97.0/24	highly restricted research LOMs	HR-IPMI
1896	dc	172.19.96.0/24	research device mgmt & ilom (dc-cs-research1)	UR-IPMI
1897	dc	172.19.97.0/24 (reserved)	Nabeel's Tetherless Networks Lab research project network not routed (do not use! see st#94366)	dd-net
2834	mc	172.19.34.128/25	MC Virtual Machines root OS (not Virtual Hosts)	mc-cs-vm1net
421	mc	172.19.5.8/29	MC netapp network	mc-storage
422	m3	172.19.5.16/29	M3 3101 Server Room CS Storage Vlan (m3-storage )	cs-user1-m3
425	dc	172.19.40.0/24	IST-managed printers? we probably shouldn't use this	dc-printer2
435	dc	172.19.16.0/24	Keshav's research network st#94366	dc-cs-research
469	dc	172.19.4.0/28	Door-fob-controller DC3335 (managed by IST)	sec-net-dc2
480	dc-dc2303a	172.19.1.20/30	OSPF point-to-point between dc-cs1 & cs-rt-dc-2303a	cs-ptp-dc
481	mc-dc2303a	172.19.1.24/30	OSPF point-to-point between cs-rt-mc-3015-a & cs-rt-dc-2303a	cs-mgmt2-dc
482	m3-dc2303a	172.19.1.28/30	OSPF point-to-point between cs-rt-dc-2303a & cs-rt-m3-3101	cs-mgmt3-dc
499	dc	172.19.4.128/27	IST management of DC switch UPSes	cs-ups-dc
503	Phy	172.19.128.0/24	For use Ashraf/Hans cluster in SHARCnet	himrod
511	Phy	172.19.157.0/25	RIPPLE IPMI network SHARCNET	cs-sw-phy-1002
512	Phy	172.19.156.0/24	RIPPLE 10GbE network SHARCNET	cs-sw-phy-1002
524	dc3558	172.19.15.0/27	CSCF Secure UW-Intranet VLan in server room DC 3558	dc-cs2 (RT #256680)
524	dc2303a	172.19.15.64/26	CSCF Secure UW-Intranet VLan in server room DC 2303a	cs-rt-dc-2303a (RT #256680)
524	mc3015	172.19.15.128/26	CSCF Secure UW-Intranet VLan in server room MC 3015	cs-rt-mc-3015-a (RT #253182)
524	mc3101	172.19.15.192/26	CSCF Secure UW-Intranet VLan in server room M3 3101	cs-rt-m3-3101 (RT #253182)
524	dc	172.19.15.0/26	unknown -- "servers in dc3558"?	cs-srv1-dc3558
524	m3	172.19.15.192/26	(obsolete please use Vlan ID 253) Section of 172.19.15.0/24 localized to M3 3101 Server room.	cs-srv-m3
524	mc border	172.19.15.128/26	unknown	cs-srv2-mc
526	dc	172.19.152.0/24	SCS dc3558 server room UW Intranet	cs-srv3-dc3558
526	dc2303a	172.19.153.0/24	SCS dc2303a server room UW Intranet	cs-srv6-dc2303
526	mc border	172.19.154.0/24	SCS mc3015 server room UW Intranet	cs-srv4-mc
526	m3	172.19.155.0/24	SCS m33101 server room UW Intranet	cs-srv4-m3
527	mc	172.19.20.0/24	CSCF research device mgmt & ilom in MC3015	cs-researchmgmt-mc RT#350945
805	dc	172.19.5.128/25	for IST wireless APs	cs-net-dc-ap-mgmt
?		172.19.4.160/27	?future? M3 3101 Server Room CS Campus Vlan
		172.19.6.0/24	future
		172.19.7.0/24	future
		172.19.9.0/24	future
		172.19.11.0/24	future MC
		172.19.13.0/24	future DC
		172.19.14.0/24	future DC
		172.19.5.{32,40,...,112,120}/29	remainder of block of 16 /29s reserved for max-6-node vlans (eg firewalls, NetApps)
		172.19.1.{32,36,..., 248, 252}/30	remainder of block of 30 4-address (2 usable) networks for OSPF trunks
		172.19.3.0/24	future
		172.19.4.(16,32,48,64,80,96,112}/28	remainder of block of 8 16-address (14 usable)
		172.19.4.192/27	future	172-19-4-192.net
	dc	172.19.5.24/29	dc netapp network	dc-storage
		172.19.8.0/24	future	cs-srv3-dc3558
		172.19.144.0/24	future CSCF admin dc3558 server room UW Intranet	cs-srv3-dc3558
		172.19.145.0/24	future CSCF admin dc2303a server room UW Intranet	cs-srv6-dc2303
		172.19.146.0/24	future CSCF admin mc3015 server room UW Intranet	cs-srv4-mc
		172.19.147.0/24	future CSCF admin m33101 server room UW Intranet	cs-srv4-m3
		172.19.148.0/22	future CSCF admin server rooms UW Intranets
		172.19.156.0/22	future SCS server rooms UW Intranets
		172.19.16.0/20	block reserved for research; currently vlan dc:435

172.19.20.0/24 Notes

On IST RT#350945 and CS ST#94616 172.19.20.0/24 was created to support CS management and ILOM access in MC

VLANs in 10.0.0.0/8

CS VLAN summary -- CS-only routable networks
VLAN id	Location	IP range	Description and notes	Network name
4002	dc	10.84.0.0/16	layer 2 only, access to gnat.cscf	gnatnet
420	m3	10.15.8.0/27	M3 3101 server room private vlan	m3-cs-private-server1
501	dc	10.0.2.0/24	local to dc3556: dc3556-cs2a, dc3556-cs2b	cs-rsch2-dc
520	mc	10.15.134.0/24	private device network for Math Student Orgs	mso-private
520	dc	10.15.167.128/25	DC general-purpose servers on CS private network	csserver1-dc-private
521	mc	10.15.167.0/25	MC general-purpose servers on CS private network	csserver1-mc-private
522	dc	10.10.152.0/24	Network File traffic ie *.storage.cs.waterloo.ca in DC	cs-dc3558-storage-network (was vlan 803?)
522	dc2303a	10.10.153.0/24	dc2303a NAS storage	cs-dc2303a-storage-network
522	m3	10.10.155.0/24	M3 NAS storage	cs-m33101-storage-network
522	mc border	10.10.154.0/24	MC NAS storage	cs-mc3015-storage-network
523	dc2303a	10.15.153.0/24	servers?	cs-srv3-dc2303a
523	dc	10.15.152.0/24	cscf private servers in dc3558	cs-srv-dc3558
523	mc border	10.15.154.0/24	MC servers?	cs-srv1-mc
523	m3	10.15.155.0/24	M3 servers?	cs-srv2-m3
525	dc	10.0.152.0/24	DC LOM	cs-srv2-dc3558
525	dc2303a	10.0.153.0/24	DC2303a LOM	cs-srv5-dc2303
525	mc border	10.0.154.0/24	MC LOM	cs-srv3-mc
525	m3	10.0.155.0/24	M3 LOM	cs-srv3-m3
529	dc	10.0.151.0/24	DC LOM	cs-srv2-dc3556
800	?	10.15.10.0/24	origin/use/presence unknown	cspriv800net
802	dc	10.15.2.0/24	(DEPRECATED) DC sensor devices	cspriv002net
806	mc	10.15.3.0/24	(DEPRECATED) MC sensor devices	mc-sensor
810	mc	10.15.28.0/24	(DEPRECATED) Lights-out Management in MC	mc-lom
812	dc	10.15.18.0/24	(DEPRECATED) Lights-out Management in DC. The plan is to use the following naming convention (not enforce by subnet): 18.1 to 18.127 in DC3558; 18.128 to 18.191 for the CGL room and the balance (18.192 to 18.254) for future expansion	dc-lom
816	dc	10.15.16.0/24	legacy vmhost ipmi	cspriv-zone1-net
817	mc	10.15.62.0/24	MC Nettop network (NATted via ubuntu-ltsp{1,2}.student.cs.ca	mc-cs-nettop1
818	dc	10.15.49.0/24	DC Nettop network NATted via ubuntu-ltsp{1,2}.cs.ca	dc-cs-nettop1
819	dc	10.15.4.0/24	DC clouds; bridged by cloud controllers dc-cloud102-c1.cloud.cs.uwaterloo.ca and dc-cloud102-c2.cloud.cs.uwaterloo.ca	dc-cloud
820	mc	10.15.5.0/24	MC clouds; bridged by cloud controllers mc-cloud002-c1.cloud.cs.uwaterloo.ca and mc-cloud002-c2.cloud.cs.uwaterloo.ca	mc-cloud
821	dc	10.15.64.0/24	real-time development workstations in DC	dc-rtlab
822	mc	10.15.79.0/24	real-time development workstations in MC	mc-rtlab
823	dc	10.15.6.0/24	DC cscf development network	dc-cscf-dev
824	mc	10.15.7.0/24	MC cscf development network	mc-cscf-dev
832	dc	10.15.32.0/24	special purpose printers in DC -- use vlan 1833 (172.19.33.0/24) for "standard" printers)	dc-printer
848	dc	10.15.48.0/24	DC thin clients	dc-cs-tcl
863	mc	10.15.63.0/24	MC thin clients (should move to Security Zone 3 when firewalls upgraded)	mc-cs-tcl
???	???	10.15.80.0/24	unknown -- defined in "hosts"	cspriv080net
n/a	n/a	10.84.0.0/16	address range served by vpn1.cscf (not routed anywhere)
n/a	n/a	10.15.0.0/23	hostname park	cs-dns-park
		10.15.96.0/24	future for device mgmt of research systems	cspriv96net
		10.15.74.0/24	DNS migration from 129.97.74.0/24
		10.15.75.0/24	DNS migration from 129.97.75.0/24
		10.15.78.0/24	DNS migration from 129.97.78.0/24
		10.15.77.0/24	DNS migration from 129.97.79.0/24
		10.15.8.{32,64,96,128,160,192,224}/27	reserved /27 private networks
		10.10.83.0/24	unknown	istpriwireless.net
		10.1.2.0/24	unknown	private-cs-san152.net

