Recommended Posts

I have a bit of a dilemma at the moment, so here's some background:

 

Back in summer 2015, we had a third party contractor replace our wired and wireless networks, server infrastructure and a bunch of other things. Included in this was redesigning the network from scratch.

Our old network was on the 10.122.xxx.xxx IP range.

Our new network is on the 10.22.xxx.xxx IP range.

 

There is now nothing on 10.122.xxx.xxx, except for our IPT phone system, which has a controller on a static IP of 10.122.40.10, along with access points for the phones, also with static IP addresses in that range. However, the IPT system is not owned or controlled by us, it is leased and supported by a contractor, who charge for callouts.

 

Our main VLAN is 10.22.100.0/22 - however I cannot ping 10.122.40.10.

 

The contractor who upgraded our network created 'VLAN 40' on 10.22.40.0/24, with DHCP disabled (by design - as it causes major issues with our phone access points when it is enabled).

 

I have Port 4 on an edge switch untagged on VLAN 40. When I connect a laptop and set a static IP address of 10.122.40.50 (yes, that is 10.122.xxx.xxx - not 10.22.xxx.xxx), I can ping 10.122.40.10 and connect to its web interface.

 

My problem is that I do not always have physical access to that switch, as the cab is in a meeting room. Is it possible for me to access that web interface from any machine on VLAN 100? If so, how would I go about getting it to work?

 

Edit:

Upon checking the switch, it is true that port 4 of the edge switch is on VLAN, however I cannot determine the IP address range of that VLAN...I'm not sure how. I can ping 10.22.40.1 from my own workstation on VLAN 100, so it appears that VLAN 40 is configured as designed by the contractor. I just don't understand how a device on VLAN 40 is configured with 10.122.xxx.xxx instead of 10.22.xxx.xxx and still work.

 

Some steps that I have done:

1) Connected laptop to P4 on the edge switch. Configured the following IPV4 information:

Static IP: 10.122.40.50

Subnet: 255.255.0.0

Default Gateway: 10.122.40.1

I can successfully ping and connect to the IPT controller.

Note: The Ethernet controller displayed in 'Network Connections' shows this network as an 'Unrecognized network'.

 

2) Connected the same laptop to the same P4 on the same edge switch and configured the following IPV4 information:

Static IP: 10.22.40.50

Subnet: 255.255.0.0

Default Gateway: 10.22.40.1

I cannot ping or connect to the IPT controller.

Note: The Ethernet controller displayed in 'Network Connections' shows this network as recognized and shows our domain name.

 

Wondering if I can get any input from @BudManto query his knowledge?!

Edited by Daedroth

A vlan doesn't care what IP address is on it.. It is just an isolation of the layer 2 network.

 

You could run as many different layer 3 networks on top of that layer 2 as you want - this is really really bad design to run more than 1 layer 3 on the same layer 2.. But I see it done all the time by people that don't know any better.  If your on the same layer 2 there is no isolation.  Having devices on ip range A and other on range B does not "isolate" them from each other.

 

It would be very helpful to draw this out..

  On 21/06/2017 at 13:11, Daedroth said:

with DHCP disabled (by design - as it causes major issues with our phone access points when it is enabled).

 

Expand  

This seems odd.. Makes no sense that you would need to disable dhcp on a layer 2 - unless your going to run more than 1 layer 3 on it.  Then yes running a dhcp server would cause you all kinds of problems since any device on that layer 2 could get an address from that dhcp server.  To do multiple layer 3 on the same layer 2 with dhcp would require all devices to have reservations and your dhcp servers scopes would have to be set to not hand out any address that are not reserved, etc..

 

Can you please draw up this network - and and then we can dive in and correct any such nonsense like multiple layer 3 on the same L2.. It really really is BAD practice to do such a thing!!  And defeats any sort of security you might can by network segmentation..  Why not just run them all on the same layer 3, etc.

 

A /22 is a really large vlan - do you really have that many hosts on the same broadcast domain.  A /22 = 1022 hosts, that is a lot of broadcast and multicast on the wire unless your devices have been setup to not do the default noise they pump on the wire.. Window machines are broadcast/multicast noise makers!!!  Then add in the ipv6 on top of that and it gets nuts with that many devices on the same broadcast domain.

