Power Connect Network Setup using VLANs

Question

Hello Guys I got my very first DELL Switches and want to setup a complete brand new netowork. below is list of devices I got. 2 * Dell Power Connect 6224 (24 Port Switches)2 * Dell Power Connect 2848 (48 Port Switches)1 * Watchguard XTM 505 as Internet Firewall MD 3200i with 4 Ports on Each controller totaly 8 Ports.2 * Dell Power Edge R720 Each with 8 Ports. 6 other servers , Both 6224 switches are stacked by using stacking modules . i think this should be as standby stack for failover ISCSI cluster. MY Plan is to use 6224 switches to connect 2 R720s , MD3200i to create a failover hyper cluster, plus i will connect 2 more servers by teaming there network ports so one cable can go to each 6224 switch. all servers will connect to 6224. Watchguard Firewall LAN bridged ports will connect to both 6224. then switch on 1st Floor 2848  needs to conenct to both 6224 switches if am correct . on 1st floor switch i want to connect about 40 computers and printers in one subnet 172.16.13.X  and another subnet for Wi Fi Access Points 172.16.14.X and another 2848 switch on 4th Floor needs to connect to both 6224 same as other and i need same subnets on that 172.16.13.X for desktops  and 172.16.14.X for Wi Fi Access Points. Virtual Server Network from hyper V hosts + another physical servers needs to be in diffrent subnet (172.16.12.X) according to above complete network setup i will need few VLANs, allow traffic between them and allow traffic out to watchguard firewall for internet access. also I will have Active Directory , Exchange Servers in server list and PCs on diffrent subnet needs to join AD domain and access all services. DNS, DHCP from server subnet. can someone guide me the best way to implement this. where VLANs needs creating on both 6224s or 2848s. i attached a diagram of my plan.  plz mind the drawing its not best but hope you can get some ideas out of it for what am trying to achieve. Many Thanks. in Diagram S1 = PC 6224S2 = PC 6224S3 = PC 2848S4 = PC 2848on top is Watchguard Firewall its 2 LAN ports needs to goto both 6224

MrHarrySingh · Answer

thanks Danial

for very initial testing i did setup a VLAN. 172.16.12.1 for servers and put one server in there by giving above IP as default gateway.

My watchgard is connected to port1 of 6224. watchguard LAN IP 172.16.10.1

how I can enable traffic out from VLAN10 servers subnet to go out via watchguard for internet access.

MrHarrySingh · Answer

Hello Daniel

thanks for links to all manuals, I have gone trough few of these to have basic idea of how this stuff works.

to keep it simple, i will do factory restore both 6224, switches and put in stack. configure very intial configuration giving stack IP address. GW etc. will this IP needs to be in our firewall subnet and do firewall IP as gateway or keep switch stack IP subnet completely diffrent.

can you provide me commands to create one VLAN for Servers

VLAN10 , name it servers.

IP address for that 172.16.12.1

and use ports g13 to g20

I want to connect my Watchguard Firewall to Port G1 , firewall IP is 172.16.10.1

then allow traffic from servers subnet out to firewall for internet access.

thanks.

later on I can follow details to connect 2848 to 6224 and setup 2 more VLan to 2848 for destops and wifi APs.

MrHarrySingh · Answer

thanks Daniel

i will do that now.

Another question about Stack Module Cable connections. What is the best way of physical stacking cable connections I can’t find any specific guide.

Switch 1 – XG1 cable will go to Switch 2- XG 1

Switch 1 – XG2 cable will go to Switch 2- XG2

Is it ok as above or we have to connect them in cross mode.

Like XG1 on Switch 1 go to XG2 on switch 2 and so on.

MrHarrySingh · Answer

Hi Daniel i performed all commands as you mentioed, but stil my servers in subnet 172.16.12.1 can't ping out to outside world or from there I can't even ping my firewall IP 172.16.10.1

below is config . can you please have a look thanks.

console#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"

!System Software Version 3.3.1.10

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 10

vlan routing 10 1

exit

stack

member 1 1

member 2 1

exit

ip address 172.16.11.2 255.255.255.0

ip default-gateway 172.16.11.1

ip routing

interface vlan 10

name "servers"

routing

ip address 172.16.12.1 255.255.255.0

exit

username "admin" password xxxxxxxxxxxxx level 15 encrypted

!

interface ethernet 1/g1

switchport mode general

switchport general allowed vlan add 10 tagged

exit

!

interface ethernet 1/g13

switchport access vlan 10

exit

!

interface ethernet 1/g14

switchport access vlan 10

exit

!

interface ethernet 1/g15

switchport access vlan 10

exit

console#

MrHarrySingh · Answer

i tried setting chaning switch IP to be in DG subnet but that didnt help either.  server can't ping out to 172.16.10.1

MrHarrySingh · Answer

ok you mean I shall update switch IP to be in that subnet, say switch IP 172.16.10.2

then keep its default GW 172.16.10.1

as if i try to change switch DG to 172.16.10.1 it wont letme change says IP address and DG do not reside on same subnet.

