Segregating vmware web server from home network using cisco 2950 switch

Answered Question
Apr 15th, 2012

Basically what the title says. Here is the layout:


1. Comcast modem -> home router/default gateway (linksys e2000) - 192.168.1.1 -> unmanaged netgear hub

1a. from unmanaged hub, everything has a 192.168.1.x address with a subnet mask of 255.255.255.0 (PCs/laptops/wifi, etc)

2. From unmanaged hub, to the cisco 2950 switch

2a. setup vlan1 to be a 192.168.0.x network (default gateway 192.168.0.1) with a subnet mask of 255.255.255.248

2b. Cisco switch has a Dell Poweredge 2950 II & a Rackable systems JBOD system, was going to set the IP of VMware ESXi as 192.168.0.3, the web server as 192.168.0.4


So far I have gotten to logging into the Cisco switch and setting the vlan1 as IP address/subnet mask as shown above. But when I set the static IP in the ESXi/web server, they are not getting connectivity. This may have something to do with routing from the home router because when I try and do static routes, it won't let me do it from a 192.168.0.x network. Not sure where to start, starting from a novice to intermediate perspective, but had some spare parts and wanted to start this project. Any help would be appreciated. Thanks in advance, and let me know if you need more information.


Regards,

Rob

I have this problem too.
0 votes
Correct Answer by moemoe1818 about 2 years 1 week ago

Given the equipment you are using, do you have dual NATs right now? Is the IP address on the outside of your Linksys in the private range (192.169.x.x, 10.x.x.x, 172.16-31.x.x)? If so, the first thing I would look at is eleminating the dual NAT. You can still use a Linksys router as an AP by pluging in from the LAN side to the ZyWall (and most likely disabling DHCP in favor of the ZyWall's server).

While I don't know that much about the ZyWall, the data sheet indicates that it supports multiple virutal interfaces on the inside. You could just use two of the LAN interfaces as two separate networks, with two virtual interfaces on the ZyWall. Presumably you could then setup whatever access control rules you wanted from that point.

LAN 1: 192.168.1.0 255.255.255.0

LAN 2: 192.168.2.0 255.255.255.0

However, this completeley negates the use of the 2950 as more than a dumb switch

If your really wanted to have your 2950 in use, doing something, you could setup the device with two VLANs on it, and have it trunk to a port on the ZyWall (assuming it supported it).

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
moemoe1818 Sun, 04/15/2012 - 22:21

Basically what the title says. Here is the layout:

1. Comcast modem -> home router/default gateway (linksys e2000) - 192.168.1.1 -> unmanaged netgear hub

1a. from unmanaged hub, everything has a 192.168.1.x address with a subnet mask of 255.255.255.0 (PCs/laptops/wifi, etc)

2. From unmanaged hub, to the cisco 2950 switch

2a. setup vlan1 to be a 192.168.0.x network (default gateway 192.168.0.1) with a subnet mask of 255.255.255.248

2b. Cisco switch has a Dell Poweredge 2950 II & a Rackable systems JBOD system, was going to set the IP of VMware ESXi as 192.168.0.3, the web server as 192.168.0.4

So far I have gotten to logging into the Cisco switch and setting the vlan1 as IP address/subnet mask as shown above. But when I set the static IP in the ESXi/web server, they are not getting connectivity. This may have something to do with routing from the home router because when I try and do static routes, it won't let me do it from a 192.168.0.x network. Not sure where to start, starting from a novice to intermediate perspective, but had some spare parts and wanted to start this project. Any help would be appreciated. Thanks in advance, and let me know if you need more information.

Regards,

Rob

-

Hi Rob,

The 2950 is not a layer three (routing) switch - even if you set an interface on the switch to 192.168.0.1, it would not route.

The Linksys you have most likely only has one LAN interface (internal, the 192.168.1.1) and one WAN interface (external - Whatever your ISP assigns).

If you obtain a cheap 3550 (~$60 on used), and look at the documentation I have linked below, you can give this a go with VLANs. Just remember to use the set ip route command to point to 192.168.1.1.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

-Jordan

Sent from Cisco Technical Support iPad App

dijitaljedi Mon, 04/16/2012 - 08:33

Thank you for getting back to me.  Silly me, should have noted that.  Now, would I be able to to stick with the 192.168.1.0 255.255.255.0 network, all of the 2950 switch ports are in VLAN 1 by default , so it should plug and play. The devices I want static can be set to the top of the current range 192.168.1.254, 192.168.1.253 and so forth, the DHCP on my router will issue 192.168.1.2, 192.168.1.3...

Also, I have a hardware firewall coming in (usg50), 2 wan ports, 4 lan.  Would that help at all?  What network config would you recommend with the firewall?  Or would I still need the 3550?  Thanks!

Correct Answer
moemoe1818 Mon, 04/16/2012 - 13:16

Given the equipment you are using, do you have dual NATs right now? Is the IP address on the outside of your Linksys in the private range (192.169.x.x, 10.x.x.x, 172.16-31.x.x)? If so, the first thing I would look at is eleminating the dual NAT. You can still use a Linksys router as an AP by pluging in from the LAN side to the ZyWall (and most likely disabling DHCP in favor of the ZyWall's server).

While I don't know that much about the ZyWall, the data sheet indicates that it supports multiple virutal interfaces on the inside. You could just use two of the LAN interfaces as two separate networks, with two virtual interfaces on the ZyWall. Presumably you could then setup whatever access control rules you wanted from that point.

LAN 1: 192.168.1.0 255.255.255.0

LAN 2: 192.168.2.0 255.255.255.0

However, this completeley negates the use of the 2950 as more than a dumb switch

If your really wanted to have your 2950 in use, doing something, you could setup the device with two VLANs on it, and have it trunk to a port on the ZyWall (assuming it supported it).

dijitaljedi Mon, 04/16/2012 - 14:23

You sir, are a gentleman and a scholar.  Will test that out once I get the firewall in.  It seems pretty easy to configure, and thankfully I got that 2950 for free so if anything I can just throw it to the side and using it for switching and use my Linksys as an AP as you suggested.  Will let you know how it works out.  THanks again.

Actions

Login or Register to take actions

This Discussion

Posted April 15, 2012 at 11:52 AM
Stats:
Replies:4 Avg. Rating:5
Views:406 Votes:0
Shares:0
Tags: No tags.
Categories: Switches
+

Discussions Leaderboard

Rank Username Points
1 15,012
2 8,155
3 7,754
4 7,088
5 6,752
Rank Username Points
115
88
84
74
38