Unsolved
This post is more than 5 years old
18 Posts
0
105329
Power Connect Network Setup using VLANs
Hello Guys
I got my very first DELL Switches and want to setup a complete brand new netowork. below is list of devices I got.
2 * Dell Power Connect 6224 (24 Port Switches)
2 * Dell Power Connect 2848 (48 Port Switches)
1 * Watchguard XTM 505 as Internet Firewall
MD 3200i with 4 Ports on Each controller totaly 8 Ports.
2 * Dell Power Edge R720 Each with 8 Ports.
6 other servers ,
Both 6224 switches are stacked by using stacking modules . i think this should be as standby stack for failover ISCSI cluster.
MY Plan is to use 6224 switches to connect 2 R720s , MD3200i to create a failover hyper cluster, plus i will connect 2 more servers by teaming there network ports so one cable can go to each 6224 switch. all servers will connect to 6224.
Watchguard Firewall LAN bridged ports will connect to both 6224.
then switch on 1st Floor 2848 needs to conenct to both 6224 switches if am correct . on 1st floor switch i want to connect about 40 computers and printers in one subnet 172.16.13.X and another subnet for Wi Fi Access Points 172.16.14.X
and another 2848 switch on 4th Floor needs to connect to both 6224 same as other and i need same subnets on that 172.16.13.X for desktops and 172.16.14.X for Wi Fi Access Points.
Virtual Server Network from hyper V hosts + another physical servers needs to be in diffrent subnet (172.16.12.X)
according to above complete network setup i will need few VLANs, allow traffic between them and allow traffic out to watchguard firewall for internet access.
also I will have Active Directory , Exchange Servers in server list and PCs on diffrent subnet needs to join AD domain and access all services. DNS, DHCP from server subnet.
can someone guide me the best way to implement this. where VLANs needs creating on both 6224s or 2848s. i attached a diagram of my plan. plz mind the drawing its not best but hope you can get some ideas out of it for what am trying to achieve.
Many Thanks.
in Diagram
S1 = PC 6224
S2 = PC 6224
S3 = PC 2848
S4 = PC 2848
on top is Watchguard Firewall its 2 LAN ports needs to goto both 6224
MrHarrySingh
18 Posts
0
July 31st, 2012 06:00
thanks Danial
for very initial testing i did setup a VLAN. 172.16.12.1 for servers and put one server in there by giving above IP as default gateway.
My watchgard is connected to port1 of 6224. watchguard LAN IP 172.16.10.1
how I can enable traffic out from VLAN10 servers subnet to go out via watchguard for internet access.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
July 31st, 2012 06:00
I am happy to point you at some material and some example commands that you can use to get started on your network configuration.
Here are links to the owners manuals.
62XX
<ADMIN NOTE: Broken link has been removed from this post by Dell>
28XX
<ADMIN NOTE: Broken link has been removed from this post by Dell>
White page on stacking 6200 series switches
www.dell.com/.../pwcnt_stacking_switches.pdf
Here is are White pages on Link Aggregation.
www.dell.com/.../pwcnt_link_aggregation.pdf
www.dell.com/.../app_note_2.pdf
The following example shows how port 1/g5 is configured to port-channel
number 1 without LACP.
console(config)# interface ethernet 1/g5
console(config-if-1/g5)# channel-group 1 mode on
When connecting the 6224 stack to another switch or VLAN aware device, those ports or port group should be placed in general mode. This will allow multiple tagged frames to traverse that connection.
console(config)# interface ethernet 1/e7
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2 tagged
When connecting a computer to a port, that port should be in access mode, for the VLAN you want the computer to participate in.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
These white pages go over VLANs, fundamentals, creation, scenarios, etc.
www.dell.com/.../app_note_8.pdf
www.dell.com/.../app_note_4.pdf
Here is a basic example of creating a VLAN and then naming it.
console(config)# vlan database
console(config-vlan)# vlan 2
console(config-vlan)# exit
console(config)# interface vlan 2
console(config-if)# name Marketing
console(config-if)# end
Once you have the VLANs created you can look at routing between the VLANs, here is a white page on that subject.
www.dell.com/.../app_note_38.pdf
Example of the basic commands for VLAN routing, look like this.
console#config
console(config)#ip routing
console(config)#interface vlan 2
console(config-if-vlan2)#routing
console(config-if-vlan2)#exit
console(config)#interface vlan 3
console(config-if-vlan3)#routing
console(config-if-vlan3)#exit
For your DNS and DHCP servers being on different VLANS from other devices, I would look at the IP helper commands. Page 711 in the CLI owners manual.
Example
To relay DHCP packets received on any interface to two
DHCP servers, 10.1.1.1 and 10.1.2.1, use the following
commands:
console#config
console(config)#ip helper-address 10.1.1.1 dhcp
console(config)#ip helper-address 10.1.2.1 dhcp
Here is a white page with some good iSCSI information.
www.dell.com/.../Dell_EqualLogic_%20iSCSI_Optimization_for_Dell_Power_onnect_%20Switches.pdf
Here is a list of several different white pages, you may want to have for a reference point.
Hope this information helps you in configuring your network.
Thanks.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 31st, 2012 07:00
For the Switch to be able to pass tagged traffic from multiple VLANs to other network devices, you need to place that port or port group into switchport general mode, and then add the VLANs that need to traverse that connection.
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 10 tagged
Make sure and allow all VLANs that need to communicate across that connection.
MrHarrySingh
18 Posts
0
July 31st, 2012 09:00
Hello Daniel
thanks for links to all manuals, I have gone trough few of these to have basic idea of how this stuff works.
to keep it simple, i will do factory restore both 6224, switches and put in stack. configure very intial configuration giving stack IP address. GW etc. will this IP needs to be in our firewall subnet and do firewall IP as gateway or keep switch stack IP subnet completely diffrent.
can you provide me commands to create one VLAN for Servers
VLAN10 , name it servers.
IP address for that 172.16.12.1
and use ports g13 to g20
I want to connect my Watchguard Firewall to Port G1 , firewall IP is 172.16.10.1
then allow traffic from servers subnet out to firewall for internet access.
thanks.
later on I can follow details to connect 2848 to 6224 and setup 2 more VLan to 2848 for destops and wifi APs.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 31st, 2012 11:00
Your stack of switches does not need to have an IP address in the same subnet as the firewall.
Here is a basic example of creating a VLAN and then naming it, and giving IP address
console(config)# vlan database
console(config-vlan)# vlan 10
console(config-vlan)# exit
console(config)# interface vlan 10
console(config-if)# name servers
console(config-if)# ip address 192.16.12.1
console(config-if)# end
Once that VLAN is then made you can then navigate to any port you want to be in that VLAN and the port in access mode, General, or Trunk mode. If ports 13-20 will have servers, computer, and other non VLAN aware devices plugged into them, then they should be in access mode.
Example
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 10
On G1, that port would need to be in General mode, and add all VLANs that you want to communicate over that connection.
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 10 tagged
The basic commands to allow VLAN routing is the following.
console#config
console(config)#ip routing
console(config)#interface vlan 10
console(config-if-vlan10)#routing
console(config-if-vlan10)#exit
Thanks
MrHarrySingh
18 Posts
0
August 1st, 2012 02:00
thanks Daniel
i will do that now.
Another question about Stack Module Cable connections. What is the best way of physical stacking cable connections I can’t find any specific guide.
Switch 1 – XG1 cable will go to Switch 2- XG 1
Switch 1 – XG2 cable will go to Switch 2- XG2
Is it ok as above or we have to connect them in cross mode.
Like XG1 on Switch 1 go to XG2 on switch 2 and so on.
MrHarrySingh
18 Posts
0
August 1st, 2012 03:00
Hi Daniel i performed all commands as you mentioed, but stil my servers in subnet 172.16.12.1 can't ping out to outside world or from there I can't even ping my firewall IP 172.16.10.1
below is config . can you please have a look thanks.
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10
vlan routing 10 1
exit
stack
member 1 1
member 2 1
exit
ip address 172.16.11.2 255.255.255.0
ip default-gateway 172.16.11.1
ip routing
interface vlan 10
name "servers"
routing
ip address 172.16.12.1 255.255.255.0
exit
username "admin" password xxxxxxxxxxxxx level 15 encrypted
!
interface ethernet 1/g1
switchport mode general
switchport general allowed vlan add 10 tagged
exit
!
interface ethernet 1/g13
switchport access vlan 10
exit
!
interface ethernet 1/g14
switchport access vlan 10
exit
!
interface ethernet 1/g15
switchport access vlan 10
exit
exit
console#
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 1st, 2012 06:00
You have the gateway of the switch set to 172.16.11.1 what does this IP address belong to?
Ports 13,14,15 are set to access mode, are all three of these going to the server, or just one?
Do you have the default gateway of the server set to 172.16.12.1?
Is the switch able to ping it's gateway?
I the server able to ping VLAN 10?
Thanks
MrHarrySingh
18 Posts
0
August 1st, 2012 06:00
i tried setting chaning switch IP to be in DG subnet but that didnt help either. server can't ping out to 172.16.10.1
MrHarrySingh
18 Posts
0
August 1st, 2012 06:00
ok you mean I shall update switch IP to be in that subnet, say switch IP 172.16.10.2
then keep its default GW 172.16.10.1
as if i try to change switch DG to 172.16.10.1 it wont letme change says IP address and DG do not reside on same subnet.
MrHarrySingh
18 Posts
0
August 1st, 2012 06:00
Hello Daniel
please see below
You have the gateway of the switch set to 172.16.11.1 what does this IP address belong to?
there is no device on that IP this was entered just while setting up switch via initial config, so this gateway is not pingable ,
Ports 13,14,15 are set to access mode, are all three of these going to the server, or just one?
yes i got 2-3 servers to connect, currently one connected to port 13 with IP 172.16.12.12
Do you have the default gateway of the server set to 172.16.12.1?
yes DG is set on server
Is the switch able to ping it's gateway?
NO it doesn't exist
I the server able to ping VLAN 10?
yes server can ping its own subnet if I add more device or server can ping its GW 172.16.12.1
but server can't ping router/firewall 172.16.10.1
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 1st, 2012 06:00
Lets change the switch default gateway to 172.16.10.1
Then test to see if the switch can ping it. Then test to see if the server can ping it. And then test for outside network connection.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 1st, 2012 07:00
Can you please run some show commands.
Show running config
Show ip route
Show ip interface
May help us out here.
Thanks
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 1st, 2012 07:00
Is the switch able to ping 172.16.10.1
Is the server able to ping the switch 172.16.10.2
MrHarrySingh
18 Posts
0
August 1st, 2012 07:00
yes from switch console i can ping 172.16.10.1
also from console I can ping servers gateway 172.16.12.1
and from console I can also ping my server IP 172.16.12.12
but nothing going though vice versa.
from server I can only ping its own gateway 172.16.12.1
but from server I can't ping switch IP or switch Gateway at all.