 

  Quote



Our main VLAN is 10.22.100.0/22 - however I cannot ping 10.122.40.10.

Expand  

 

What would be doing the routing between these networks?  Are you saying they are all on the same layer 2?

  On 21/06/2017 at 14:36, BudMan said:

This seems odd.. Makes no sense that you would need to disable dhcp on a layer 2 - unless your going to run more than 1 layer 3 on it.  Then yes running a dhcp server would cause you all kinds of problems since any device on that layer 2 could get an address from that dhcp server.  To do multiple layer 3 on the same layer 2 with dhcp would require all devices to have reservations and your dhcp servers scopes would have to be set to not hand out any address that are not reserved, etc..

Expand  

I'm not exactly sure why, but when DHCP is enabled (which is controlled by our DCs) it completely crashed the phone system. As soon as DHCP was disabled, it started working again...so it stayed off and has been off since.

 

  8 minutes ago, BudMan said:

Can you please draw up this network - and and then we can dive in and correct any such nonsense like multiple layer 3 on the same L2.. It really really is BAD practice to do such a thing!!  And defeats any sort of security you might can by network segmentation..  Why not just run them all on the same layer 3, etc.

Expand  

I'll try and draw it out tomorrow as I'll be finishing shortly and won't get a chance this evening.

  8 minutes ago, BudMan said:

 

A /22 is a really large vlan - do you really have that many hosts on the same broadcast domain.  A /22 = 1022 hosts, that is a lot of broadcast and multicast on the wire unless your devices have been setup to not do the default noise they pump on the wire.. Window machines are broadcast/multicast noise makers!!!  Then add in the ipv6 on top of that and it gets nuts with that many devices on the same broadcast domain.

Expand  

We are a small school with ~400 computers, ~200 laptops, ~100 tablets. The contractor originally configured the network with multiple VLANs, depending on the device, utilizing 802.1x and device security groups in AD, configured into these:

All staff desktops that were members of 'Dot1xStaff' joined a specific VLAN

All staff WiFi devices that were connected to our Ruckus WiFi and also members of 'Dot1xStaff' joined a specific VLAN

All student desktops that were members of 'Dot1xStudent' joined a specific VLAN

All student WiFi devices that were connected to our Ruckus WiFi and also members of 'Dot1xStudent' joined a specific VLAN

Any 'Unathenticed' devices joined another specific VLAN

 

However, we use a classroom management tool 'Impero' to view all of our computers and remotely control them across our site...and it also ties into our safeguarding policies. However, it does not work across VLANs. So the contractor configured everything to drop into the 'Unathenicated' VLAN. We've been waiting for the company to provide a solution, with it being on their 'road map', however nothing so far.

 

  8 minutes ago, BudMan said:

What would be doing the routing between these networks?  Are you saying they are all on the same layer 2?

Expand  

We have a HP Core Switch, which all of our HP edge switches connect to.

Ah ok.. Going to be a lot of broadcast traffic in the current setup... The specific vlans would be for sure more secure!!  Especially with require 802.1x auth, etc.

 

So your 2 vlans hang off the core? Would be the typical normal setup.  That you can not route between them seems like something setup wrong on your core.  Or your other phone vlan doesn't have gateway set to the core hp L3..  I assume your core switch is L3 doing routing.

 

Why are you using a /16 mask - when your other masks you gave are /22 and /24?

I've made a crude drawing of our setup (only the relevant segments) and attached it to this post. We have GVRP enabled across our site, except on Edge Switch 2. Any other core switch, I cannot manually add a port into VLAN 40 (or any other VLAN) because it complains about being dynamically assigned. Edge Switch 2 has GVRP disabled and ports can be manually assigned to VLAN 40.

 

  On 21/06/2017 at 16:39, BudMan said:

So your 2 vlans hang off the core? Would be the typical normal setup.  That you can not route between them seems like something setup wrong on your core.  Or your other phone vlan doesn't have gateway set to the core hp L3..  I assume your core switch is L3 doing routing.

