Solved

Setting up vlan on Soncwall Pro 3060 and HP Procurve 1800 24g

Posted on 2009-04-06
11
2,150 Views
Last Modified: 2012-09-20
Hi,

I am a complete beginner to networking and was wondering if there was anybody out there that could help setup a vlan using Sonicwall Pro 3060 connected to a HP ProCurve 1800 24g managed switch.

The secnario is this. I have a DELL 2900 III server with an Intel pro 1000 pt Quad Port adapter and on this server I have installed ESX Server 3.5. On the esx server I have Installed a SBS 2008 virtual machine which I want to be on a different subnet.

The two on board nics of the server are connected to ports 1 and 2 of the HP ProCurve switch respectively.
Port 3 of the switch is connected to the port 1 of the quad port adapter.
Port 24 of the switch is connected to the x3 port of the sonicwall

The x3 interface is on a subnet 10.0.0.254, the Esx Server Service Console is on 10.0.0.1 and the switch's ip address is 10.0.0.253

I have created a subinterface on x3 with a subnet of 10.0.1.254, and have assigned the sbs 2008 virtual machine with an ip address of 10.0.1.10, I have assigned a vlan id of 5 to this sub interface.

On the Esx Server I have created a seperate vswitch for the SBS 2008 vm and have given it a vlan id 5

On the switch I have created  vlan with an id of 5 and assigned ports 3 and 24 to this vlan. and on the port configuration I have set port 3 to be tagged to vlan 5

On the sonicwall diagnostics I try to ping 10.0.1.10 but I get no response.

Armed with all this information is there anybofy outhere that can help me successfully set this scenario up so the my vm can access the internet and is seggragated from the other sub nets.

I would be most grateful for some assitance.

Thank you very much in advance

Kind Regards

Hiren
0
Comment
Question by:HirenKPatel
  • 7
  • 4
11 Comments
 
LVL 42

Expert Comment

by:paulsolov
ID: 24082217
You may check but I'm not sure that the Sonicwall supports VLAN routing.  It may support trunking but you need a router and most of the Sonicwalls I've seen in my day have been firewall appliances.  Usually you would have a Layer 3 switch that would be setup to do the vlan routing and the firewall be configured as the gateway of last resort.

If you don't need to route between the VLANs than you can assign the port statically on the sonicwall and also assign a static vlan on the 1800 switch so that you don't need to trunk the ports, this way it's like having several layer 2 switches.  If the sonicwall supports multiple subnets than it should be able to route via the firewall for internet.

If you provide us with a little more info on the type of routing you need between the subnets we can give you better information.

0
 

Author Comment

by:HirenKPatel
ID: 24082420
Hi Paul,

I have a number of clients who I manage sbs servers for and at present thay are on physical machines.

I want to move these clients onto a single machine serving as a hypervisor. Therfore I have purchased a new server and setup esx on it and now I want to setup a vlan for each client. On this server I want to assign a physical port on the network adapter to a single client and therefore run four sbs 2008 servers on this single machine. Therefore I want each SBS server on a different subnet as they need to act as dhcp servers and would conflict if on same subnet. I want each server to access the internet through the parent interface which is currently assigned to x3 from their respective subinterfaces which are x3:v05, x3:v10, x3:v15 and x3:v20.

I am hoping this is the kind of information you need as networking and particularly setting up vlans is new and alien to me.

I am a developer by trade but the system admin guy didn't do a good jod and was given the boot and considering the current financial climate could not afford someone to take his place. we are a small company with aroung 5 employees and dont have a massive budget, and my boss thinking I would have the most technical experiance has asked me if I would look after the network and sys admin until we can afford someone in the field.

Thanks for your understanding

Kind regards

Hiren Patel


0
 
LVL 42

Expert Comment

by:paulsolov
ID: 24082608
How many open ports do you have on the Sonicwall?

If you have 4 ports on the Sonicwall I can show you how to do this fairly easily (assuming that the sonicwall supports multiple subnets).  If not you may need to obtain a router that can do router on a stick (support vlan routing) or a layer 3 switch (I don't believe the 1800 is a L3)

You may also want to check your sonicwall documentation to see if it can do vlan routing but in my experience most firewalls do not since they're designed as security appliances not routers.
0
 

Author Comment

by:HirenKPatel
ID: 24082762
Hi Paul,

I have 6 ports on the sonicwall pro 3060 with the enhanced 4.0 os I have checked on the web and the sonciwall is a router as it can act as a dhcp server.

interface x0 is assigned to default lan and x1 is assigned to default wan and x2 is assigned to dmz and i have assigned x3 as a seperate lan for the esx server.

x0 is on subnet 192.168.168.xxx and is currently running our all our physical servers and the x3 interface is assigned to the esx server only.

In the documentation for the sonicwall it says that is can support upto 50 vlans through the use of sub interfaces of the physical interfaces and assigning it and interger value between 1 and 4096.

Kind regards

Hiren
0
 
LVL 42

Expert Comment

by:paulsolov
ID: 24082862
Ok.  Let's start with one subnet.

On the sonicwall create an interface with a subinterface (vlan) ip address that corresponds to one of your subnets.  This will be the default gateway for the subnet.  Configure that port to trunk switch using 802.1q.  

Now configure a vswitch that you will use for virtual machine networks on the ESX Server.  Configure the Virtual Machine Port Groups, assigning each port group the VLAN that it belongs to.  Connect the physical ports on the ESX Servers that beloing to the vswitch.  Configure the ports on the switch side to trunk.

Create a virtual machine and place in the vm machine port group (let's say for vlan 5) and if your trunking is working you should be able to ping the ip address on the subinterface on the firewall.  If you can than you're set and you can do this for the subnets.  I would also configure the trunk ports as LACP (link aggregation)

You may need to assign an ip address to each vlan on the switch depending on the specifics of your switch.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:HirenKPatel
ID: 24082976
Hi Paul,

1) I have created an interface X3 with a gateway ip address of 10.0.0.254.
2) I have created a sub interface on X3 with a vlan id of 5 (X3:V5) with a gateway ip address of 10.0.1.254 (See Image Interface Settings on Somnicwall Pro 3060)

Sorry to be a bit dumb, but what do you mean when you say "Configure that port to trunk switch using 802.1q" Could you please provide me the steps

3) I have configured the vswitch on the esx server with a vlan id of 5 ( See image esx network configuration )

Sorry again but how do you Configure the ports on the switch side to trunk. and also how do you configure the trunk ports as LACP (link aggregation) on the hp procurve 1800 24g again I would be most grateful if you can provide me the exact steps.

Kind Regards

Hiren

Interface.jpg
EsxNetworkConfig.JPG
0
 
LVL 42

Accepted Solution

by:
paulsolov earned 500 total points
ID: 24090025
We will need to setup a single vswitch for all your customers and create virtual machine groups within the vswitch.  Each group will have a vlan assigned to it and that's how we'll segregate the subnets. To do this you'll need to configure trunking on the switch.  

Some links that may help

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004048
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001938
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004074
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003806
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004127

The configuration is somewhat complex and I don't have experience with some of your hardware but this should at least get you started
0
 

Author Comment

by:HirenKPatel
ID: 24094766
Thanks paul I will read the information on the links and see if I can get anywhere

Kind Regards

Hiren
0
 

Author Comment

by:HirenKPatel
ID: 24137293
Hi Paul,

Sorry its been a while but I have been trying to get this to work but to no avail. I am just lacking the specfic knowledge of the hardware and I think that is what is stopping me from completing the task.

My major issue is with the switch.

As I stated earlier I created a Vlan with the id of 5 and made port 3 and 24 a memder of it. I need to know what configuration I need to do with these ports do I configure port 3 to be tagged or untagged and with port 24 which is the port that is connected to the router what config do I use for it tagged or untagged.

Also because port 24 is the one that is going to the router, if it going to be tagged do I assign it to vlan 5 or none.

Kind Regards

Hiren
0
 

Author Comment

by:HirenKPatel
ID: 24143486
Hi Paul,

I finally got it to work, I added port 3 and 24 to vlan 5 and set port 3 to tagged mode but pvid was set to none and it did the trick.

I would like to say a very big thankyou for all your help and putting me in the right direction.

Kind Regards

Hiren Patel
0
 

Author Comment

by:HirenKPatel
ID: 24143498
The problem is solved
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

When we have a dead host and we lose all connections to the ESXi, and we need to find a way to move all VMs from that dead ESXi host.
HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now