Creating a seperate network in VMWare that can reach the internet
Hello Experts,
I asked a very similar question the other day, but I have a bit more detail now. I have been asked to create a test network in our VSphere environment that will be isolated from our production network yet still be able to reach the Internet. Here is a brief summary of our environment:
1. Our VM host is running VCenter 5.1
2. The host has two physical NICs (named vmnic0 and vmnic1)
3. Vmnic1 connects to our Cisco 6509 on port te3/1. Port te3/1 is configured as a trunk port.
4. Our Cisco 6509 connects to our core switch (a Cisco 4506) on port te2/1. Port te2/1 is configured as a trunk port.
5. Our core switch connects to our firewall
6. Our firewall lets traffic out to the internet
Note: We are not using dynamic trunking protocol
To get this to work, I think I need to do the following steps:
1. In VCenter (create the vlan on the virtual switch):
a. Click on our host
b. Click on the configuration tab
c. Click on the properties of the virtual switch
d. On the ports tab, click on the add button
e. On the connection type screen, click on the “virtual machine” type
f. For the network label, input: “Test Network”
g. For the VLAN ID, input: 237
h. Verify information and click on the finish button
2. On the Cisco 6509 (create the vlan, assign it a subnet, and allow the new vlan access to the trunk port):
a. 6509> config t
b. 6509# vlan 237
c. 6509# interface vlan 237
d. 6509(config-if)# ip address 10.110.237.1 255.255.255.0
e. 6509(config-if)#end
f. 6509# interface te3.1
g. 6509(config-if)# switchport trunk allowed vlan add 237
h. 6509(config-if)# end
i. 6509# wr
3. On the Cisco 4506 (create the vlan, assign it a subnet, and allow the new vlan access to the trunk port):
a. 4506> config t
b. 4506# vlan 237
c. 4506# interface vlan 237
d. 4506(config-if)# ip address 10.110.237.1 255.255.255.0
e. 4506(config-if)#end
f. 4506# interface te2.1
g. 4506(config-if)# switchport trunk allowed vlan add 237
h. 4506(config-if)# end
i. 4506# wr
4. Create the appropriate rules in the firewall.
My Cisco skills and my VMWare skills are obviously at the rookie-noob level, but I volunteered to try and do this for the learning experience. My hope is that you VMWare and Cisco experts will take a look at the information above and let me know what I’ve missed (at least on the switch end).
Thanks in advance,
Nick
I asked a very similar question the other day, but I have a bit more detail now. I have been asked to create a test network in our VSphere environment that will be isolated from our production network yet still be able to reach the Internet. Here is a brief summary of our environment:
1. Our VM host is running VCenter 5.1
2. The host has two physical NICs (named vmnic0 and vmnic1)
3. Vmnic1 connects to our Cisco 6509 on port te3/1. Port te3/1 is configured as a trunk port.
4. Our Cisco 6509 connects to our core switch (a Cisco 4506) on port te2/1. Port te2/1 is configured as a trunk port.
5. Our core switch connects to our firewall
6. Our firewall lets traffic out to the internet
Note: We are not using dynamic trunking protocol
To get this to work, I think I need to do the following steps:
1. In VCenter (create the vlan on the virtual switch):
a. Click on our host
b. Click on the configuration tab
c. Click on the properties of the virtual switch
d. On the ports tab, click on the add button
e. On the connection type screen, click on the “virtual machine” type
f. For the network label, input: “Test Network”
g. For the VLAN ID, input: 237
h. Verify information and click on the finish button
2. On the Cisco 6509 (create the vlan, assign it a subnet, and allow the new vlan access to the trunk port):
a. 6509> config t
b. 6509# vlan 237
c. 6509# interface vlan 237
d. 6509(config-if)# ip address 10.110.237.1 255.255.255.0
e. 6509(config-if)#end
f. 6509# interface te3.1
g. 6509(config-if)# switchport trunk allowed vlan add 237
h. 6509(config-if)# end
i. 6509# wr
3. On the Cisco 4506 (create the vlan, assign it a subnet, and allow the new vlan access to the trunk port):
a. 4506> config t
b. 4506# vlan 237
c. 4506# interface vlan 237
d. 4506(config-if)# ip address 10.110.237.1 255.255.255.0
e. 4506(config-if)#end
f. 4506# interface te2.1
g. 4506(config-if)# switchport trunk allowed vlan add 237
h. 4506(config-if)# end
i. 4506# wr
4. Create the appropriate rules in the firewall.
My Cisco skills and my VMWare skills are obviously at the rookie-noob level, but I volunteered to try and do this for the learning experience. My hope is that you VMWare and Cisco experts will take a look at the information above and let me know what I’ve missed (at least on the switch end).
Thanks in advance,
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thought in steps d above, I was just defining which ip subnet vlan 237 was going to use. Am I incorrect on that?
]