Trying to connect 2 servers together

[adam longtin]

What I am trying to do I am not sure if it is even possible, I am trying to setup a testing lab in my house to have 2 vm host running server 2012 on to different subnets

so this is how I want to set this up if possible and please tell me if it is not

Coming from my modem plugged into pfsense firewall running 192.168.20.2 on the lan side
From the firewall plugs into my Extreme switch x250e switch all untagged ports from here to my vm host
my server 2012 r2 is setup as a domain controller, DHCP, and DNS on 192.168.20.1/24 this is all working fine ,
The problem is I have another switch that is a Dell power connect that is running another vm host
On this server 2012 r2 is setup as Domain Controller, DHCP, and DNS running ip range 192.168.30.1/24

Is there a way to connect the Extreme switch to the Dell switch to pass traffic back and fourth on both subnets so I can access any other servers or clients on either subnet and Have internet running on both subnets running with 1 modem and firewall

 

[ylin0811]

what you are looking for is pfsense on a stick:

http://blog.stefcho.eu/pfsense-on-a...gigabit-switch-with-five-ports-and-swos-v1-5/

just make sure you trunk the vlan all the way through in between two switches, and strip the vlan tag before the packet egresses out of the port facing your vm box.

you will need to make sure you allow the packet to travel across the firewall, and set the gateway for each vm to its respect address for that subnet.

 

[adam longtin]

Ok for the first server and switch that is connected to the firewall is working ok and I add to set the default gateway to the pfsense lan ip and that got me out the the Internet. My problem is I can't get the second switch and server to talk to the first one this is what I did on the xtreme switch

v20 tag 20
create vlan v30 tag 30
configure vlan v20 ipaddress 192.168.20.254/24
configure vlan v30 ipaddress 192.168.30.254/24
enable ipforwarding v20
enable ipforwarding v30

config default delete ports all
config vlan v20 add port all untagged
config vlan v30 add port 10 tagged # port 10 to vmware server

configure iproute add default 192.168.20.2

The second dell switch is at its default no configs on it
Also here is a bad image of what I am trying to do

 

[ylin0811]

1. is your dell switch configured with dot1q trunk for vlan 30 facing the esxi server?

if yes, is your esxi server also configured to tag all traffic with vlan 30 when sending traffic upstream to the dell switch?

2. i am going to assume the above is yes for now. when dell switch receives the tagged vlan 30 traffic, this tag has to be stripped at the crosslink in between dell and xtreme. you can do this by configuring the crosslink as follows:

dell switch to xtreme = access vlan 30
xtreme to dell = access vlan 1

3. when traffic arrives at pfsense from esxi with 192.168.30.x, your pfsense will not know how to route the traffic to 192.168.20.x, so you will need a static route configured on pfsense pointing to 192.168.30.x (x being the ip for 192.168.20.x subnet)
this should solve your problem.

 

[adam longtin]

the answer to both questions i dont think so

also my pfsense I dont think is routing the traffic

I was told me Layer 3 switches will do all that for me so I dont think I have any routing in pfsense except to go out to the internet

 

[ylin0811]

if your 192.168.20.x can go out to the internet, then your pfsense knows about this subnet. do a simple traceroute from pfsense to one of the ips on 192.168.20.x and see if it is indeed going to the xtreme switch's svi interface

your dell switch is configured for tagging with the following statement:

config vlan v30 add port 10 tagged # port 10 to vmware server

you just need to make sure that your esxi is indeed tagging the traffic egressing upstream to dell, and set the crosslink configuration to the post i mentioned above. that should work.

 

[adam longtin]

ok so i am suppose to run that command for my dell switch i did that on my extreme switch I did no configs on my Dell switch at all

 

[ylin0811]

before you do anything, check how your esxi port group is configured first. your switch is the one that should interact with esxi, not the other way around.

 

[adam longtin]

Ok I have 2 switches my first switch the extreme is configured like
v20 tag 20
create vlan v30 tag 30
configure vlan v20 ipaddress 192.168.20.254/24
configure vlan v30 ipaddress 192.168.30.254/24
enable ipforwarding v20
enable ipforwarding v30

config default delete ports all
config vlan v20 add port all untagged
config vlan v30 add port 10 tagged # port 10 to vmware server

configure iproute add default 192.168.20.2

and the extreme switch has a esxi connted that is only working if I use static ips for the clients I thought this was working ok with dhcp from the domain controller but only static will it work

the dell switch that has another esxi is not configured at all it is set to default config

 

[ylin0811]

let's start from the basics, as your diagram doesn't match with the actual configuration on your switches

how are the vlans set on your esxi server? esx/esxi have the capability to send traffic tagged or untagged. i need to know this before i can tell you how your switches should be configured.

 

[adam longtin]

I don't have any vlans setup on my esxi servers didn't know I need that
If it is easier and you can tell me how to set it up from the beggining as I have been told to do it this way or that way and I can't get it working at all

 

[ylin0811]

ok so you basically have two options

both option 1 and 2 require you to erase the config on both extreme and dell switch, so you don't have any pre-existing vlan configurations.

with option 1, the interface on dell and extreme that connect to your esxi will be on the switch's default of vlan 1. for the upstream traffic, you will need to create a new ip schema and assign an unique ip address on the same subnet to a new vlan on dell, extreme, and pfsense.

once that is done, you will need to make sure the vlan is trunked all the way through in between dell, extreme, and pfsense.

pfsense will be responsible for routing the traffic for 192.168.20.x and 30.x by the use of static routes.

option 2 is the pfsense on the stick. this will work as well, but offers less protection than option 1 when it comes to large deployments.

i cannot tell you step by step on how to do this over the internet, as it has been over 10 years since i've touched extreme and dell switches, but the concept is still the same. i would recommend you do some readings for each product's documentation to see how they interact with each other, so you can get a better understanding on how to deploy these technologies successfully.

 

[adam longtin]

ok I thought the switches will do the routing for me. I dont really want to static route on pc I add into the network, I want to use the dhcp server on both subnet to auto assign IPs if this cant be done then I will need to figure out somthing else as I have been told it will work they way I am trying but cant seem to get it this way

I would like to have it setup like the pic I posted If it is possible and Have the switches do the routing for me

 

[ylin0811]

you can have switches route for you if they support routing protocols. for example, most managed switches nowadays support the use of ospf, and you can enable ospf to automatically inject any new subnet additions to ospfdb.

but this would still require you to work out the vlans. with the introduction of routing protocols, you would need to add a /31 and/or /127 ptp in between both switches.

like i said, just do some reading on these protocols and it will help you a lot.