This post is more than 5 years old
3 Posts
0
172577
December 7th, 2012 10:00
Powerconnect 6224 VLAN config / default gateway
Hello,
I am new to VLAN configuration and working with DELL switches so please forgive my ignorance.
I have joined an small organization that currently has a flat networking structure comprising of 1 6224 linked to two 5548's one is connected to three 3548's (access), and the other is connected to the servers. The 6224 connects back to a proxy server (default gateway) then to the Web. All devices are currently on a 192.168.78.0 /24 network with default gateway ip 192.168.80.1
We want to segment the network using two VLANS initially. 1 user vlan "80", and 1 security vlan "70" and I want to clarify a couple things before I attempt:
1. Can the switch ip's stay on on the user vlan network ex: 192.168.80.123 or do I have to create a separate management vlan?
2. I know in order to enable inter - vlan routing the vlan gateway ip needs to be on the 6224 and I then have to configure a default route to the proxy. Does the proxy have to be on a separate VLAN or could I leave it on VLAN 80 and change the ip address to something other than .1?
Thanks in advance.
0 events found
sketchy00
203 Posts
1
December 8th, 2012 12:00
I've done this a number of times myself. You can do this almost an endless number of ways, but it will be best to stick to some typical networking practices. Here is the readers digest version of what would be best to do.
1. Enable routing on the switch stack.
2. Make a VLAN 80 for your .80 /24 network. Assign the 192.168.80.1 IP to this VLAN. This way, clients will be maintaining a ".1" default gateway for the network they are on.
3. Make another VLAN 70 for your .70 /24 network. Assign the 192.168.70.1 IP to this VLAN. This will be the default gateway for this network. Repeat for however many VLANs/Networks you want.
4. Create a seperate VLAN for it's own "bubble" network between the switch, and the proxy server upstream. (Lets call it a ficticious VLAN 100 with an IP range x.x.100.x /29. It can be just a small /29 block or something or /24 if that is confusing. Configure a few ports as "access" ports for this VLAN so that untagged traffic can pass on this network. Assign x.x.100.1 to your Proxy Server, and x.x.100.2 to your switch, then make sure you have routes on both sides to know where trafic should go.
5. Save your configuration so that you don't have to rebuild it after a reboot. :-)
It will be best to set your expecations on this. You will realistically want to do this during a weekend/maintenance window. ARP caching, and other matters can make for some downtime. Also, there are certainly other ways to do it, but that can be hurtful down the road when you need to grow or scale. Two year's down the road someone wonders why a default gateway is set to some oddball IP, or there are intermentent routing errors, etc.
In the Powerconnect world, just be clear what the difference is between a "access" port, at "general" port, and a "trunk" port are. Terms can be different from mfr to mfr, and if one comes from say, the Cisco world, this can be a bit different.
Finally, be sure to come up with a good procedure for this during your maintenance window. Come up with a good documented plan, and if well thought out, when you execute it, it will be nothing more than a task based project.
sketchy00
203 Posts
1
December 9th, 2012 13:00
I would dedicate a seperate VLAN & subnet for Management, and if you do, have it set to something other than VLAN 1. There are two ways you can achieve access to it.
1. Have an "access" port for a physical machine, or a " general" port for tagged traffic coming from say, your VMs.
2. Enable routing on the Management VLAN, so that you can access it from another network.
Soloz
3 Posts
0
December 9th, 2012 12:00
Thanks for the step by step instructions and the advice. That makes the VLAN assignment part pretty clear now.
There's one item I still would like some feedback on however:
Would there be an issue if I leave the switches on the .80 VLAN? and if I do have to put them on another "management" VLAN, do I have set up a management pc to access those devices or will I be able to access them from the .80 VLAN?
Thanks.
Soloz
3 Posts
0
December 10th, 2012 07:00
Thanks again for the clear and concise guidance. I think this covers it. I am going to attempt the re-config during the next maintenance window (either this w/end or next). Will post my results (Hope its all good news)
sketchy00
203 Posts
0
December 10th, 2012 07:00
You are welcome. Good luck and let us know how it goes.
FamousRuler
1 Rookie
•
110 Posts
0
February 23rd, 2015 04:00
Do you mean to configure more ports other than the one connecting to the proxy? If so, is it really necessary? I won't be connecting any endpoint devices on this network. I's purpose is to only route right?.
Sorry to ask on this kind of old question.