Help with Powerconnect 3524 setup

VLANs will be the way to go, along with some communication with your ISP. Find out what VLAN the public IP addresses belong to on the Cisco switch. And ask them if the port is set to Trunk mode.

 

As an example say they indicate the public IP addresses are on VLAN 222. Then on the 3524 you will need to create VLAN 222. Place ports that the server NIC with the public IP address into access mode for VLAN 222. Then place the port that connects to the Cisco into Trunk mode.

 

Place the 192.168.0.x traffic all into the PVID which by default is VLAN 1.

 

That is probably the easiest method. If you anticipate future growth and the need to use more VLANs to segregate traffic, you will need to communicate with your ISP and see what VLANs are in use on the Cisco, see if they can create new VLANs for you to use, etc.

 

Keep us updated.

Thanks Daniel,

Ok so after communicating with the ISP they informed me that the public IP address's were on VLAN 2 and that that my port shouldnt need to be on trunk mode and that I should try without first as there switch should appear transparent. 

I have created VLAN 2 on the 3524  and placed e1 and e2 ports into access mode on VLAN 2

I have also placed the connection from the Cisco switch (ISP) into e23 on the 3524 and assigned it to VLAN 2 with Trunk Mode

I can now get internet access to and from the servers on VLAN 2

I'm a bit stuck with the next bit

"Place the 192.168.0.x traffic all into the PVID which by default is VLAN 1." - How do I do this via the Web GUI ? your previous example was extremely helpful

From my understanding we have placed the servers onto VLAN 2 which is linked to VLAN 2 on the ISP switch and hence can access the internet , and the statement above refers to placing Internal IP address's (192.168.0.x) on VLAN 1 . How do the devices on VLAN 1 access the internet via the e23 if its on VLAN 2 , have I picked this up wrong ?

If the above is correct where Private IP's are on VLAN 1 and Public IP's are on VLAN 2 how could a server with 1 NIC be be connected to be both VLANS if VLAN connection is allocated per port , can I assign a port to be on multiple VLANS ?

Many Thanks,

Ross

 

 

 

By default all ports are in access mode for VLAN 1 which is the PVID, so there is no additional configuration needed on the switch to place a device in VLAN 1.

 

The trunk connection is how you send out traffic for multiple VLANs. The trunk connection will send all VLAN traffic tagged except for the PVID, in this case VLAN 1. So the 3524 sends all VLAN 2 traffic tagged. Then when the Cisco receives it the tagged packet on it's Trunk port it knows the packet belongs to VLAN 2 and continues to forward it on VLAN 2. The 3524 will take the traffic on VLAN 1 and send it out the Trunk untagged. So now the Cisco receives this traffic, sees it does not have a VLAN tag so the Cisco places the packer on it's PVID and forwards it.

 

Based on what your ISP said, it sounds like the Cisco is setup in access mode for VLAN 2. Which means that it will expect to receive untagged frames, and forward them in VLAN 2, and then would also send untagged frames back to the 3524. But without seeing the config on the Cisco we don’t know for certain.

 

Each server will need to have two NIC ports, one port for each subnet, in order for the server to communicate with the other subnet. The only other way around that may be through VLAN routing, which the 3524 does not do. The Cisco might, but again we don’t know much about it.

 

You might be able to do multiple subnets on the same VLAN, but it is not common practice, recommended, and may or may not work.

Thanks Daniel,

That makes sense however I'm only able to get this partially functional, Only devices on VLAN 2 can access the Internet. Devices on VLAN 1 can connect to each other but not the Internet.

My current setup so far is :

ISP Cisco Switch

Port 6 currently in Trunked mode

VLAN 2

DELL 3524

e23 : set as a trunked port on VPID 2 set as untagged port - (connection from isp)

e1: set as access port on VPID2 set as untagged port - (server 1)

e7: set as access port on VPID 1 set as untagged port (workstation 1)

from workstation 1 I am unable to access the internet.

Workstation 1 is a windows machine and on the machine I configured the following

Ip = 192.168.0.45

subnet: 255.255.255.0

default gw: 192.168.0.1

Server one config

ip:222.222.222.67

subnet: 254.254.254.x

default gw: 212.x.x.x

Am I doing something wrong ?

I have

1.) Created VLAN 2 and placed e23(link to ISP switch) and e1 (server1) on that VLAN (VPID 2)  ports are set as untagged , changing them to tagged stops server from being able to connect to internet.

2.) Placed e23(link to ISP switch) into trunk mode

3.) All other devices are automatically on VPID 1 and are also set to unatgged so should work but they cant connect to the internet

Server can connect fine to network and internet but workstations cannot connect to internet , any help would be much appreciated

Regards,

Ross

Without adding any additional hardware you can take one of the servers you have and turn it into a router/internet sharing, for your network. Here are some various links with information on how that is done.

http://www.linuxtechtips.com/2013/12/configure-centos-as-a-router.html

http://www.cyberciti.biz/faq/rhel-fedora-linux-internet-connection-sharing-howto/

http://www.itadmintools.com/2012/10/home-lab-centos-63-as-firewall-and.html

 

With some searching you will find a lot of other similar blogs/posts/how-to

Your config looks fine, what is hanging things up is the lack of ability to know the config of the Cisco or manipulate it. I am bet if you changed port 23 to access mode for VLAN 2, the servers would still make contact with the internet.

With your situation, what you may need to do it have a device on your network perform routing. What OS is installed on the server? we can look at some options there.

Hi Daniel,

Changing port 23 to access mode for VLAN 2 still allows the servers to make contact with the internet. The servers are Linux(CentOS).

Thanks,

Ross

Hi Daniel ,

If possible I'd like to avoid having additional software/services on our servers as they are used for development and testing of software. I would much prefer to add a piece a hardware to the setup , Could you recommend a router with built in firewall that would be suitable for the setup I'm trying to achieve , bearing in mind the scenario of multiple incoming ip's. I hope I'm not asking the impossible but I'm really looking do this on a budget and would preferably be able to pick up said piece of hardware used device of ebay. Ideally the cheapest device that will do what required.I should also mention that we may be looking to use this setup for voip in the next 3-6 months so if the router could work with the 3524's VOIPLAN features that would be idela.

Regards,

Ross

It appears the Sonicwall TZ line may do what you are looking for.

http://www.sonicwall.com/us/en/products/TZ-105.html

I would give there support a call through, let them know what you need to accomplish and you are looking at the TZ models.

+1 888.793.2830