[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 946
  • Last Modified:

VLAN Primer

I'm facing a somewhat complicated network scenario and need some advice on how best to proceed.  I have clients that are sharing an ethernet switch.  Currently, there are about 15 computer organized into 3 separate peer-to-peer networks occupying the same 192.168.0.0 subnet with DHCP served by a shared DSL router.  All users share Internet and a printer/scanner on a specific IP address.  Very simple.

I am preparing to install two new MS Small Business Servers to support two fully separate domains as well as the existing peer-to-peer network.  The two domain controllers will be hosted on a shared VMWare ESXi box with two physical NICS.  While testing the viability of this plan on my office's physical network,  I discovered that despite having set the managment IP address of the ESXi box to a different IP subnet than what is used for my office network, the DHCP service fails to start on the new virtual server.  This is what I'd like to do:

Shared Physical Ethernet
New VM Network1:  Domain controller on 192.168.75.1
New VM Network2:  Domain controller on 192.168.85.1  
Existing Network: No Domain controller.  192.168.0.x
Share Internet resources and IP Printer/Scanner on the 192.168.0.x subnet between all subnets.

In other words, I'd like to isolate each network to avoid networking conflicts and to improve security, but also need each network to have access to shared resources.

VMWare ESX supports VLAN which I assume is the best way to share a physical infrastructure between multiple, isolated networks.  Will I need a Layer-3 switch as well?  How would one best proceed to setup such an environment? I have no experience with VLAN.  What would be the most cost effective and simple way to get this job done?

Thanks,

Jonathan

0
Qualitycomputer
Asked:
Qualitycomputer
2 Solutions
 
Paul SolovyovskyCommented:
You may want to look at VLANs with a Layer 3 switch or at least a router and a switch that supports VLANs.

You can setup each subnet as a separate entity and shared resources as a separate subnet.  Enable routing from each subnet strictly to itself and the resource subnet.  Map shared resources via IP address and you should be ok (such as printers).  Here's a few links that can act as a primer on how to setup VLANs.  You can configure ESX host statically (having a separate vswitch for each subnet or enable trunking and use the same set of nics.


http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004048
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001938
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004074
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003806
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004127
0
 
eeRootCommented:
You'd need to create a VLAN for each network, assign each switchport to its proper VLAN, trunk the port that the ESX server connects to so it can see all the VLAN's, create multiple DHCP scopes, then set up ACL's and/or routes to allow for internet access.  It's a good amount of work.

Start with the switch that your clients connect to.  Seting up VLAN's can be a little different, depending on what gear you have.  Get the make/model so you can start researching VLAN's
0
 
QualitycomputerAuthor Commented:
Gulp! I'm a bit out of my league now.  Rather than the VLAN route (no pun intended), I may be able to segment the network physically (using separate physical switches) and then plug each switch into a separate LAN port of a SonicWall firewall.  I believe that I can then allow each subnet to see the shared resources through the use of ARP entries.

Thanks,

Jonathan
0
 
nappy_dCommented:
to add to the above comments:

You will need at a minimum, a switch such as this one to make this happen http://netgear.com/Products/Switches/SmartSwitches/GS716T.aspx?detail=Specifications

I would also recommend that you add a four port NIC to your ESXi box for redundancy and port based vlans for your network.  if you don't want to add more NICs, you you also referecne this artice on VGT for VLAN configs www.vmware.com/pdf/esx3_vlan_wp.pdf
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now