Expand  

The thing is, I can route between VLAN 100 and VLAN 40, as I can ping 10.22.40.1 from my machine on VLAN 100 with an IP of 10.22.100.60. I just cannot connect to 10.122.40.10.

 

  Quote

Why are you using a /16 mask - when your other masks you gave are /22 and /24?

Expand  

That was the info given to us by the phone system engineers.

 

Network.PNG

You would have to configure and allow vlan 40 and pass through on your "core switch router" and your "edge switch 2" via trunking or lacp and you would have to allow vlan 40 on your ports between "edge switch 1" and "core switch router"

 

 

 

Basically, create the path for it to function....without a path defined on all equipment or some way to route to it, you aren't going anywhere by putting vlan 40 only on "edge switch 2" and "edge switch 1", vlan 40 needs to either exist on all switches/routers in between or a route has to exist so that your devices can communicate to it on other networks.  vlan 40 does not need an ip on each device, vlan 40 just needs to exist on each device (device in this case meaning router or switch).

ok lets be clear here

 

vlan 40

10.22.40.0/24

 

vlan100

10.22.100.0/22

 

Per your drawing they put your IPT controller and phones on "vlan 40" but gave them on network 10.122/16

 

Yeah that is borked.. This should be a completely different vlan, say vlan 122.  And you would have to allow/route it at your core. 

 

If the ports and such are setup for vlan 40, they are just running this different L3 network ontop of the same L2..   So you should be able to get those devices from any network on the vlan40 as long as you put the correct IP on it.  Like I said running multiple L3 networks on the same L2 is a borked config!

  On 22/06/2017 at 15:05, sc302 said:

You would have to configure and allow vlan 40 and pass through on your "core switch router" and your "edge switch 2" via trunking or lacp and you would have to allow vlan 40 on your ports between "edge switch 1" and "core switch router"

Expand  

It is trunked at the moment, which I think is why I can ping the gateway of VLAN 40 from my workstation.

  16 hours ago, sc302 said:

Basically, create the path for it to function....without a path defined on all equipment or some way to route to it, you aren't going anywhere by putting vlan 40 only on "edge switch 2" and "edge switch 1", vlan 40 needs to either exist on all switches/routers in between or a route has to exist so that your devices can communicate to it on other networks.  vlan 40 does not need an ip on each device, vlan 40 just needs to exist on each device (device in this case meaning router or switch).

Expand  

That diagram was only an example, all the VLANs are trunked across our whole site, by GVRP I'm assuming.

  On 22/06/2017 at 15:15, BudMan said:

ok lets be clear here

 

vlan 40

10.22.40.0/24

 

vlan100

10.22.100.0/22

 

Per your drawing they put your IPT controller and phones on "vlan 40" but gave them on network 10.122/16

 

Yeah that is borked.. This should be a completely different vlan, say vlan 122.  And you would have to allow/route it at your core. 

 

If the ports and such are setup for vlan 40, they are just running this different L3 network ontop of the same L2..   So you should be able to get those devices from any network on the vlan40 as long as you put the correct IP on it.  Like I said running multiple L3 networks on the same L2 is a borked config!

Expand  

Bah, I guess it isn't possible for me to access the 10.122/16 network from my machine on 10.22/16? The IPT setup pre-dates our new network by a number of years. The contractor we had in to do our network, like me, has no control over the hardware of the IPT, as it does not belong to us. We'd have to pay for an engineer call out to sort it...which management won't pay for because the phones work at the moment. Don't fix something that isn't broken. I guess it was our contractor that was at fault for not properly configuring the VLANs?

Yes. Contractor at fault for allowing multiple subsets on a single vlan. I am sure I can find ways around it but it would require after hours work and physical access to reset passwords (not config).

 

It has to be redesigned, slightly.

Yeah it should be on its own vlan for sure, especially for voice data should be on its own vs shared with a data vlan.