MrHarrySingh · Answer

Hello Daniel

please see below

You have the gateway of the switch set to 172.16.11.1 what does this IP address belong to?

there is no device on that IP this was entered just while setting up switch via initial config, so this gateway is not pingable ,

Ports 13,14,15 are set to access mode, are all three of these going to the server, or just one?

yes i got 2-3 servers to connect, currently one connected to port 13 with IP 172.16.12.12

Do you have the default gateway of the server set to 172.16.12.1?

yes DG is set on server

Is the switch able to ping it's gateway?

NO it doesn't exist

I the server able to ping VLAN 10?

yes server can ping its own subnet if I add more device or server can ping its GW 172.16.12.1

but server can't ping router/firewall 172.16.10.1

MrHarrySingh · Answer

yes from switch console i can ping 172.16.10.1

also from console I can ping servers gateway 172.16.12.1

and from console I can also ping my server IP 172.16.12.12

but nothing going though vice versa.

from server I can only ping its own gateway 172.16.12.1

but from server I can't ping switch IP or switch Gateway at all.

MrHarrySingh · Answer

console#show ip interface

Management Interface:

IP Address..................................... 172.16.10.2

Subnet Mask.................................... 255.255.255.0

Default Gateway................................ 172.16.10.1

Burned In MAC Address.......................... D067.E57F.26DA

Network Configuration Protocol Current......... None

Management VLAN ID............................. 1

Routing Interfaces:

Netdir Multi

Interface State IP Address IP Mask Bcast CastFwd

---------- ----- --------------- --------------- -------- --------

vlan 10 Up 172.16.12.1 255.255.255.0 Disable Disable

console#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static

B - BGP Derived, IA - OSPF Inter Area

E1 - OSPF External Type 1, E2 - OSPF External Type 2

N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

C 172.16.12.0/24 [0/1] directly connected, vlan 10

console#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"

!System Software Version 3.3.1.10

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 10

vlan routing 10 1

exit

stack

member 1 1

member 2 1

exit

ip address 172.16.10.2 255.255.255.0

ip default-gateway 172.16.10.1

ip routing

interface vlan 10

name "servers"

routing

ip address 172.16.12.1 255.255.255.0

exit

username "admin" password 9fbc58e06393d95c69fd394b05bebe4e level 15 encrypted

!

interface ethernet 1/g1

switchport mode general

switchport general allowed vlan add 10 tagged

exit

!

interface ethernet 1/g13

switchport access vlan 10

exit

!

interface ethernet 1/g14

switchport access vlan 10

exit

!

interface ethernet 1/g15

switchport access vlan 10

exit

please see as requested thanks.

MrHarrySingh · Answer

Hi Daniel

firmware updated to latest avilable, rebooted ,. but still I can't ping out from servers vlan .

console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.4.1, VxWorks 6.5"
!System Software Version 3.3.4.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10
vlan routing 10 1
exit
stack
member 1 1
member 2 1
exit
ip address 172.16.10.2 255.255.255.0
ip default-gateway 172.16.10.1
ip routing
interface vlan 10
name "servers"
routing
ip address 172.16.12.1 255.255.255.0

exit
username "admin" password xxxxxxxxx level 15 encrypted
!
interface ethernet 1/g1
switchport mode general
switchport general allowed vlan add 10 tagged
exit
!
interface ethernet 1/g13
switchport access vlan 10
exit
!
interface ethernet 1/g14
switchport access vlan 10
exit
!
interface ethernet 1/g15
switchport access vlan 10
exit
exit

am really stuck here,

MrHarrySingh · Answer

Hello Daniel

i have created another VLAN11 , 172.16.13.1 desktops

connected a laptop on there with IP 172.16.13.115

server connected to VLAN10 with IP 172.16.12.12

and both can ping each others fine.

but both can't ping switch IP or watchguard IP 172.16.10.1

switch can ping to both ok.

is there any kind of default route I need to put on to move out traffic from VLANs out to watchguard.

or switch IP needs to go on to diffrent VLAN then default VLAN1.

please advise thanks

MrHarrySingh · Answer

HI Daniel if I try to add static route as any of above it gives me following msg 'The specified static route next hop router address can't be in the same subnet as the service/network port'

Networking General

Was this post helpful?