IST networks of interest

These are of interest, not as vlan information but for the address-range information, for use in setting up local firewalls or access restrictions.

Campus IPv4 network address ranges
IPv4 range	Description			NATted range
172.16.36.0/22	campus VPN address range			n/a
10.20.0.0/14	campus wireless, divided into:
	10.22.0.0/15	main campus, divided into:
		10.20.0.0/16	Eduroam	129.97.124.0/23
		10.21.0.0/16	uw-guest/uw-unsecured	129.97.124.0/23
	10.22.0.0/15	ResNet, divided into:
		10.22.0.0/16	Eduroam	129.97.124.0/23
		10.23.0.0/16	uw-guest/uw-unsecured	129.97.124.0/23
172.31.192.0/18	ResNet wired (ie dorm rooms) address range			129.97.131.0/24

And for those of you keen on IPv6:

Campus IPv6 network address ranges
IPv6 range	Description
2620:101:f000:700::/62	campus wireless, divided into:
	2620:101:f000:700::/63	main campus, divided into:
		2620:101:f000:700::/64	Eduroam
		2620:101:f000:701::/64	uw-guest/uw-unsecured
	2620:101:f000:702::/63	ResNet, divided into:
		2620:101:f000:702::/64	Eduroam
		2620:101:f000:703::/64	uw-guest/uw-unsecured
2620:101:f000:3000::/54	ResNet wired (ie dorm rooms) address range

All IPv6 addresses are public, so no NATting is required.

Historical information (no longer correct but perhaps of historical interest)

Topic revision: r199 - 2022-11-30 - TomCauduro

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit