Solved

Test VLAN

Posted on 2009-07-16
21
481 Views
Last Modified: 2012-05-07
Hello, I'm setting up a lab vlan in house to test another AD Domain and Exchange environment. I have two Cisco 2650 switches and two 2600 routers to create another VLAN not to interrupt my normal production environment.  My normal environment has a DSL line feeding into a Sonic Wall TZ190 where my Prod and Com servers reside.

My normal IP Range is 192.168.0.X.  With that being said, I want to create another subnet to conduct my testing.  What is the most efficient/logical way to pull this off.

As always, thanks in advance!
0
Comment
Question by:dxxone
  • 9
  • 6
  • 6
21 Comments
 
LVL 7

Accepted Solution

by:
clonga13 earned 400 total points
ID: 24870356
Easiest way is to create a VLAN on one of the switches with the new subnet. If you want it completely isolated then u don't need to do anything else. Otherwise, configure one of your routers to trunk between the exisiting VLAN and the current network. The router will pass traffic between the two subnets.

Let me know if you need any more info.
0
 
LVL 23

Assisted Solution

by:that1guy15
that1guy15 earned 100 total points
ID: 24870482
Will you be connecting this test network to the internet via the sonicwall? Are you going to want any type of communication between your prod network and the test network?

If you want them completly isolated from each other but both still have a connection to the internet, then my suggestion would be to connect one of the 2960 switches to an isolated sonicwall port. Any additional switches needed you can connect a trunk port to the 2960 (Core switch).Create a new subnet range for your test enviroment and you will be good. The sonicwall will provide routing/firewall functionality to the internet and will also be available for inter-vlan routing if you want multiple vlans in your test network.

0
 

Author Comment

by:dxxone
ID: 24870523
This test VLAN doesn't have to communicate with the normal prod.  But will need internet access to test OWA or Outlook Anywhere from a European Office.
0
 

Author Comment

by:dxxone
ID: 24870607
I've goofed. My switches are 2950's. Sorry.
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24870637
The hardware you listed, is it currently running in your prod enviroment?

If it is then all you need to do is configure the new vlan(s) on your switches and trunk them to your sonicwall. On the sonicwall you can then create rules to deny communication between the prod and test network.

IF you want specifics let us know along with your exact network layout.
0
 

Author Comment

by:dxxone
ID: 24870753
No the 2950 switches and 2600 routers were purchased for the sole purpose of setting up a lab environment for testing of solutions and also to accelerate my routing and switching skills which are currently at a 1 on scale of 10 and I was just generous.

So my normal configuration is 1)DSL (Qwest) feeding into my Sonic Wall TZ 190.  2) I have two Cisco 2960's (POE) brokering my various drops throughout my office using my 192.168.0.X subnet.

I need to add another subnet, perhaps 192.168.1.X?

What should I plug into what? And perhaps a linkie on how to configure that portion would be appreciated.

Salud!
0
 
LVL 7

Expert Comment

by:clonga13
ID: 24870958
If you want the two subnets to talk to each other and be able to get to the Internet, here's how it goes. Plug one of the 2600 routers into the production switch with one ethernet port and another port into the test switch. the new switch will have a new subnet 192.168.2.0 or whatever you want. The router will pass traffic between the two subnets. You don't even need VLANs unless you want to play with them to get practice.
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24871195
" I have two Cisco 2960's (POE) brokering my various drops throughout my office using my 192.168.0.X subnet."

Im assuming you want to still use these various drops through out for your test network.... So my suggestion is. Create the seperate VLAN on each of your 2960's for your test enviromnet. you will then assign ports on those switches for your test vlan. This will isolate the traffic between the two networks.

example config:

enable
config t
vlan 100 <----- creates vlan 100 named test network
description test network

interface range f0/15 - 24
switchport mode access    <----these commands assign the switchports 15 - 24 to vlan 100
switchport access vlan 100

Your 2960 will need a trunk port to the sonicwall so both network vlans can pass traffic to the internet. You might already have a trunk link from your 2960 to the sonicwall but if you didnt configure it specifically then you dont.

example config:

enable
config t
int f0/1   <----whichever interface connects to the sonicwall
switchport mode trunk <--enables trunking

you will also either need to configure trunking on the sonicwall or setup subinterfaces on the conected port (sorry sonicwalls are a little out of my range). you will also need to deny access between the two vlans on the sonicwall

Does each switch connect to the sonicwall or do they connect to each other with a single connection to the sonicwall? If they connect to each other then you will need to configure trunks between the switches.

