09-16-2014 03:47 PM - edited 03-19-2019 08:37 AM
Hi,
I have installed CM 10.x publisher and Expressway-C 8.2.1 (both in VM)in one server BE 6000 and CM subscriber and Expressway-E 8.2.1(both in VM) in other server BE6000, all the applications are in the same network segment (voice). As this is my first installation of expressway C /E I have no idea how to manage the option of DMZ for expressway-E in a virtualized enviroment.
I found in a cisco document "Considerations for Deploying Cisco Expressway Solutions on a Business Edition Server" the option of sigle firewall design. In my case I have already set the ip address without VLAN of expressway-E and now I need to change the IP address and assigned the VLAN that correspond to DMZ.
The document shows that the VLAN of DMZ is assigned when the OVA template is run, so my doubt is ; Do I need to reinstall de Expressway-E VM?
there is no option of changing the IP and assigned the VLAN that correspond to DMZ without reinstalling?
in case of reinstalling the serial number of VM remains the same?
regards
Solved! Go to Solution.
09-17-2014 03:09 PM
Correct, so right now both vlans 10 and 71 are being tagged by the switch. ESXi doesnt recognize the tags and hence the loss of connectivity. If you set the VLAN ID 10 on the VM network port group that is assigned to CUCM/CUCN, ESXi will also start understanding the VLAN tags and you should get connectivity back.
09-17-2014 09:37 AM
You dont need to reinstall Expressway-E. Personal opinion is you create a new vswitch in VMWare and assign it to a separate NIC on the UCS server and assign this NIC to the DMZ vlan. This way there is a physical separation between DMZ/internal. You could also trunk the VLAN using the existing links and create a new vmnetwork in VMWare and assign VLAN tags to them. If you click on the VM and edit settings -> Networks, you have the option to change the vmnetwork.
You can change the IP address of the Expwy from console by running the setup command once again or you could change the IP from the web interface as well (This will have to be done prior to changing vmnetworks in VMware).
09-17-2014 12:40 PM
Hi George,
thank you so much for your recommendation, I tried to set in port 1 DMZ and settind the port in switch in trunk mode, but lost connectivity with all VM.
I attach some screenshot as reference, I'm not sure if the association on DMZ to Exp-E is correct
interface GigabitEthernet3/20
description UCSC220 Secundario_PTO1
switchport trunk allowed vlan 10,71,100
switchport mode trunk
spanning-tree portfast trunk
thanks for your time
regards
09-17-2014 12:47 PM
Did you add the switchport trunk command right now or was it how it was setup earlier?
09-17-2014 12:53 PM
I have just added the trunk options in switch's port
regards
09-17-2014 12:55 PM
Ok , that means initially the switchport didnt have the trunk commands but it was added? You will have to connect to CIMC and log into ESXi, go to the networking settings and specify the VLAN ID in there. That should let you regain access to ESXi/VMs.
09-17-2014 01:20 PM
George,
currently I've just defined VLAN 71 ,for DMZ the other VMs (CM, Unity, Presence) not, they are in VLAN 10 (voice vlan).
I you see the screenshots no VLANs for that VMs.
09-17-2014 03:09 PM
Correct, so right now both vlans 10 and 71 are being tagged by the switch. ESXi doesnt recognize the tags and hence the loss of connectivity. If you set the VLAN ID 10 on the VM network port group that is assigned to CUCM/CUCN, ESXi will also start understanding the VLAN tags and you should get connectivity back.
09-19-2014 06:59 PM
Hi George,
thanks for your comments, finally I have full connectivity :-)
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide