elsteef
asked on
Switching from subnets to VLAN's
Hello all,
Here’s my situation:
I have two networks. They are currently setup as two separate subnets behind a sonicwall.
X0- Subnet A (192.168.1.x)
X3- Subnet B (10.0.60.x)
The sonciwall routes traffic between Subnet A and B.
Here’s my problem:
I have a new Scale Cluster. This cluster will host virtual servers from both IP ranges, but is physically plugged into 192.168.1.x subnet. If I spin up a server and put it on the 10.0.60.x range it cannot communicate to the either subnet or the internet.
Here’s what I think I know:
My proposed solution is to configure two VLAN’s on the Sonicwall LAN port. The VLAN routing will be done by the Procurve.
This is my first VLAN setup so feel free to shoot holes in my plan (after all, that’s what I’m here for).
I will be using HP Trunk Ports with tagging.
VLAN 10- 192.168.1.x. Subnet A (and Scale Cluster)
VLAN 20- 192.168.120.x. VOIP phone traffic. This is currently run on subnet A along with my data.
VLAN 60- 10.0.60.x. Subnet B and some hosts from Scale Cluster.
Both VLAN’s will communicate with each other and the internet.
I don’t know how to configure these yet, but will work on that once I’m pretty confident I’m on the right track. I have zero experience with HP CLI so it will done using the web interface.
Hardware:
1. I am using an HP 2920-24 for my primary Switch. This is where I will configure Trunk Ports and VLAN tagging.
2. Subnet A has a couple different switches. Netgear GS724TP and TPlink SG1024D.
3. Subnet B is using a Netgear Prosafe JGS524E
I’m cannot seem to find anything conclusive about whether or not the Netgear and TPlink switches can pass VLAN tags. I think at this point I will just have to try and see if it works.
I am working on a production system and am very reluctant to make changes until I am fairly confident I know what I’m doing.
I do have a spare TZ150 that can be used to test my VLAN’s/VPN setup. I have also considered picking up an EOL Procurve ($100 on eBay) and setting up a test network. Did I mention how much I hate testing on a production network?
I appreciate any input,
Steve
Here’s my situation:
I have two networks. They are currently setup as two separate subnets behind a sonicwall.
X0- Subnet A (192.168.1.x)
X3- Subnet B (10.0.60.x)
The sonciwall routes traffic between Subnet A and B.
Here’s my problem:
I have a new Scale Cluster. This cluster will host virtual servers from both IP ranges, but is physically plugged into 192.168.1.x subnet. If I spin up a server and put it on the 10.0.60.x range it cannot communicate to the either subnet or the internet.
Here’s what I think I know:
My proposed solution is to configure two VLAN’s on the Sonicwall LAN port. The VLAN routing will be done by the Procurve.
This is my first VLAN setup so feel free to shoot holes in my plan (after all, that’s what I’m here for).
I will be using HP Trunk Ports with tagging.
VLAN 10- 192.168.1.x. Subnet A (and Scale Cluster)
VLAN 20- 192.168.120.x. VOIP phone traffic. This is currently run on subnet A along with my data.
VLAN 60- 10.0.60.x. Subnet B and some hosts from Scale Cluster.
Both VLAN’s will communicate with each other and the internet.
I don’t know how to configure these yet, but will work on that once I’m pretty confident I’m on the right track. I have zero experience with HP CLI so it will done using the web interface.
Hardware:
1. I am using an HP 2920-24 for my primary Switch. This is where I will configure Trunk Ports and VLAN tagging.
2. Subnet A has a couple different switches. Netgear GS724TP and TPlink SG1024D.
3. Subnet B is using a Netgear Prosafe JGS524E
I’m cannot seem to find anything conclusive about whether or not the Netgear and TPlink switches can pass VLAN tags. I think at this point I will just have to try and see if it works.
I am working on a production system and am very reluctant to make changes until I am fairly confident I know what I’m doing.
I do have a spare TZ150 that can be used to test my VLAN’s/VPN setup. I have also considered picking up an EOL Procurve ($100 on eBay) and setting up a test network. Did I mention how much I hate testing on a production network?
I appreciate any input,
Steve
ASKER
Hi Fred,
Thanks for the response. Unfortunately, the Scale Servers do not support the multiple NIC configuration of some other vendors (VMWare).
My only options at this point are to combine both networks into one large network or split it off into VLAN's.
The Scale Cluster does support VLAN tagging. That's what is leading down this road.
I might be misreading your response, but isn't it a requirement that VLANS run on different IP ranges than each other? There must be a way to set them up to communicate with each other.
Steve
Thanks for the response. Unfortunately, the Scale Servers do not support the multiple NIC configuration of some other vendors (VMWare).
My only options at this point are to combine both networks into one large network or split it off into VLAN's.
The Scale Cluster does support VLAN tagging. That's what is leading down this road.
I might be misreading your response, but isn't it a requirement that VLANS run on different IP ranges than each other? There must be a way to set them up to communicate with each other.
Steve
Heh. It depends on the jargon being used.
Because I'm not much of an expert on various popular devices, I try to maintain a language that works for all. It's easier to stay on track that way I believe.
So: for what it's worth, I observe the following:
A LAN starts by being an arrangement of wires and Level2 switches. Neither the wires nor the Level2 switches know anything much about subnets. In fact, one can run multiple subnets on the same wires and switches. So, for example, you could have 2 subnets running on the same cable and through the same switches like this:
Computer 1 ----------- --------------- Computer 3
Switch 1 ----------------Switch 2
Computer 2 ----------- --------------- Computer 4
We can put Computers 1 and 3 on one subnet and Computers 2 and 4 on another subnet.