You really do not need to incorporate the 2600s into your network since the sonicwall should provide all the funcionality you want.

Here is a good doc to start with.
http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Ftech%2Ftk389%2Ftk689%2Ftechnologies_configuration_example09186a008009478e.shtml&ei=LFtfSvz9I4fYNoS7ta4C&usg=AFQjCNFm2C7wPjxP930pyNS6w2CaIAqOew&sig2=at_gpBMbqZ9-_6WD1lAhQQ
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24871200
Oh... the 192.168.1.0 subnet will work
0
 

Author Comment

by:dxxone
ID: 24871678
Clonga13, I took your advise and plugged the 2600 into one of my production switches (2960) and then plugged my 2950 into the 2600. When I connected a laptop to the port 2 on the 2950, I returned the following IP settings on the laptop:

ip: 169.254.9.70
subnet mask: 255.255.0.0
default gw: none

that1guy15, I will need to know the information that you sent me and I accept that graciously that is VERY usefull info.  Also all my lab Servers and PC's will be around my rack and I will plug in directly to the switch ..I will leave the drops alone...
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 7

Expert Comment

by:clonga13
ID: 24871806
Is there a DHCP server on the new network or will you be using the DHCP server in your production network? If your going to use the production DHCP server then you need to add an ip helper address to the ethernet connection on your test network.

Router(conf-if)#ip helper-address 192.168.0.X

This will send all DHCP broadcasts to the DHCP server.
0
 

Author Comment

by:dxxone
ID: 24871878
Clonga, will it harm my prod DC if I use the prod DHCP to reference?

Also, where did the 169.254.9.70 come from when I plugged the 2600 into my prod switch?
I thought it was supposed to be 192.168.1.X?

Please advise
0
 
LVL 7

Expert Comment

by:clonga13
ID: 24871952
It won't harm your Prod DC. You just need to create a new scope with the correct subnet info. Or you can always just use static IP addresses if you don't want to mess with anything in production. The 169.X.X.X is Microsoft's default IP address when it can't find a DHCP address.
0
 

Author Comment

by:dxxone
ID: 24872097
How do I point my 2600 or 2950 to the prod DHCP server?
0
 
LVL 7

Expert Comment

by:clonga13
ID: 24872128
With the ip helper-address command on the router interface connected to your test network. When a PC wants to use DHCP it sends a broadcast out looking for a server. The router by default blocks all broadcasts from going across it. But by using the IP helper-address command, it only forwards the broadcast to the specified server. The DHCP server will see the router IP address and know what scope to assign the address from.
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24872337
Clonga13  has you on the right track if you are not using any of your prod gear besides the sonicwall.

Just connect your switches to the sonicwall, create rules to deny access between the two networks but allow internet. The sonicwall can also provide DHCP i beleive. You should then be good to go.

If you do want to dig into routing and switching a little. follow my above post on setting up multiple vlans within your test enviroment and place your 2600 inbetween the sonicwall and your switches.  the 2600 also supports DHCP
0
 

Author Comment

by:dxxone
ID: 24874665
Well I'm close to a solution.  The next problem is that I plug my 2600 into my prod switch, but lack a port to go from my 2600 to the 2950.  Is there a card I have to insert into the 2600?
0
 
LVL 7

Expert Comment

by:clonga13
ID: 24874731
You can purchase a WIC-1ENET that gives you an extra ethernet port. Or you can build a VLAN on your production switch for your test environment. Then connect the test switch to your production switch on the new VLAN and the router would be on a trunk port. It would use up two ports on your production switch and require changes to your production environment.
0
 

Author Closing Comment

by:dxxone
ID: 31604284
You guys are great!
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24874758
So your 2600 has only one fastEthernet port correct?

Yeah you will need to purchase a exspantion card. you are looking for a NM-1FE-TX card. Make sure you have an available slote on your 2600 though. You can find them pretty easily used on ebay and other places

0
 

Author Comment

by:dxxone
ID: 24874776
Thanks guys...
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now