Solved: Normal practice for management -how access many vlans from one s - Page 2

ADAman · ‎07-31-2012

I am fairly new to networking (I am a storage guy) and I am struggeling a bit on some important concepts.

Basically, how do you setup a network in order for a server to be able to access many different management interfaces? I am asking, because the PC the server admin is using, is normally connected to a switch access port, right? And this port tags and untags frames only to one VLAN ID at the time.

They obviously want to be able to connect to many different management interfaces from their PC. Do you connect the management devices to a common native VLAN (eg. VLAN 10) that also the server admin is connected to? Or do we connect the serveradmin PC to a trunk port?? (Sorry for my low knowledge in switching, but I am working very hard to overcome this limitation).

Basically, how do you setup this so a server admin can access many different VLANS from his PC?

darren.g · ‎08-02-2012

Atle Dale wrote:

OK. What about if I have 2 links on the same VLAN? I assume I only need one SVI that applies for all the links? In my case I will have 2 x 10 Gbps links to a iSCSI host (not management). Just making sure here...

For the management of this storage box, I would assume normal practice is to use a dedicated switchport for management. But I have seen other ways to do it. Like trunking the required vlans to the storage box. Right?

But then how do I setup the SVIs for a trunk? Does anything changing apart from making the switchport a trunk port with the allowed VLANS? I just have to provide SVIs for the different VLANS in the trunk, right?

Trunk ports are layer 2 - they don't HAVE SVI's. SVI's are associated with layer 3 (IP) traffic, and you only need one SVI (or router) per layer two VLAN.

Trunk links allow for multiple VLAN's to be included in the link - or trunked - and make provision for the remote device to separate the included VLAN's by the VLAN ID tag. not sure how your iSCSI devices work - if they're just access nodes, or if they have smarts - but if they are configurable in a VLAn "tagging" mode, then you would make your links a trunk. If they can only have an IP address allocated, then you put your ports in "access" mode.

You don't need a dedicated port for management - for example, all my switches are managed by creating an SVI in the VLAN 10 range and asigning them an IP address - but most devices which need remote management have dedicated out of band management ports (things like blade chassis excepted), so you need a port each. For devices which don't have dedicated ports, then you need a trunk configuration and include your "management" VLAN in the trunk.

Cheers.

ADAman · ‎08-02-2012

Trunk links allow for multiple VLAN's to be included in the link - or trunked - and make provision for the remote device to separate the included VLAN's by the VLAN ID tag. not sure how your iSCSI devices work - if they're just access nodes, or if they have smarts - but if they are configurable in a VLAn "tagging" mode, then you would make your links a trunk. If they can only have an IP address allocated, then you put your ports in "access" mode.

Cheers.

Hi!

what is smarts? Do you mean VLAN tagging? In my case we are talking EMC or Netapp Storage controllers. I am prettyr sure they handle VLAN-tagging.

ADAman · ‎08-02-2012

Ok. I am just extending a little further here...

How get internet access?

One thing is to setup routing between the vlans on the same switch, but how do we set up a route to internet?

This can be setup with a trunk to a router, or a trunk to another switch with router access?

If both cases apply, what needs to be configured on my first switch?

darren.g · ‎08-02-2012

Atle Dale wrote:

Ok. I am just extending a little further here...

How get internet access?

One thing is to setup routing between the vlans on the same switch, but how do we set up a route to internet?

This can be setup with a trunk to a router, or a trunk to another switch with router access?

If both cases apply, what needs to be configured on my first switch?

Well, for starters you need an internet link and associated router. :-)

On a layer three switch, assuming your internet router is connected to it and accessable, you do something like this

core(config)#ip route 0.0.0.0 0.0.0.0

This tells the switch to route ALL traffic it doesn't have a specific route for (I.E. assigns a default route) to the IP addresse designated by the address.

You MUST be able to connect to this address, or it's not going to work.

Cheers.

ADAman · ‎08-02-2012

Thanks again. I am step by step learning how to setup a complete network here

On a layer three switch, assuming your internet router is connected to it and accessable, you do something like this

Assuming a router has to belong to one or more VLANs, Is it enought that the trunk to the router or another switch contains the VLAN with internet access? Then the packets will be routed to the router IP address automatically?

core(config)#ip route 0.0.0.0 0.0.0.0

This tells the switch to route ALL traffic it doesn't have a specific route for (I.E. assigns a default route) to the IP addresse designated by the address.

You MUST be able to connect to this address, or it's not going to work.

Cheers.

Normal practice for management -how access many vlans from one server?