Thanks for the reply. It turns out that XenServer sorts out the traffic I just needed to at a virtual nic in with the correct vlan id and presto it worked. I will however try the rounting solution on a test switch just out of curiousity.
Hi thanks for the reply. I am trying to segment traffic on a single stack. I want to put a cable into port 2 and tag vlan 2 and a cable in port 3 and tag vlan 3. I will plug another cable into port 48 and I only want it to see traffic from vlans 2 and 3. I can get it to work if I tag port 48 as either vlan 2 or vlan 3 but don't know how to configure so it will accept traffic from both at the same time. I have read through the guides and it is still not clear.
The reason I need to do this is to ensure traffic from my 2 dsl routers only go to specific ports.
Hi thanks for the reply. This is what I had already but it does not work. I am currently testing as follows:
port 2 will have the DSL 1
port 3 will have the DSL 2
Port 48 will have a connection to my server
To test what I am doing is plugging a laptop into port 48 with a static IP and then plugging a latop into ports 2 and 3.
If I tag port 48 with just one VLAN I can get the laptop to ping the laptop in port 48 but as soon as I try and tag both VLANS (2 and 3) to port 48 I can no longer ping the laptop from either port 2 or port 3 ?
If the sever has a virtual switch then you can set that up to trunk on the server side and on port 48. Using General mode (replacing general for trunk in the trunk command) may work in a non virtual environment.
It is not possible to set a single port for multiple VLAN access. If you are wanting the server to communicate with VLAN 2 and 3 you can set port 48 for one or the other and then enable routing in order to reach the other VLAN.
Do you have an example script that you can let me have that will show how I can get port 48 to accept traffic from vlan 2 and vlan 3 by using routing as this is not something I have setup before.
I need to ensure that it is not possible for port 48 to get any traffic from any other ports / vlans other than port 2 / vlan 2 and port 3 / vlan 3.
Thanks again I really appreciate your assistance with this.
console(config-if-vlan2)# ip address 192.168.2.0 /24
console(config-if-vlan2)# routing
console(config-if-vlan2)# exit
console (config)#interface vlan 3
console(config-if-vlan3)# ip address 192.168.3.0 /24
console(config-if-vlan3)# routing
console(config-if-vlan3)# exit
Here is the ACL that is placed on port 48 out to let only the ip of VLAN 2 & 3 out to the server. Where the access list named “Test” is permitting the ip address 192.168.2.0 for VLAN 2 network to the specific address of the server on port 48 with the address 172.16.1.1 on the first line. Then the same set up for the ip 192.168.3.0 for the VLAN 2 network. You will need to fill in the correct ip addresses throughout the command examples based on your network environment.
console(config)# access-list Test permit ip 192.168.2.0 0.0.0.255 172.16.1.1 0.0.0.0
console(config)# access-list Test permit ip 192.168.3.0 0.0.0.255 172.16.1.1 0.0.0.0
console(config)#interface gi1/0/48
console(config-if-Gi1/0/48)#ip access-group Test out
Here is some more information on configuring ACLs.
cjp123_fe1429
7 Posts
1
July 5th, 2012 04:00
Thanks for the reply. It turns out that XenServer sorts out the traffic I just needed to at a virtual nic in with the correct vlan id and presto it worked. I will however try the rounting solution on a test switch just out of curiousity.
DELL-Willy M
802 Posts
0
June 12th, 2012 10:00
Here is a link to the User Guide for the 70xx model switch. It has useful information on configuring the switch.
support.dell.com/.../UG.pdf
CLI User Guide:
support.dell.com/.../CLI_UG.pdf
Creating VLANs
console> enable
console# config
console(config)# vlan database
console(config-vlan)# vlan 2
console(config-vlan)# exit
console(config)# interface vlan 2
console(config-if)# name Marketing
console(config-if)# end
Configuring Access Ports
console> enable
console# config
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# end
Trunking (allowing multiple vlans to pass from switch to switch)
console# configure
console(config)# interface ethernet e11
console(config-if)# switchport mode (general /trunk)
console(config-if)# switchport (general/trunk) allowed vlan add 2 tagged
console(config-if)# switchport (general/trunk) allowed vlan remove 1
VLAN Routing
console(config)# ip routing (enables routing globally)
console(config)# interface vlan 2 (Then enter each VLAN and provide ip address and routing command)
console(config-if-vlan100)# ip address xxx.xxx.xxx.xxx /24
console(config-if-vlan100)# routing
console(config-if-vlan100)# exit
Hope this helps,
Keep us updated please.
cjp123_fe1429
7 Posts
0
June 12th, 2012 13:00
Hi thanks for the reply. I am trying to segment traffic on a single stack. I want to put a cable into port 2 and tag vlan 2 and a cable in port 3 and tag vlan 3. I will plug another cable into port 48 and I only want it to see traffic from vlans 2 and 3. I can get it to work if I tag port 48 as either vlan 2 or vlan 3 but don't know how to configure so it will accept traffic from both at the same time. I have read through the guides and it is still not clear.
The reason I need to do this is to ensure traffic from my 2 dsl routers only go to specific ports.
Thanks
DELL-Willy M
802 Posts
0
June 12th, 2012 16:00
This will tag packets coming into port 2 for VLAN 2
Console (config)#interface gi1/0/2
Console (config-if-Gi1/0/1)#switchport mode access
Console (config-if-Gi1/0/1)#switchport access vlan 2
This will tag packets coming into port 3 for VLAN 3
Console (config)#interface gi1/0/3
Console (config-if-Gi1/0/3)#switchport mode access
Console (config-if-Gi1/0/3)#switchport access vlan 3
This will allow tagged packets to pass to the DSL routers
Console (config)#interface gi1/0/48
Console (config-if-Gi1/0/48)#switchport mode trunk
Console (config-if-Gi1/0/48)#switchport trunk allowed vlan add 2
Console (config-if-Gi1/0/48)#switchport trunk allowed vlan add 3
Console (config-if-Gi1/0/48)#switchport trunk allowed vlan remove x (if needed to remove specife vlan)
cjp123_fe1429
7 Posts
0
June 13th, 2012 01:00
Hi thanks for the reply. This is what I had already but it does not work. I am currently testing as follows:
port 2 will have the DSL 1
port 3 will have the DSL 2
Port 48 will have a connection to my server
To test what I am doing is plugging a laptop into port 48 with a static IP and then plugging a latop into ports 2 and 3.
If I tag port 48 with just one VLAN I can get the laptop to ping the laptop in port 48 but as soon as I try and tag both VLANS (2 and 3) to port 48 I can no longer ping the laptop from either port 2 or port 3 ?
What am I doing wrong ?
Thanks
DELL-Willy M
802 Posts
0
June 13th, 2012 11:00
If the sever has a virtual switch then you can set that up to trunk on the server side and on port 48. Using General mode (replacing general for trunk in the trunk command) may work in a non virtual environment.
It is not possible to set a single port for multiple VLAN access. If you are wanting the server to communicate with VLAN 2 and 3 you can set port 48 for one or the other and then enable routing in order to reach the other VLAN.
cjp123_fe1429
7 Posts
0
June 13th, 2012 13:00
Hi Thanks for the update.
Do you have an example script that you can let me have that will show how I can get port 48 to accept traffic from vlan 2 and vlan 3 by using routing as this is not something I have setup before.
I need to ensure that it is not possible for port 48 to get any traffic from any other ports / vlans other than port 2 / vlan 2 and port 3 / vlan 3.
Thanks again I really appreciate your assistance with this.
DELL-Willy M
802 Posts
0
June 13th, 2012 17:00
console(config)# ip routing
console(config)#vlan database
console (config-vlan)#vlan 2
console (config-vlan)#vlan 3
console (config-vlan)#exit
console (config)#interface vlan 2
console(config-if-vlan2)# ip address 192.168.2.0 /24
console(config-if-vlan2)# routing
console(config-if-vlan2)# exit
console (config)#interface vlan 3
console(config-if-vlan3)# ip address 192.168.3.0 /24
console(config-if-vlan3)# routing
console(config-if-vlan3)# exit
Here is the ACL that is placed on port 48 out to let only the ip of VLAN 2 & 3 out to the server. Where the access list named “Test” is permitting the ip address 192.168.2.0 for VLAN 2 network to the specific address of the server on port 48 with the address 172.16.1.1 on the first line. Then the same set up for the ip 192.168.3.0 for the VLAN 2 network. You will need to fill in the correct ip addresses throughout the command examples based on your network environment.
console(config)# access-list Test permit ip 192.168.2.0 0.0.0.255 172.16.1.1 0.0.0.0
console(config)# access-list Test permit ip 192.168.3.0 0.0.0.255 172.16.1.1 0.0.0.0
console(config)#interface gi1/0/48
console(config-if-Gi1/0/48)#ip access-group Test out
Here is some more information on configuring ACLs.
www.dell.com/.../pwcnt_IP_ACLs.pdf
www.dell.com/.../app_note_10.pdf
www.dell.com/.../app_note_3.pdf