VLAN and IP address-space information

This page documents established network assignments (that is manually maintained). For the definitive list of VLans in use (that includes projects under developement) refer to this CSCF Vlan Information or IST's nsbuild application. For a discussion about general policies and our general network architecture, see the network schema discussion.

Additional references

Router configurations

All of our vlans are routed one of five HP routers, as shown in the "Location" column of the reference tables below. The ONA links to their configurations are:

If two location labels appear (eg: mc-dc) that indicates an inter-building trunk (typically a /30 point-to-point network).

"Network name" column in the following tables

The network name column is intended to show the router name of the network, not the DNS name. The DNS name for the network is, by convention, assigned to the ".0" address (the address of the network) and can be determined from a standard DNS lookup.

Please be sure to use the correct name in the column. Router network names can be determined from the ONA vlan summary for the router on which the network is routed (see the bullet list above).

Current VLAN assignments

VLAN 438 is IST wired authentication or 802.1x (building independent)

Date: Thu, 14 Feb 2013 13:54:30 -0500
To: <noc@ist.uwaterloo.ca>, <ist-mgmt@lists.uwaterloo.ca>,
   <ctsc@lists.uwaterloo.ca>, <cnsc@lists.uwaterloo.ca>, <watcard@uwaterloo.ca>,
   <ist-css@lists.uwaterloo.ca>, <ist-itms@lists.uwaterloo.ca>,
   <acohelp@watarts.uwaterloo.ca>, <admin-support@lists.uwaterloo.ca>,
   <tg-networks@cscf.cs.uwaterloo.ca>, <kevin.kennedy@family-medicine.ca>,
   <esag@engmail.uwaterloo.ca>, <cmseitz@uwaterloo.ca>,
   <admin@pdeng.uwaterloo.ca>, <faccus@lists.uwaterloo.ca>,
   <isthd@ist.uwaterloo.ca>, <acoccia@uwaterloo.ca>, <sbradley@uwaterloo.ca>,
   <wcarroll@uwaterloo.ca>, <tkanerva@uwaterloo.ca>,
   <uw.network@rumours.uwaterloo.ca>, <reshelp@uwaterloo.ca>,
   <cskingle@uwaterloo.ca>, <rddigby@uwaterloo.ca>, <arbhagat@uwaterloo.ca>,
Subject: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: <daldwinc@uwaterloo.ca>

Description:     Activation of 802.1x in MC
Date: (YYYY-MM-DD)     2013-02-19
Start Time:              7 AM
End Time:   8 AM   
Submitted By: daldwinc@uwaterloo.ca

Comment:        On the morning of February 19th, a number of network ports in MC will have 802.1X authentication turned on.

Ports in public locations may require users to authenticate before the port becomes fully active.

Dave Aldwinckle
IST Network Services

Notice Submitted:    Thu Feb 14 13:54:30 EST 2013

Note:   If you have any questions or concerns please contact the IST Help Desk at ext: 84357 or helpdesk@uwaterloo.ca

Subject: [UW-RT #273071] FW: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: David Aldwinckle via RT <rt@rt.uwaterloo.ca>
To: <isthelpd@uwaterloo.ca>
CC: <trevor.grove@uwaterloo.ca>
Date: Fri, 15 Feb 2013 11:26:58 -0500

The ports in question are all on either MATH or AS switches. There will be no changes to CS devices at this time.

> 1) which ports are affected?

Those that have historically had authentication enabled (the old aruba captive portal page), and are now sitting on VLAN 438 with no authentication enabled.

> 2) how will users know if they are supposed to authenticate?

Users will DHCP a private address and all of their web traffic will be redirected to a web page that explains that they are using a port that requires authentication.

> 3) how will they authenticate (if necessary)?

The page mentioned above will have instructions on how to configure 802.1x for Windows 7 and Ubuntu 12.04. OS X clearly prompts the user for authentication. 

The most important things to note are:

Authentication Type: PEAP
Inner authentication: MSCHAPv2
Certificate: GlobalSign Root CA (built-in to Windows, Ubuntu, OS X)
UserID: MUST have the @uwaterloo.ca suffix.

Specific user issues can be handled through RT.

Please let me know if you have any additional questions.


