Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

thehulk

2 Posts

10049

October 6th, 2005 14:00

5316M switch config - network segmentation

Hi!
I wasn't quite sure where to post this.. I hope this is the right place, any help is appreciated!

--SCENARIO
I have a Poweredge 1855 blade array with 2 x 5316M switches.
The 2 switches in the blade array, SW1 and SW2, have 10 internal ports e1-e10, 1 for each blade. There are also 6 external (physical) ports e11-e16 per switch.

Say I have 3 blades (BL1, BL2, BL3) containing 2 onboard NIC's per blade
BL1_N1, BL1_N2 -> connect to NETWORK1 via SW1/e1 and SW2/e1
BL2_N1, BL2_N2 -> connect to NETWORK1 via SW1/e2 and SW2/e2
BL3_N1, BL3_N2 -> connect to NETWORK2 via SW1/e3 and SW2/e3


Presently I have BL1 and BL2 connected to NETWORK1, which works fine using SW1/e11, these can communicate with each other and any other device on NETWORK1.

Whenever I try to connect BL3 to NETWORK2 using SW1/e12 connected to an external switch in NETWORK2 (a DMZ), the entire network crashes (not good), communication STOPS.
I think this is because everything for NETWORK2 is being routed to the next NETWORK1 external switch, and nothing is going to the DMZ (NETWORK2) switch.

I don't know if I need to set up VLANs or such to segment the networks - I haven't done that before, and as such I can't use any of the other blades on
any network other than NETWORK1, which is a real problem.

--GOALS
I want to connect BL1 and BL2 to NETWORK1 (*works).

I want to connect BL3 to NETWORK2.

no interoperability between NETWORK1 and NETWORK2 is allowed - these are on completely disconnected network segments.
BL1 and BL2 should be able to communicate with each other (presently OK) as they share a common gateway (external router).
BL3 uses a different gateway, IP range, external switches..


--NICE TO HAVE
obviously I would like to take advantage of the fact that I have 2 switches, so would like to use these for redundancy..
I'd like to have SW1/e11 and SW2/e11 to service NETWORK1.
I'd like to have SW1/e12 and SW2/e12 to service NETWORK2

I don't know how the PE1855MC array handles any of this..
TIA!

thehulk

2 Posts

October 6th, 2005 15:00

Hi Cuong,

I'm only using one 5316M at present. I can use one port/cable to connect to a cisco 5500. There are 3 vlan's on the cisco, vlan 10, 11 and 12.
(someone else set up the cisco kit)
I haven't set up any vlan's on the 5316, so I assume it's using the default of vlan1.
I recall being told sometime ago that cisco use vlan1 for inter-device communication.
I want to connect blades 1 and 2 to vlan 10.

blade 3 is to be connected to a cisco 2950. the 2950 has no ip address (setup as unmanaged as it is in an untrusted network) no vlan's are set up on that yet - this can be done if need be.
STP is enabled on the cisco devices.

DELL-Cuong N.

1K Posts

October 6th, 2005 15:00

I really need to draw out your network to make sure I understand the full scenario but a few things pop out immediately:

  • If you are connecting the 5316M to an external switch that some how loops back to the 5316M as you described it you might have created a loop in your network.  If this is the case make sure you enable STP (spanning tree protocol) on all you switches in this network to prevent packets that loop through your network.  This may result in packet flood that will keep increasing in volumes without anywhere to go which could result in all kind of problems in your network.
  • If you want separated networks (broadcast domains) then you MUST configure VLAN.  If you have not created any VLAN then you cannot segment your network and any broadcast or even normal packets on one "network" will be visable to all equipments on the other network.
  • In your external network, are there not already VLANs created?  If not then I don't see how you segment external network traffic either.  If you do have external VLANs setup then you need to also extend those VLANs into the 5316M switch and make sure the correct port are added to the correct VLAN.  Also ports on the 5316M that must go out into your external network that goes into external switches should be configured as VLAN trunks and you should configure these ports to allow in only the VLANs you want to be visable to the blades.

It may be helpful if you post your current configuration for the 5316M and if you could post a diagram showing how your network is setup too.

Cuong.

DELL-Cuong N.

1K Posts

October 6th, 2005 17:00

It really depends on how you setup the VLANs and how the VLANs are carried through to the 5316M but I think if you want the network to be segmented you must create a VLAN trunk between the 5316M and the external network and you must setup the trunk to be a member of VLANs that you want use on the 5316M.

VLAN=1 is the management VLAN by default everything is on VLAN 1.  So if the external network does not tag any traffic when it sent into the 5316M then by default all these traffics are put onto VLAN 1 on the 5316M.  So at least within the 5316M there is no network segmentation if you do this because all traffic are on VLAN 1.  I don't think you want this.

When you said blade 3 is connected to some specific Cisco switch, I'm not sure I understand.  Blade 3 is connected to the 5316M then the 5316M is connected to the external network correct?  If you want blade 3 on a specific VLAN then you need to set it up that way.

I think you might want to consult with your IT engineers and work with them planning out your network so that the 5316M is configured correctly so that it would work with your network.

Cuong.

Was this post helpful?

View All

No Events found!

Top