 

You would be able to access it from any 40 vlan just by placing an IP in their range on your device.  I think you already did that..  But that is borked config.  If you sniff on the 40 vlan your going to see all the broadcast traffic from all those devices. Arps, etc.

 

Your other option if under your control would be to redo your side of the vlan 40 and make it something else. That way you leave vlan for the phone network

Cheers for the responses.

It looks as though this isn't something I have the expertise or permission from the IPT supplier to sort myself, nor is it something management would sign off on payment for the IPT supplier or another third party to sort it out.

 

I guess it'll just have to stay as it is!

  On 01/07/2017 at 11:01, BudMan said:
That there is zero security between these 2 networks and completely BORKED - why should you have to pay for them to come fix their F up??

When they finished their installation two years ago, we had a list of issues for them to sort out. They addressed most of the issues, however this VLAN issue was only found recently and they will not come back on site to sort it as it was not something that was brought up earlier.

The only things we can do are: Do it myself (unlikely as I don't have the expertise and my employer won't pay for training), pay another contractor to come in and do it (won't happen because my employer won't pay for it), or get the IPT supplier in to re-address the IPT system (which my employer won't pay for).

As already stated just create NEW vlan, to move your devices that are on this 40 to.  You do not have to touch the current IPT system.

 

This is really basic 101 networking.. If you can not even create a vlan on your own network - what do you do exactly?  Replace the ink in the printer and users mice when they break? ;)

 

Do you not have access to any of these switches?  Do you not have access to the core switch?  If not then no there is nothing you can do.. How do you not have access to your own network infrastructure?

  On 01/07/2017 at 11:21, BudMan said:
As already stated just create NEW vlan, to move your devices that are on this 40 to.  You do not have to touch the current IPT system.
 
This is really basic 101 networking.. If you can not even create a vlan on your own network - what do you do exactly?  Replace the ink in the printer and users mice when they break? [emoji6]
 
Do you not have access to any of these switches?  Do you not have access to the core switch?  If not then no there is nothing you can do.. How do you not have access to your own network infrastructure?

I do have admin access to all of the networking equipment, however it's not something that we often access. We are a department of two, supporting nearly 1000 users, so we are stretched quite thin!

With my lack of networking experience, I don't want to risk making a mistake and causing further issues, especially as it is all working at the moment. What's that phrase? Don't fix something that isn't broken?

But it is broken and broken badly!  The fact that you can not even run dhcp server on this vlan 40 network shows you this.. Anyone that is on this vlan 40 with basic skill or simple google would be able to access any of the IPT system - so there is zero security here.  From a lay users point of view I can see how it seems to be working..  But from even the most basic network standpoint it is completely and utterly BORKED!!

  On 01/07/2017 at 13:29, BudMan said:
But it is broken and broken badly!  The fact that you can not even run dhcp server on this vlan 40 network shows you this.. Anyone that is on this vlan 40 with basic skill or simple google would be able to access any of the IPT system - so there is zero security here.  From a lay users point of view I can see how it seems to be working..  But from even the most basic network standpoint it is completely and utterly BORKED!!

I understand that, so how would I go about sorting it?
Should I rename VLAN 40 to VLAN 122 and change the DHCP range to 10.122.40.xxx?
Or should I leave the VLAN name as it is and change DHCP to 10.122.40.xxx?
GRVP is enabled on all the switches as far as I am aware.

You have 2 networks running on vlan 40.. You need to create a New vlan - either for your 10.122 network or for the other devices that are not ipt on vlan 40.

 

If you want to name it vlan 122 sure, what ID you use is not really important.  So either leave all those device how they are and create a new vlan for your devices that are on your vlan 40 "10.22.40.0/24" maybe call it vlan 22..

Cheers for the info. One last question I think:

 

As I mentioned previously, we have GVRP enabled across the site, except on this one edge switch in question. As GVRP is disabled on this switch, the port is manually tagged as VLAN 40 so that the engineer can connect his laptop up. My question: If GVRP was enabled, how would this engineer connect to VLAN 40 if the VLAN assignment is automatic?

I really don't know how your setup - it sounds like a complete mess!!  GVRP would be used on trunks ports for dynamic addition and pruning on the vlans on your trunk (uplinks to other switches)..  Are you saying you have every port set for GVRP?

 

You would setup GVRP to add a new vlan to trunk.  This allows you to create a vlan and let it propagate throughout your switching network so you don't have to go hit all your other uplinks and allow said vlan, etc.

 

Can you post up config of your core switch and a access switch?  PM it to me if you don't want to post it, or I can send you my email address in PM if your ok with sending me the config.

  On 07/07/2017 at 10:16, BudMan said:

I really don't know how your setup - it sounds like a complete mess!!  GVRP would be used on trunks ports for dynamic addition and pruning on the vlans on your trunk (uplinks to other switches)..  Are you saying you have every port set for GVRP?

 

You would setup GVRP to add a new vlan to trunk.  This allows you to create a vlan and let it propagate throughout your switching network so you don't have to go hit all your other uplinks and allow said vlan, etc.

 

Can you post up config of your core switch and a access switch?  PM it to me if you don't want to post it, or I can send you my email address in PM if your ok with sending me the config.

Expand  

Sorry, I've been reading over some previous emails and it appears my assumption of GVRP may have been incorrect. I think I may have confused it with 802.1x. That was originally on all of our ports on all of the edge switches, as I had to use the command on port 3 to allow the VLAN to be changed manually:

no aaa port-access authenticator 3

 

If 802.1x is enabled on that port and the engineer turns up with a laptop - how would he connect to VLAN 40?

What is your concern?

 

You have ports that are vlan 40, and your running more than one network address space on them!  If plugs into a port that is vlan 40 and sets the IP address for your IPT he will be able to talk to IPT, if sets an IP to talk to your other vlan 40 stuff he will be able to talk to that.

 

Once you FIX this mess - doesn't matter what vlan he connects to and what IP he uses he will be able to talk to IPT via its IP from the IP range of whatever vlan he is on via routing!

  On 07/07/2017 at 10:43, BudMan said:

What is your concern?

 

You have ports that are vlan 40, and your running more than one network address space on them!  If plugs into a port that is vlan 40 and sets the IP address for your IPT he will be able to talk to IPT, if sets an IP to talk to your other vlan 40 stuff he will be able to talk to that.

 

Once you FIX this mess - doesn't matter what vlan he connects to and what IP he uses he will be able to talk to IPT via its IP from the IP range of whatever vlan he is on via routing!

Expand  

I understand that, but it isn't something I can sort in the short term.

 

The whole issue is if the engineer turns up and he does not have physical access to the switch. Ideally, I'd like him to rock up to another room and connect into a network socket, regardless of what switch/port that is connected to. If he could somehow configure his laptop so that 802.1x automatically puts that port on VLAN 40 during that use...that would be grand. If not, I'd have to find the switch and port he is on, use PuTTY to connect to the switch and run that above command, just to allow him access. Then change it back when he's done. Though, if neither my colleague or I are on-site at the time the engineer is on-site...we wouldn't even be able to do that. Which is why if it could be automatically done, it would be great.

 

Does that make sense?

You really need to have a little understanding of what you are looking at. 

 

If it automatically assigns vlans, that can be either based on the user login/user groups the user is in or the pc and what that pc is a member of.  If it doesn't automatically assign vlans, the port on the switch is configured for the vlan he needs/wants to be on and can be done on the fly with the tech either sshing into the switch or the tech physically connecting in when he is there and changing the config.  I am not the tech, I am not on site, I cannot tell you what he is doing.   I also don't know the config of your environment, so for me to sit over here and tell you the right course of action would be asinine and could lead you into a complete misconfiguration taking down your entire network.  Best advice I can give, post your configs....if you don't want to post your configs of every switch (because each switch can be config'd differently)... learn your environment good enough to have a educated discussion, or hire someone to fix this mess. 

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft Weekly: OneDrive horror stories, ramblings about Start menu, and more by Taras Buria This week's news recap is here, delivering you a roundup of the most important Microsoft stories, including a bunch of odd stuff and bugs in Windows, OneDrive horror stories, ramblings about the Start menu, a couple of new Windows 11 preview builds, important news from AMD, and a lot more. Quick links: Windows 10 and 11 Windows Insider Program Updates are available Reviews are in Gaming news Windows 11 and Windows 10 Here, we talk about everything happening around Microsoft's latest operating system in the Stable channel and preview builds: new features, removed features, controversies, bugs, interesting findings, and more. And, of course, you may find a word or two about older versions. Microsoft released a new out-of-band update to fix boot issues on certain Surface devices. The company announced certain Windows 365 updates, such as VBS and HVCI support (by default) and app provisioning in Windows 365 instead of entire cloud PCs. Microsoft is also removing legacy drivers from Windows Update in a new "strategic move." This is the default Windows 365 wallpaper On the negative side, we have the latest Patch Tuesday updates breaking the DHCP Server in all Windows Server editions. Also, there is some bad news for PC users with Windows Hello cameras: after the April 2025 Patch Tuesday updates, Windows Hello does not work in the dark. The change was quietly introduced to address security issues. Windows Goodbye That is not all, though. As it turned out, solid-state drives from WD could still block your computer from installing Windows 11 version 24H2, which was released in October 2024. Also, Microsoft's Family Safety feature is now blocking Chrome, for some reason. Here is an editorial from Usama Jawad (welcome back) about how, four years after the initial release, Windows 11 still does not offer strong enough reasons to upgrade from the outgoing Windows 10. Also, Usama shared his thoughts about the Start menu and why he had stopped caring about its changes altogether. Speaking of the Start menu, check out our overview of what users wanted from Microsoft and what the company delivered in the redesigned Start menu, which was recently announced. Windows Insider Program Here is what Microsoft released for Windows Insiders this week: Builds Canary Channel Build 27881 This week's Canary build introduced context menu improvements, new accessibility features, Settings app tweaks, and more. Dev Channel Nothing in the Dev Channel this week Beta Channel Nothing in the Beta Channel this week Release Preview Channel Build 26100.4482 (KB5060829) This build improves File Explorer and search performance, adds some changes to default browser settings, and fixes multiple bugs. Some hidden stuff in the recent Windows 11 preview builds includes a new adaptive battery saver. This feature dynamically adapts battery saver mode according to your workflow, but in its current form, it is not fully operational. Even though Microsoft acknowledged its existence, the adaptive part still needs improvements. Another useful change in the recent builds is the return of a clock in the notification center. This time, however, Microsoft makes it more customizable, and you can toggle it on or off. Also, the company is moving more Control Panel bits to the Settings app and adding a rather unexpected customization feature that will let you select where system indicators (flyouts and sliders) appear on the screen. Microsoft started rolling out a new update for the Snipping Tool app. The latest release lets you save screen recordings as GIFs. Shortly after that, we posted a guide with a bit more detail about the feature. Updates are available This section covers software, firmware, and other notable updates (released and coming soon) from Microsoft and third parties, delivering new features, security fixes, improvements, patches, and more. Microsoft is working on a Dashboard redesign for PowerToys. Developers published an early look at what is coming to the app in future updates, revealing a better-organized page with quick links, a shortcut overview, and a list of available modules. This week's Office updates are rather mixed. OneDrive, for one, is having problems finding files. Microsoft acknowledged the issue, which affects users on Windows, iOS, Android, and the web. Unfortunately, that is not the only negative story about OneDrive. A new report from a frustrated user revealed a scary tale of Microsoft locking them out of an account full of invaluable content. Outlook also has some issues, this time, with opening emails, and Microsoft 365 will soon disable outdated protocols for file access. Finally, Copilot in Excel received a major update for context awareness, which made the assistant more useful when answering questions about data. This week's browser updates include