VLAN Question - Does this diagram look right?

[RaiderJ]

First off, here's a diagram of what I'm trying to do with a single switch, multiple servers, and two separate networks. I'd like to section off a part of the switch to only connect to one of the upstream networks. Each server has two physical NIC's. The goal of this to keep all of our project servers close together, and then only run two cables to the upstream switches.

Questions:

If the switch is "auto-uplink", does that mean it is smart enough to know which port on each VLAN is the "uplink" connection?

Am I understanding/applying the concept of VLAN properly?

 

[Cooky]

Can't comment on "auto-uplink" since I've never heard that term before.

For what you want to do though, you may want to look into using trunk ports (dot1Q) between switches.
May also want to have a dedicated VLAN/subnet for the servers so that you can do ACL's more easily.

 

[RaiderJ]

Originally posted by: Cooky
Can't comment on "auto-uplink" since I've never heard that term before.

For what you want to do though, you may want to look into using trunk ports (dot1Q) between switches.
May also want to have a dedicated VLAN/subnet for the servers so that you can do ACL's more easily.

I don't think I can do any trunking, since the two upstream switches are separate devices. Plus, running two cables isn't an issue, it might take more time to set up trunking than to just run the cables.

ACL's are for security? I'm not too worried about that right now, this is just for testing/development at the moment. I'm just trying to get everything to "talk" properly for now.

Auto-uplink, as I understand it, means you don't have to use a crossover cable when connecting one switch to another. I have used to regular patch cables before, one to my laptop from the switch, one from the switch to the wall jack. The switch was able to figure out where the upstream connection was and connect my laptop to the internet. Does that make sense?

 

[imagoon]

That diagram is one way to use a single switch as 2. Your basically scratching the surface however. You can trunk to the servers network cards and trunk back to the other switches (which you decided not to do here). A single port and cable can deliver both networks to the server. However one thing to watch for, certain OS's handle multi-homed networks better than others. VMware ESX is incredibly versatile while Windows tends to choke. Windows only allows 1 default gateway normally and adding 2 can result in strange behavior.

 

[RaiderJ]

Originally posted by: imagoon
That diagram is one way to use a single switch as 2. Your basically scratching the surface however. You can trunk to the servers network cards and trunk back to the other switches (which you decided not to do here). A single port and cable can deliver both networks to the server. However one thing to watch for, certain OS's handle multi-homed networks better than others. VMware ESX is incredibly versatile while Windows tends to choke. Windows only allows 1 default gateway normally and adding 2 can result in strange behavior.

I'm using Windows Server 2003 - I have noticed some issues with having two gateways in a single server instance.

Do you have a better suggestion for how to configure the servers in order for them to see both networks at the same time? Would it be possible in Windows to connect both networks to the same NIC like you mentioned (trunking)?

 

[imagoon]

Well it depends on what you need. Do you need multi network access via both of the homes? What is the reason for 1 server being on 2 networks? When you say "keep the project servers close" what exactly do you mean?

As a side note, windows takes a ton of special configs to make this work right, esp on a Domain. It is generally assumed by Windows machines that any ip address they have is accessible by all other machines.

This tends to pop up on DNS when the server registers IP addresses. All of a sudden other machines on network A are being told to use network B's IP address because DNS begins to round robin them by default.

 

[spidey07]

You normally don't want more than one IP interface on an end node otherwise you run into routing problems and have to manually configure routing on the host. As mentioned two default gateways is a no-no. What are you trying to accomplish here?

 

[RaiderJ]

We need to have the servers on two networks to support communication over our VPN, and also for our local network. Our configuration with this has been working so far, but I'm sure there's a better way to do it. The servers must be physically racked together, so having a nearby switch with everything is far easier for cabling.

 

[seepy83]

Originally posted by: RaiderJ
We need to have the servers on two networks to support communication over our VPN, and also for our local network.

A properly configured Router should be able to route the traffic between your VPN and LAN/Server networks.

 

[Pantlegz]

Originally posted by: seepy83

Originally posted by: RaiderJ
We need to have the servers on two networks to support communication over our VPN, and also for our local network.

A properly configured Router should be able to route the traffic between your VPN and LAN/Server networks.

I was thinking trunking is what he would want to do, and have subinterfaces on the router setup so all the server needs to know is how to get to the router, it takes care of it from there. Trunking is VERY easy to setup, routing is the same.

 

[RaiderJ]

I don't have access to any equipment "upstream" from the diagram I've shown. Could trunking enable me to only need one cable per server in order to hit both networks?

 

[Pantlegz]

yes, with a router thrown in the mix. You would only need 1 cable to each server. You would either need to config one of the routers in either of the 2 networks to do the routing for you or you would have to add an additional router to the mix. But you could easily just modify either of the router configs and save a few thousand dollars, if you're able to that is.

 

[RaiderJ]

Originally posted by: Pantlegz1
yes, with a router thrown in the mix. You would only need 1 cable to each server. You would either need to config one of the routers in either of the 2 networks to do the routing for you or you would have to add an additional router to the mix. But you could easily just modify either of the router configs and save a few thousand dollars, if you're able to that is.

Hmm... I'll probably just skip that part then. As is I can just run two cables from each server. With the switch so close to the servers a few 3' cables will work just fine.

 

[RaiderJ]

Just to verify, I can use a VLAN to essentially divide the ports on the switch in order to connect to two different upstream networks?

 

[her209]

Auto uplink is when the switch automatically detects if the port needs to run in MDI or MDIX mode. At least that's what it means on Netgear switches.
See http://en.wikipedia.org/wiki/E...le#Automatic_crossover

 

[spidey07]

Originally posted by: RaiderJ
Just to verify, I can use a VLAN to essentially divide the ports on the switch in order to connect to two different upstream networks?

You're still going to have the problem of two default gateways on different networks. Why not let a router decide where to route things? That's what they're there for.

 

[RaiderJ]

Originally posted by: spidey07

Originally posted by: RaiderJ
Just to verify, I can use a VLAN to essentially divide the ports on the switch in order to connect to two different upstream networks?

You're still going to have the problem of two default gateways on different networks. Why not let a router decide where to route things? That's what they're there for.

I don't have access to one unfortunately, otherwise I'd certainly take that approach. So far Windows has been able to work things out properly (not really sure how though).