Switch 1, Switch2 and their interconnecting cable form the LAN.
I'm not suggesting that one would do this but it does work. Thus, I differentiate between a LAN and a subnet or set of subnets. More often people interchange those terms or use them to mean the same thing.
Then I ask: What is a VLAN? Well, just what it says: a Virtual LAN. So, once more, it can handle multiple subnets.
If there's a requirement for VLANs to use different subnets or not share amongst subnets then that must be a detail of implementation. I don't see that tagging changes anything about this.
But, I must admit that this isn't common in practice. I just like to use words that make sense for me so as to not confuse people.
I think you mean: isn't it a requirement for *different* VLANs to use different subnets .. as opposed to different subnets using the same VLAN.
I guess it would raise the question: why have different VLANS if only one subnet were to be used? That wouldn't seem to make a lot of sense. So, yes it goes with the objectives of ones architecture.
The general approach in connecting LANs is via a router. This capability can be integrated into a VLAN-capable switch or router. It makes no difference all the switches and routers that are in the network or trunks for that matter. What matters is that the LANs (VLANs) are routed together if needed. All the tagging does is keep the traffic separated where it needs to be separated - completely in line with having a VLAN. But the routing for interconnection is another matter.
The simplest physical form to envision is a router that's used to bridge two subnets.
One port is on one subnet. The other port is on the other subnet. Each port has an IP address on their respective subnets. The router knows to route packets from one to the other by default and drops all others. No NAT involved. So, imagine one of these rather simple devices buried as a *function* inside a VLAN-capable switch or router..... It has to be there to make the connection.
Because I'm not much of an expert on various popular devices, I try to maintain a language that works for all. It's easier to stay on track that way I believe.
So: for what it's worth, I observe the following:
A LAN starts by being an arrangement of wires and Level2 switches. Neither the wires nor the Level2 switches know anything much about subnets. In fact, one can run multiple subnets on the same wires and switches. So, for example, you could have 2 subnets running on the same cable and through the same switches like this:
Computer 1 ----------- --------------- Computer 3
Switch 1 ----------------Switch 2
Computer 2 ----------- --------------- Computer 4
We can put Computers 1 and 3 on one subnet and Computers 2 and 4 on another subnet.
Switch 1, Switch2 and their interconnecting cable form the LAN.
I'm not suggesting that one would do this but it does work. Thus, I differentiate between a LAN and a subnet or set of subnets. More often people interchange those terms or use them to mean the same thing.
Then I ask: What is a VLAN? Well, just what it says: a Virtual LAN. So, once more, it can handle multiple subnets.
If there's a requirement for VLANs to use different subnets or not share amongst subnets then that must be a detail of implementation. I don't see that tagging changes anything about this.
But, I must admit that this isn't common in practice. I just like to use words that make sense for me so as to not confuse people.
I think you mean: isn't it a requirement for *different* VLANs to use different subnets .. as opposed to different subnets using the same VLAN.
I guess it would raise the question: why have different VLANS if only one subnet were to be used? That wouldn't seem to make a lot of sense. So, yes it goes with the objectives of ones architecture.
The general approach in connecting LANs is via a router. This capability can be integrated into a VLAN-capable switch or router. It makes no difference all the switches and routers that are in the network or trunks for that matter. What matters is that the LANs (VLANs) are routed together if needed. All the tagging does is keep the traffic separated where it needs to be separated - completely in line with having a VLAN. But the routing for interconnection is another matter.
The simplest physical form to envision is a router that's used to bridge two subnets.
One port is on one subnet. The other port is on the other subnet. Each port has an IP address on their respective subnets. The router knows to route packets from one to the other by default and drops all others. No NAT involved. So, imagine one of these rather simple devices buried as a *function* inside a VLAN-capable switch or router..... It has to be there to make the connection.
ASKER
I feel like we are getting a little too caught up in the semantics of it all. I agree, there is a lot of "jargon" when it comes to VLAN's. That jargon differs depending on the vendor.
It's mind boggling to try and learn about VLANs through google. There are just too many terms that apply to Cisco in one way and HP in another. Throw in a dash of disinformation and it's a recipe for a migraine!
Bottom line: I need to put two subnets (192.168.1.x and 10.0.60.x) on the same wire. I need to use VLAN Tagging to separate the traffic and am looking for a good way to do it within the constraints of my original post.
If my lack of knowledge of the topic has lead to more questions than answers then, by all means ask me whatever clarifying questions you need to. I'm here to learn as well as come up with a solution to my problems.
On a related note, I did order an HP Procurve 2910 so I can build a test environment and won't be working on my production network. It should arrive today or tomorrow.
Steve
It's mind boggling to try and learn about VLANs through google. There are just too many terms that apply to Cisco in one way and HP in another. Throw in a dash of disinformation and it's a recipe for a migraine!
Bottom line: I need to put two subnets (192.168.1.x and 10.0.60.x) on the same wire. I need to use VLAN Tagging to separate the traffic and am looking for a good way to do it within the constraints of my original post.
If my lack of knowledge of the topic has lead to more questions than answers then, by all means ask me whatever clarifying questions you need to. I'm here to learn as well as come up with a solution to my problems.
On a related note, I did order an HP Procurve 2910 so I can build a test environment and won't be working on my production network. It should arrive today or tomorrow.
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ones you describe don't meet that requirement.
All that a VLAN does is to combine features of hardware in one box really and to provide trunking mechanisms for the wires. Sometimes I think the notion is overused. But, of course, it's useful.
You want to have a server that's on two subnets. I would consider a 2nd NIC that's wired to the appropriate subnet. Then you can either add VLANs or not, depending on other needs.