VLAN 439 in the future will be wired authentication or 802.1x (building independent)

Research external network

CS VLAN summary -- external
521 dc Ian Goldberg's external research network ex-iangoldberg.net  
VLAN id Location IP range Description and notes Network name  

VLANs in

CS VLAN summary -- public networks
VLAN idSorted ascending Location IP range Description and notes Network name Access restrictions (ACLs)
105 dc Shoshin research group flash-csnet  
114 dc CGL lab network CGLnet  
134 mc Mathsoc & other student orgs mathstudentorgnet  
15 dc CSCF internal operations & staff workstations cscfnet  
152 dc,mc No longer exists Was: CS public servers; NB: upper half DC, lower MC csservernet1  
1594 dc imacs and other ISG systems in DC; cslabdcnet  
1595 dc SW.Eng lab in DC cslab2dcnet  
167 dc2303a public CS servers in dc2303a cs-srv2-dc-pub  
168 dc cs client-only hosts csclient1net  
169 dc cs client-only hosts csclient2net  
170 dc cs client-only hosts -- NB this is a /23 network comprising both the 170 and 171 /24 networks csclient3net  
1731 dc DC Nettops csreservenet  
1732 dc CSG lab network effective 2009-5-12 csg2net  
186 dc PLG lab network wheatnet  
1892       VLAN1892  
26 dc research server network #2 csresearch2  
421 m3 M3 3101 server room Internet Vlan m3-cs-inet-server1  
421 dc public CS servers in DC csserver1-dc  
422 mc public CS servers in MC csserver1-mc  
422 dc 32-host SCS admin workstation network dc-cs-admin  
424 mc 64-host Ugster network mc-cs-ugrad  
426 dc 62-node Boutaba research network ST#88103 cs-savi-dc  
51 mc MAC lab workstations and servers cslab1net  
510 phy RIPPLE admin network SHARCNET cs-sw-phy-1002  
52 mc Mac Lab workstations and servers cslab2net  
528 mc cs-mc-server IST RT#350945 cs-mc-server9  
529 mc cs-mc-server IST JSM #IST-75517 cs-mc-server10  
530 mc cs-mc-server IST JSM #IST-75517 cs-mc-server11  
59 mc MC-only Linux Stations (GL & Nettops) cstc2net  
7 dc research server network #1 csresearch1net  
719 mc OSPF trunk between mc-cs1 and cn-rt-mc (IST managed) cn-rt-mc-cs-rt-mc  
720 dc OSPF trunk between dc-cs1 and cn-rt-phy (IST managed) cn-rt-phy-cs-rt-dc  
74 dc   csnet  
75 dc   cs2net  
84 dc cs client-only hosts csclientnet  
851 dc 32-node research network CSCF ST#78148 csnet-research  
864       cspriv-zone4-net  
880       cspriv-zone5-0et  
  dc managed by IST cs-auth-dc  
  mc managed by IST cs-auth-mc  
  dc completely unknown -- doesn't show in ONA's vlan summary dcsci.net Notes

  • On IST RT#350945 and CS ST#94616 was split into small networks as follows (to allow for CS networks in other buildings)
    • into /28 (16 IPs) blocks
    • into /29 (8 IPs) blocks

VLANs in

CS VLAN summary -- non-infrastructure networks
4000 n/a Netscreen 500 management network default n/a  
4003 dc for Mac imaging; has its own DHCP n/a  
420 dc routed and natted on asimov.cscf CSCFPrivateNet  
500 dc local to dc3556: dc3556-cs2a, dc3556-cs2b cs-rsch1-dc  
n/a n/a Sun Virtualbox n/a  
n/a n/a ?? behind cabernet.cs.uwaterloo.ca n/a  
n/a n/a behind m160.cs.uwaterloo.ca n/a  
n/a n/a Bioinformatics n/a  
n/a vmserver212 VM-only interior network for Adobe Connect    
VLAN id Location IP range Description and notes Network name  