several releases. Firefox announced a new method for pinning and unpinning tabs. It is now available for testing in the Nightly channel. Microsoft Edge was updated with fixes for two security vulnerabilities (high severity) originating from Chromium. Finally, here is this week's Microsoft 365 Roadmap with an overview of all the new stuff that Microsoft added to the website. Here are other updates and releases you may find interesting: Microsoft 365 security in the spotlight after Washington Post hack. Microsoft expands European sovereign cloud offerings with new data and key controls. Microsoft Defender XDR received TITAN-powered Security Copilot recommendations. Microsoft reportedly plans more layoffs. Watchdog found Microsoft guilty of confusing advertising when it comes to Copilot. Here are the latest drivers and firmware updates released this week: AMD released a new chipset driver for Ryzen processors under version 7.06.02.123, which followed a security update for TPM-Pluton. Nvidia 576.80 WHQL with fixes for the RTX 5090 FE, new game support, and a long list of fixes. You can get some extra performance on certain AMD Ryzen chips with a simple system tweak. Surface Pro 11 and Surface Laptop 7 received big firmware updates with multiple fixes and improvements. Reviews are in Here is the hardware and software we reviewed this week This week, Steven Parker reviewed the TerraMaster D4 SSD, a palm-sized DAS with up to 32TB of storage that you can connect over USB4. This thing is rather impressive, and for a modest price tag, it delivers a tiny footprint, great looks, full RAID support in TOS 6, quick connection, and more. On the gaming side Learn about upcoming game releases, Xbox rumors, new hardware, software updates, freebies, deals, discounts, and more. AMD and Microsoft announced some big news this week. The two companies revealed a new multi-year partnership, which secures AMD as the future maker of chips for Xbox consoles and other hardware. Sarah Bond announced the partnership in a new video on the official Xbox media channels. Turn 10 Studios announced a new Forza Motorsport update. Update 21 brings IndyCar content, Career mode expansion, Featured Tours, new reward cars, and more. It is now available on Xbox and PC via the Microsoft Store and Steam. Minecraft is another Microsoft-owned game that received a big update this week. The long-anticipated graphics overhaul is finally here with directional lighting, volumetric fog, improved shadows, reflections, godrays, and a lot more. In addition, Mojang released Chase the Skies, the latest content drop, which adds happy ghasts, new music disks, a locator bar for players, environmental fog in the overworld, new background music, and all sorts of small gameplay changes. Microsoft announced new games for Game Pass. The latest additions include FBC: Firebreak, Crash Bandicoot 4: It's About Time, Start Trucker, Wildfrost, Rematch, Call of Duty: WWII, Rise of the Tomb Raider, and more. As usual, some games are leaving the subscription. Valve released a big update for the Steam overlay. The latest version introduced major upgrades to CPU and VRAM usage, temperatures, and other important metrics that you might want to track when playing games on your gaming rig. Deals and freebies Also, be sure to check out this week's Weekend PC Game Deals article, which features rhythm bundles, fishing festivals, DRM-free summer sales, and more. Other gaming news includes the following: Take-Two confirmed Borderlands 4 will not cost $80 for the base game. The Coalition expanded the Gears of War: Reloaded beta after its rocky start. Ara: History Untold 1.4 update delivered overhauls to AI, map generation, combat, and more. Star Citizen Alpha 4.2 update lands with radiation hazards, dynamic rain, and more. This link will take you to other issues of the Microsoft Weekly series. You can also support Neowin by registering a free member account or subscribing for extra member benefits, along with an ad-free tier option. Microsoft Weekly image background by steve_a_johnson on Pixabay
    • I'm afraid not, Microsoft does release updated installation images for Windows through MVS every month, but they do not include any update to Defender's components or signatures. That's what the package talked about in the article is for, it includes a PowerShell script for the update.
  • Recent Achievements

    • One Month Later
      serfegyed earned a badge
      One Month Later
    • Dedicated
      firey earned a badge
      Dedicated
    • Dedicated
      fettermanj earned a badge
      Dedicated
    • One Month Later
      SekTheFirst earned a badge
      One Month Later
    • First Post
      zayanhani earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      639
    2. 2
      ATLien_0
      232
    3. 3
      Michael Scrip
      219
    4. 4
      Xenon
      147
    5. 5
      Steven P.
      141
  • Tell a friend

    Love Neowin? Tell a friend!