Unsolved
This post is more than 5 years old
16 Posts
0
844749
January 12th, 2016 09:00
Setting up VLANs on stacked 6224s (iSCSI and LAN)
I have a pair of Powerconnect 6224 switches running in a stacked configuration. Up to this point, I have only been using them for iSCSI traffic, so there was never a need to setup any VLANs, etc. My current network configuration has changed, so now I need to run some LAN (server) traffic over the same switches, necessitating the use of VLANs. I will also need to uplink the switches (LAN traffic) to another switch.
I know little about VLANs, so I've been pouring over every article I can find, but I still have some questions on the setup. I'd like everything to be as redundant as possible, and you can assume I'll be starting with an out-of-the-box configuration, running the latest firmware.
My current LAN traffic is on the 192.168.1.x subnet.
My current iSCSI traffic is on the 192.168.5.x subnet.
I have an EqualLogic PS4000 series SAN with two controllers (1 management port and two iSCSI ports per controller).
I have two VMware hosts with two network ports each dedicated to iSCSI traffic.
For redundancy, does it make sense to split each host and SAN controller between the two switches (i.e. VMHost1 iSCSI1 to switch 1, VMHost1 iSCSI2 to switch 2, VMHost2 iSCSI1 to switch 1, VMHost2 iSCSI2 to switch 2, etc, etc), or does that even matter since the switches are stacked?
I'm thinking I could do what I need with just two VLANs (switch management can run in the LAN subnet without issue)., but I'm not sure what, if any, trunking and routing I need to do to get it all working in a redundant fashion.
I'd like ports 1-10 on each switch to be configured for iSCSI traffic from my VMware hosts and PS4000 on the 192.168.5.x subnet.
I'd like ports 11-24 on each switch to be configured for LAN traffic (and switch management?) on the 192.168.1.x subnet.
I'll need to uplink (Both switches? Trunked ports?) the LAN VLAN to another switch on the 192.168.1.x subnet.
Now... Can someone point me to some good articles, guides or tutorials that I might be missing? Or, if anyone has suggestions, I'm all ears.
I found this excellent guide...
http://vmpete.com/2011/06/26/reworking-my-powerconnect-6200-switches-for-my-iscsi-san/
... but I'm not sure if I can apply quite the same setup in my situation (substituting my LAN VLAN for his management VLAN).
HoozYer
16 Posts
0
January 13th, 2016 08:00
A few questions while I try to wrap my head around this...
You say to assign an IP to the VLAN (LAN IP of 192.168.1.1 suggested). Does this need to be an actual IP, or is this just telling the VLAN what subnet to operate in? I have a gateway on the network with the 192.168.1.1 IP, so that's why I'm asking.
I follow your suggestions on the trunked uplink ports, but they will be plugged in to a managed switch on the other end for which I have no control. Since the trunking requires both ends to be configured, I assume I cannot go that route. So, do I need to look in to going the General connection route for the uplink ports?
HoozYer
16 Posts
0
January 13th, 2016 09:00
Ok. Here's is what I've got so far. Let me know if I'm on the right track...
Assuming I am starting with a default configuration with the latest firmware
- Management traffic on VLAN 99, port 1 for uplinking and port 3 for direct local access
- iSCSI traffic (192.168.5.x subnet) isolated and optimized on VLAN 20, ports 4-12
- LAN traffic (192.168.1.x subnet) isolated on VLAN 30, ports 13-24 with port 3 for uplinking
****** CREATE/CONFIGURE VLANS ******
vlan database
vlan 99
vlan 20
vlan 30
exit
interface vlan 1
exit
interface vlan 99
name MGMNT
exit
interface vlan 20
name iSCSI
ip address 192.168.5.1
exit
interface vlan 30
name LAN
ip address 192.168.1.1
exit
ip address vlan 99
exit
****** CREATE MANAGEMENT UPLINK PORTS ******
interface port-channel 1
switchport mode access
switchport access vlan 99
exit
interface ethernet 1/g1
switchport access vlan 99
channel-group 1 mode auto
exit
interface ethernet 2/g1
switchport access vlan 99
channel-group 1 mode auto
exit
interface ethernet 1/g3
switchport access vlan 99
exit
interface ethernet 2/g3
switchport access vlan 99
exit
****** CREATE LAN UPLINK PORTS ******
interface port-channel 2
switchport mode access
switchport access vlan 30
exit
interface ethernet 1/g2
switchport access vlan 30
channel-group 2 mode auto
exit
interface ethernet 2/g2
switchport access vlan 30
channel-group 2 mode auto
exit
****** CONFIGURE iSCSI PORTS ******
interface range ethernet 1/g4-1/g12
switchport access vlan 20
no storm-control unicast
spanning-tree portfast
mtu 9216
exit
interface range ethernet 2/g4-2/g12
switchport access vlan 20
no storm-control unicast
spanning-tree portfast
mtu 9216
exit
****** CONFIGURE LAN PORTS ******
interface range ethernet 1/g13-1/g24
switchport access vlan 30
exit
interface range ethernet 2/g13-2/g24
switchport access vlan 30
exit
****** APPLY SETTINGS ******
exit
copy running-config startup-config
HoozYer
16 Posts
0
January 13th, 2016 12:00
Okay... None of my LAN devices access the SAN. All of the iSCSi connections happen directly between my VMware hosts and SAN over dedicated NICs (that will be connected to the iSCSI VLAN). The SAN management ports will be connected to the LAN side of the switch. So the iSCSI side will be for nothing but iSCSI (2 ports from each VMware host and 2 ports from each of the SAN controllers, for a total of 8 ports).
Admittedly, the management VLAN thing has got me a little confused.
Let me start over... Let's say I want:
- The 2 switches stacked
- VLAN 20 (VLAN IP of 192.168.5.249 if needed) for iSCSI on the 192.168.5.x subnet using ports 1-10 on each switch, and optimized for iSCSI traffic.
- VLAN 30 (IP of 192.168.1.249 if needed) for LAN on the 192.168.1.x subnet, using the rest of the available ports on each switch
- One port (say Port 11) on the LAN side of each switch set as uplinks to another managed switch over which I have no control (I may be able to have trunked ports added on that end, but let's assume not for now).
- Switch management (IP of 192.168.1.250) accessible from the LAN side of the switch
My first step in this whole upgrade/update process is going to be updating to the latest firmware, clearing the configuration and starting everything from scratch. So it'll be a blank slate.
Based on that information and my proposed configuration from a few posts up, what do I need to change, what can I skip, etc.?
HoozYer
16 Posts
0
January 14th, 2016 08:00
I think I've got it now. I've streamlined my config (I think I was making it too complicated) and got my ports and settings all dialed in.
My last question would be... If I setup the IP for VLAN 30 as 192.168.1.250 for management from the LAN side, what do I set the device IP to during the Easy Setup Wizard phase (I'll be clearing the old config and starting from scratch)? Or do I even need to set the device ID?
My LAN gateway is 192.168.1.1 FWIW.
BlahYadda
2 Posts
0
January 16th, 2016 13:00
This is HoozYer - I didn't realize that this machine was signed in under my work account.
Anyway... I did most of the configuration today. I cleared the existing switch configuration, ran the setup wizard (assigned 192.168.2.10 as the management IP), updated the firmware, setup my VLANs (192.168.5.250 for VLAN 20, 192.168.1.250 for VLAN 30), configured my ports (1-8 for VLAN 20 and 10-24 for VLAN 30), and enabled the jumbo frames settings.
So far everything seems to be working fine. The iSCSI traffic is running on VLAN 20 and I tested jumbo frames between my VMware hosts (and Virtual Machines) and the SAN and everything is good-to-go.
I did not configure the uplink ports for VLAN 30 yet. I'm still waiting on word from the guy that manages the main Cisco switch on how he'd like me to configure the uplinks (general or trunked), so there is no connectivity yet between the LAN side VLAN 30 of this switch and the actual LAN yet.
The only snag I ran into was trying to access the management interface (either SSH or HTTP) from the LAN side of the switch. I configured VLAN 30 with an IP of 192.168.1.250 as we discussed above. I connected a laptop to port 24 on the master switch and set a static IP of 192.168.1.249, but I couldn't get anything to respond from the .250 IP. What am I missing?
BlahYadda
2 Posts
0
January 18th, 2016 13:00
Our office is actually closed today, so I will have to check the http ip settings and whatnot tomorrow.
Ports 1-8 on both switches were set to access VLAN 20 (iSCSI), port 9 on both switches are unconfigured (eventual uplinks) and ports 10-24 on both switches should be set to access VLAN 30 (LAN). Is there a command I can run from the console to check the port configuration/assignment?
HoozYer
16 Posts
0
January 19th, 2016 06:00
The laptop (192.168.1.249) CANNOT ping VLAN 30 (192.168.1.250).
When I ran the "show ip http" command, it said "The HTTP service is enabled. Port: 80". That's it.
I double-checked my port configuration, and ports 10-24 on both switches are set to access VLAN 30.
HoozYer
16 Posts
0
January 19th, 2016 06:00
Just to check... I tried to ping the VLAN 20 IP (192.168.5.250) from a machine that is connected (and passing iSCSI traffic) through that VLAN. I got destination host unreachable and request timed out... but I know that side is working.