VLANs in

CS VLAN summary -- campus-routable private networks
VLAN idSorted ascending Location IP range Description and notes Network name
1 mc mc routed but unused? to be renamed to mc-HPmanagement HPmanagementnet
1 dc dc unused? to be renamed to dc-HPmanagement HPmanagementnet
1799 dc addresses for the firewall(s) fwuntrustnet
1800 dc used for testing cscore
1801 dc OSPF point-to-point dc-cs1 to dc-cs2 trk1interconnect
1801 mc OSPF point-to-point mc-cs1 to mc-cs2 trk1interconnect
1802 dc-mc OSPF point-to-point main dc to mc connection trk2interconnect
1803 mc1-dc2 OSPF point-to-point mc-cs1 to dc-cs2 trk3interconnect
1803 mc2-dc1 OSPF point-to-point mc-cs2 to dc-cs1 trk3interconnect
1810 mc MC device/switch management mc-cs-cvl
1812 dc CSCF switch/net-device management, a /22 netblock implemented as 4 /24s dc-cs-cvl
1832 dc campus-wide "public" services in dc dc-cs-server1-campus
1833 dc printers in DC dc-cs-printer
1834 dc DC Virtual Machines root OS (not Virtual Hosts) dc-cs-vm1net
1835 mc campus-wide "public" services in mc mc-cs-server1-campus
1836 dc cscf systems campus-only dc-cscf-campus
1894 dc highly restricted research LOMs HR-IPMI
1896 dc research device mgmt & ilom (dc-cs-research1) UR-IPMI
1897 dc (reserved) Nabeel's Tetherless Networks Lab research project network not routed (do not use! see st#94366) dd-net
2834 mc MC Virtual Machines root OS (not Virtual Hosts) mc-cs-vm1net
421 mc MC netapp network mc-storage
422 m3 M3 3101 Server Room CS Storage Vlan (m3-storage ) cs-user1-m3
425 dc IST-managed printers? we probably shouldn't use this dc-printer2
435 dc Keshav's research network st#94366 dc-cs-research
469 dc Door-fob-controller DC3335 (managed by IST) sec-net-dc2
480 dc-dc2303a OSPF point-to-point between dc-cs1 & cs-rt-dc-2303a cs-ptp-dc
481 mc-dc2303a OSPF point-to-point between cs-rt-mc-3015-a & cs-rt-dc-2303a cs-mgmt2-dc
482 m3-dc2303a OSPF point-to-point between cs-rt-dc-2303a & cs-rt-m3-3101 cs-mgmt3-dc
499 dc IST management of DC switch UPSes cs-ups-dc
503 Phy For use Ashraf/Hans cluster in SHARCnet himrod
511 Phy RIPPLE IPMI network SHARCNET cs-sw-phy-1002
512 Phy RIPPLE 10GbE network SHARCNET cs-sw-phy-1002
524 dc3558 CSCF Secure UW-Intranet VLan in server room DC 3558 dc-cs2 (RT #256680)
524 dc2303a CSCF Secure UW-Intranet VLan in server room DC 2303a cs-rt-dc-2303a (RT #256680)
524 mc3015 CSCF Secure UW-Intranet VLan in server room MC 3015 cs-rt-mc-3015-a (RT #253182)
524 mc3101 CSCF Secure UW-Intranet VLan in server room M3 3101 cs-rt-m3-3101 (RT #253182)
524 dc unknown -- "servers in dc3558"? cs-srv1-dc3558
524 m3 (obsolete please use Vlan ID 253) Section of localized to M3 3101 Server room. cs-srv-m3
524 mc border unknown cs-srv2-mc
526 dc SCS dc3558 server room UW Intranet cs-srv3-dc3558
526 dc2303a SCS dc2303a server room UW Intranet cs-srv6-dc2303
526 mc border SCS mc3015 server room UW Intranet cs-srv4-mc
526 m3 SCS m33101 server room UW Intranet cs-srv4-m3
527 mc CSCF research device mgmt & ilom in MC3015 cs-researchmgmt-mc RT#350945
805 dc for IST wireless APs cs-net-dc-ap-mgmt
? ?future? M3 3101 Server Room CS Campus Vlan future future future future MC future DC future DC  
    172.19.5.{32,40,...,112,120}/29 remainder of block of 16 /29s reserved for max-6-node vlans (eg firewalls, NetApps)  
    172.19.1.{32,36,..., 248, 252}/30 remainder of block of 30 4-address (2 usable) networks for OSPF trunks future  
    172.19.4.(16,32,48,64,80,96,112}/28 remainder of block of 8 16-address (14 usable) future 172-19-4-192.net
  dc dc netapp network dc-storage future cs-srv3-dc3558 future CSCF admin dc3558 server room UW Intranet cs-srv3-dc3558 future CSCF admin dc2303a server room UW Intranet cs-srv6-dc2303 future CSCF admin mc3015 server room UW Intranet cs-srv4-mc future CSCF admin m33101 server room UW Intranet cs-srv4-m3 future CSCF admin server rooms UW Intranets future SCS server rooms UW Intranets block reserved for research; currently vlan dc:435  

  • On IST RT#350945 and CS ST#94616 was created to support CS management and ILOM access in MC

