The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
VLANs and Networks and help.
TyrantCow
Registered User regular
Registered User regular
So, I'm trying to set up a 'Management Network' for a new failover Hyper-V cluster and associated SAN. It's two servers and the SAN.
Typically, we run all public IPs; historically we've had plenty (it's a university). But, now to accomidate all the Hyper-V, cluster, and iSCSI traffic I don't have enough IPs to just use public addresses. Plus, I've been told by others that this is not the greatest way to approach it. If I could configure a management VLAN, I could ensure that iSCSI traffic is seperated from the rest of the network traffic and I can use a private IP space (saving public IPs).
I have limited knowledge/experience with switches and VLANs and all that.
I can handle configuring the switch to be on a private IP range network; and, I can get all the devices to talk to eachother in said network. My problem is getting to the private network/VLAN from my production network.
How do I approach this? I thought all I needed to do was configure one of the private switch ports to tag with the VLAN that the public network runs off of; but, I seem to be out of my depth.
I didn't configure our production switches; but, there's like 9 and some have a VLAN (lets say 20) untagged configured on them for our subnet. However, some of them aren't using 20; they're just using the default 1 untagged.
First, will I need to config those on default 1 to 20?
Once everything is 20 untagged; how do I move forward?
Have the public network switch have one port tagged 100 (lets call that the private network) plugged in to the private network switch on a tagged/untagged port?
This is still new to me
Typically, we run all public IPs; historically we've had plenty (it's a university). But, now to accomidate all the Hyper-V, cluster, and iSCSI traffic I don't have enough IPs to just use public addresses. Plus, I've been told by others that this is not the greatest way to approach it. If I could configure a management VLAN, I could ensure that iSCSI traffic is seperated from the rest of the network traffic and I can use a private IP space (saving public IPs).
I have limited knowledge/experience with switches and VLANs and all that.
I can handle configuring the switch to be on a private IP range network; and, I can get all the devices to talk to eachother in said network. My problem is getting to the private network/VLAN from my production network.
How do I approach this? I thought all I needed to do was configure one of the private switch ports to tag with the VLAN that the public network runs off of; but, I seem to be out of my depth.
I didn't configure our production switches; but, there's like 9 and some have a VLAN (lets say 20) untagged configured on them for our subnet. However, some of them aren't using 20; they're just using the default 1 untagged.
First, will I need to config those on default 1 to 20?
Once everything is 20 untagged; how do I move forward?
Have the public network switch have one port tagged 100 (lets call that the private network) plugged in to the private network switch on a tagged/untagged port?
This is still new to me
TyrantCow on
0
Posts
http://routergod.com/gilliananderson/ (see bottom and part 2)
It's easiest to think of VLANs as separate routed networks. The vlans tags tell the switch which network each switchport can talk on. But just like with routed networks you can't speak across vlans without layer 3 functionality.
my vlans are like
10.1.1.0/24 VLAN: 1001
10.1.2.0/24 VLAN: 1002
etc
I also have a private VLAN 192.168.252.0/24
For the production vlans you have to have the switches talk to a router or have layer 3 functionality. On my LAN, i have trunk ports (trunk = multiple vlans) from the switch to a router with sub-interfaces.
10.1.1.0/24 VLAN: 1001 talks to default gateway of 10.1.1.1, 10.1.2.0/24 talks to 10.1.2.1, etc.
My private vlan has no gateway and so is unable to talk outside itself. This is probably what you're going to need for the "management network". (careful - don't get it mixed up with a management vlan (typically vlan1))
I would clean that up just for ease of management. But if you have multiple vlans, there's some layer 3 stuff going on or they aren't visible on the public/production side. Figure that out first.
Man that's rambling, but I'm talking with adobe support. Oblig. cisco link.
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008009478e.shtml
Essentially, add a static route on your "switch" between the production VLAN and the management VLAN.
This sounds like someone changed the default VLAN tag on some switches and you aren't really using different VLANs. If you only have 1 network address ignore the fact that there are separate untagged VLANs going across your network and just /facepalm when you see your network guy.
Many thanks, looking in to a solution now...
Maybe you need something new, maybe not. Most higher-end business class switches do layer 3 nowdays. If it's cisco gear, even low-end switches like the 2900 series have that capability.
Also you may not want to route between vlans for security or ease of management or whatever. Say for example you have a dual-nic file server that talks to a SAN device. The server needs to talk to other LAN clients, but the SAN? It only needs to talk to the server and what's more you don't want the public network talking to it.