HoozYer
16 Posts
0
January 19th, 2016 08:00
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.14.2, VxWorks 6.5"
!System Software Version 3.3.14.2
!Cut-through mode is configured as disabled
configure
vlan database
vlan 20,30,99
vlan routing 20 1
vlan routing 30 2
exit
stack
member 1 1
member 2 1
exit
ip address 192.168.2.10 255.255.255.0
ip address vlan 99
interface vlan 20
name "iSCSI"
routing
ip address 192.168.5.250 255.255.255.0
exit
interface vlan 30
name "LAN"
routing
ip address 192.168.1.250 255.255.255.0
exit
username "admin" password 0708a42a296f567e8eaa21d70a2b7221 level 15 encrypted
interface ethernet 1/g1
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g2
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g3
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g4
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g5
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g6
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g7
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g8
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g10
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g11
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g12
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g13
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g14
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g15
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g16
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g17
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g18
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g19
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g20
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g21
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g22
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g23
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g24
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g1
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g2
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g3
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g4
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g5
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g6
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g7
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g8
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g10
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g11
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g12
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g13
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g14
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g15
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g16
spanning-tree portfast
switchport access vlan 30
exit
!
interface ethernet 2/g17
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g18
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g19
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g20
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g21
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g22
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g23
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g24
spanning-tree portfast
switchport access vlan 30
exit
HoozYer
16 Posts
0
January 19th, 2016 09:00
I went ahead and setup my trunk ports so, in addition to the config posted above, I now also have...
interface ethernet 1/g9
channel-group 1 mode auto
exit
interface ethernet 2/g9
channel-group 1 mode auto
exit
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan add 30
exit
exit
HoozYer
16 Posts
0
January 20th, 2016 06:00
Ok... I did some more testing yesterday, and it appears that the VLAN 30 (LAN) isn't passing any traffic at all for some reason. I put two devices on that VLAN with static IPs assigned, and I couldn't get them to communicate at all.
HoozYer
16 Posts
0
January 21st, 2016 08:00
I ran this exactly just now...
enable
configure
interface range ethernet 1/g10-1/24
switchport mode access
switchport access vlan 30
spanning-tree portfast
exit
Then I ran the exact same thing for 2/g10-2/g24.
Now my laptop (192.168.1.249) can pin other devices in the subnet (I have something on .50 and .52 for testing), but it still can't ping the VLAN IP (.250) or access the web interface.
HoozYer
16 Posts
0
January 21st, 2016 11:00
That worked! I can now ping the LAN side VLAN at 192.168.1.250 and I can log in to the web interface at that address as well! WOOHOO!
Now I just need the guy who manages the Cisco switch to setup the trunk ports on his end so I can test the uplink.
If that works, I AM DONE! :)
HoozYer
16 Posts
0
January 25th, 2016 07:00
I started to configure VLAN 12 to match his setup on the Cisco, but I figured I'd better stop until I had a good idea of how to go about doing this. Here's the current running config:
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.14.2, VxWorks 6.5"
!System Software Version 3.3.14.2
!Cut-through mode is configured as disabled
configure
vlan database
vlan 12,20,30,99
vlan routing 20 1
vlan routing 30 2
exit
stack
member 1 1
member 2 1
exit
ip address 192.168.2.10 255.255.255.0
ip address vlan 99
ip routing
interface vlan 12
name "Columbus_Data"
exit
interface vlan 20
name "iSCSI"
routing
ip address 192.168.5.250 255.255.255.0
exit
interface vlan 30
name "LAN"
routing
ip address 192.168.1.250 255.255.255.0
exit
username "admin" password 0708a42a296f567e8eaa21d70a2b7221 level 15 encrypted
interface ethernet 1/g1
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g2
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g3
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g4
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g5
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g6
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g7
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g8
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 1/g9
channel-group 1 mode auto
exit
interface ethernet 1/g10
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g11
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g12
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g13
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g14
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g15
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g16
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g17
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g18
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g19
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g20
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g21
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g22
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g23
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 1/g24
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g1
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g2
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g3
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g4
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g5
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g6
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g7
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g8
spanning-tree portfast
mtu 9216
switchport access vlan 20
exit
interface ethernet 2/g9
channel-group 1 mode auto
exit
interface ethernet 2/g10
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g11
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g12
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g13
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g14
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g15
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g16
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g17
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g18
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g19
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g20
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g21
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g22
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g23
spanning-tree portfast
switchport access vlan 30
exit
interface ethernet 2/g24
spanning-tree portfast
switchport access vlan 30
exit
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan add 30
exit
exit
HoozYer
16 Posts
0
January 25th, 2016 07:00
Three steps forward, two steps back...
The guy who manages the Cisco switch finally got around to setting up the trunked LACP LAG on his end for my two uplink ports. The issue is that I have setup my "LAN" VLAN with an ID of 30, and he says I need to change the ID to match the VLAN ID he has configured on the Cisco (12).
Is there an easy way for me to delete my VLAN 30 and its associated IP and port associations and then recreate basically the same thing with a VLAN ID of 12?