VLANs in

CS VLAN summary -- CS-only routable networks
VLAN idSorted ascending Location IP range Description and notes Network name
4002 dc layer 2 only, access to gnat.cscf gnatnet
420 m3 M3 3101 server room private vlan m3-cs-private-server1
501 dc local to dc3556: dc3556-cs2a, dc3556-cs2b cs-rsch2-dc
520 mc private device network for Math Student Orgs mso-private
520 dc DC general-purpose servers on CS private network csserver1-dc-private
521 mc MC general-purpose servers on CS private network csserver1-mc-private
522 dc Network File traffic ie *.storage.cs.waterloo.ca in DC cs-dc3558-storage-network (was vlan 803?)
522 dc2303a dc2303a NAS storage cs-dc2303a-storage-network
522 m3 M3 NAS storage cs-m33101-storage-network
522 mc border MC NAS storage cs-mc3015-storage-network
523 dc2303a servers? cs-srv3-dc2303a
523 dc cscf private servers in dc3558 cs-srv-dc3558
523 mc border MC servers? cs-srv1-mc
523 m3 M3 servers? cs-srv2-m3
525 dc DC LOM cs-srv2-dc3558
525 dc2303a DC2303a LOM cs-srv5-dc2303
525 mc border MC LOM cs-srv3-mc
525 m3 M3 LOM cs-srv3-m3
529 dc DC LOM cs-srv2-dc3556
800 ? origin/use/presence unknown cspriv800net
802 dc (DEPRECATED) DC sensor devices cspriv002net
806 mc (DEPRECATED) MC sensor devices mc-sensor
810 mc (DEPRECATED) Lights-out Management in MC mc-lom
812 dc (DEPRECATED) Lights-out Management in DC. The plan is to use the following naming convention (not enforce by subnet): 18.1 to 18.127 in DC3558; 18.128 to 18.191 for the CGL room and the balance (18.192 to 18.254) for future expansion dc-lom
816 dc legacy vmhost ipmi cspriv-zone1-net
817 mc MC Nettop network (NATted via ubuntu-ltsp{1,2}.student.cs.ca mc-cs-nettop1
818 dc DC Nettop network NATted via ubuntu-ltsp{1,2}.cs.ca dc-cs-nettop1
819 dc DC clouds; bridged by cloud controllers dc-cloud102-c1.cloud.cs.uwaterloo.ca and dc-cloud102-c2.cloud.cs.uwaterloo.ca dc-cloud
820 mc MC clouds; bridged by cloud controllers mc-cloud002-c1.cloud.cs.uwaterloo.ca and mc-cloud002-c2.cloud.cs.uwaterloo.ca mc-cloud
821 dc real-time development workstations in DC dc-rtlab
822 mc real-time development workstations in MC mc-rtlab
823 dc DC cscf development network dc-cscf-dev
824 mc MC cscf development network mc-cscf-dev
832 dc special purpose printers in DC -- use vlan 1833 ( for "standard" printers) dc-printer
848 dc DC thin clients dc-cs-tcl
863 mc MC thin clients (should move to Security Zone 3 when firewalls upgraded) mc-cs-tcl
??? ??? unknown -- defined in "hosts" cspriv080net
n/a n/a address range served by vpn1.cscf (not routed anywhere)  
n/a n/a hostname park cs-dns-park future for device mgmt of research systems cspriv96net DNS migration from DNS migration from DNS migration from DNS migration from  
    10.15.8.{32,64,96,128,160,192,224}/27 reserved /27 private networks unknown istpriwireless.net unknown private-cs-san152.net

IST networks of interest

These are of interest, not as vlan information but for the address-range information, for use in setting up local firewalls or access restrictions.

Campus IPv4 network address ranges
IPv4 range Description NATted range campus VPN address range n/a campus wireless, divided into: main campus, divided into: Eduroam uw-guest/uw-unsecured ResNet, divided into: Eduroam uw-guest/uw-unsecured ResNet wired (ie dorm rooms) address range

And for those of you keen on IPv6:

Campus IPv6 network address ranges
IPv6 range Description
2620:101:f000:700::/62 campus wireless, divided into:
2620:101:f000:700::/63 main campus, divided into:
2620:101:f000:700::/64 Eduroam
2620:101:f000:701::/64 uw-guest/uw-unsecured
2620:101:f000:702::/63 ResNet, divided into:
2620:101:f000:702::/64 Eduroam
2620:101:f000:703::/64 uw-guest/uw-unsecured
2620:101:f000:3000::/54 ResNet wired (ie dorm rooms) address range

All IPv6 addresses are public, so no NATting is required.

Historical information (no longer correct but perhaps of historical interest)

Edit | Attach | Watch | Print version | History: r199 < r198 < r197 < r196 < r195 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r199 - 2022-11-30 - TomCauduro
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback