Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
4
Replies

Segregating vmware web server from home network using cisco 2950 switch

Go to solution
dijitaljedi
Level 1
Level 1

‎04-15-2012 11:52 AM - edited ‎03-07-2019 06:08 AM

Basically what the title says. Here is the layout:


1. Comcast modem -> home router/default gateway (linksys e2000) - 192.168.1.1 -> unmanaged netgear hub

1a. from unmanaged hub, everything has a 192.168.1.x address with a subnet mask of 255.255.255.0 (PCs/laptops/wifi, etc)

2. From unmanaged hub, to the cisco 2950 switch

2a. setup vlan1 to be a 192.168.0.x network (default gateway 192.168.0.1) with a subnet mask of 255.255.255.248

2b. Cisco switch has a Dell Poweredge 2950 II & a Rackable systems JBOD system, was going to set the IP of VMware ESXi as 192.168.0.3, the web server as 192.168.0.4


So far I have gotten to logging into the Cisco switch and setting the vlan1 as IP address/subnet mask as shown above. But when I set the static IP in the ESXi/web server, they are not getting connectivity. This may have something to do with routing from the home router because when I try and do static routes, it won't let me do it from a 192.168.0.x network. Not sure where to start, starting from a novice to intermediate perspective, but had some spare parts and wanted to start this project. Any help would be appreciated. Thanks in advance, and let me know if you need more information.


Regards,

Rob

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
moemoe1818
Level 1
Level 1
In response to dijitaljedi

‎04-16-2012 01:16 PM

Given the equipment you are using, do you have dual NATs right now? Is the IP address on the outside of your Linksys in the private range (192.169.x.x, 10.x.x.x, 172.16-31.x.x)? If so, the first thing I would look at is eleminating the dual NAT. You can still use a Linksys router as an AP by pluging in from the LAN side to the ZyWall (and most likely disabling DHCP in favor of the ZyWall's server).

While I don't know that much about the ZyWall, the data sheet indicates that it supports multiple virutal interfaces on the inside. You could just use two of the LAN interfaces as two separate networks, with two virtual interfaces on the ZyWall. Presumably you could then setup whatever access control rules you wanted from that point.

LAN 1: 192.168.1.0 255.255.255.0

LAN 2: 192.168.2.0 255.255.255.0

However, this completeley negates the use of the 2950 as more than a dumb switch

If your really wanted to have your 2950 in use, doing something, you could setup the device with two VLANs on it, and have it trunk to a port on the ZyWall (assuming it supported it).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
moemoe1818
Level 1
Level 1

‎04-15-2012 10:21 PM

Basically what the title says. Here is the layout:

1. Comcast modem -> home router/default gateway (linksys e2000) - 192.168.1.1 -> unmanaged netgear hub

1a. from unmanaged hub, everything has a 192.168.1.x address with a subnet mask of 255.255.255.0 (PCs/laptops/wifi, etc)

2. From unmanaged hub, to the cisco 2950 switch

2a. setup vlan1 to be a 192.168.0.x network (default gateway 192.168.0.1) with a subnet mask of 255.255.255.248

2b. Cisco switch has a Dell Poweredge 2950 II & a Rackable systems JBOD system, was going to set the IP of VMware ESXi as 192.168.0.3, the web server as 192.168.0.4

So far I have gotten to logging into the Cisco switch and setting the vlan1 as IP address/subnet mask as shown above. But when I set the static IP in the ESXi/web server, they are not getting connectivity. This may have something to do with routing from the home router because when I try and do static routes, it won't let me do it from a 192.168.0.x network. Not sure where to start, starting from a novice to intermediate perspective, but had some spare parts and wanted to start this project. Any help would be appreciated. Thanks in advance, and let me know if you need more information.

Regards,

Rob

-

Hi Rob,

The 2950 is not a layer three (routing) switch - even if you set an interface on the switch to 192.168.0.1, it would not route.

The Linksys you have most likely only has one LAN interface (internal, the 192.168.1.1) and one WAN interface (external - Whatever your ISP assigns).

If you obtain a cheap 3550 (~$60 on used), and look at the documentation I have linked below, you can give this a go with VLANs. Just remember to use the set ip route command to point to 192.168.1.1.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

-Jordan

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
dijitaljedi
Level 1
Level 1
In response to moemoe1818

‎04-16-2012 08:33 AM

Thank you for getting back to me.  Silly me, should have noted that.  Now, would I be able to to stick with the 192.168.1.0 255.255.255.0 network, all of the 2950 switch ports are in VLAN 1 by default , so it should plug and play. The devices I want static can be set to the top of the current range 192.168.1.254, 192.168.1.253 and so forth, the DHCP on my router will issue 192.168.1.2, 192.168.1.3...

Also, I have a hardware firewall coming in (usg50), 2 wan ports, 4 lan.  Would that help at all?  What network config would you recommend with the firewall?  Or would I still need the 3550?  Thanks!

0 Helpful

Go to solution
moemoe1818
Level 1
Level 1
In response to dijitaljedi

‎04-16-2012 01:16 PM

Given the equipment you are using, do you have dual NATs right now? Is the IP address on the outside of your Linksys in the private range (192.169.x.x, 10.x.x.x, 172.16-31.x.x)? If so, the first thing I would look at is eleminating the dual NAT. You can still use a Linksys router as an AP by pluging in from the LAN side to the ZyWall (and most likely disabling DHCP in favor of the ZyWall's server).

While I don't know that much about the ZyWall, the data sheet indicates that it supports multiple virutal interfaces on the inside. You could just use two of the LAN interfaces as two separate networks, with two virtual interfaces on the ZyWall. Presumably you could then setup whatever access control rules you wanted from that point.

LAN 1: 192.168.1.0 255.255.255.0

LAN 2: 192.168.2.0 255.255.255.0

However, this completeley negates the use of the 2950 as more than a dumb switch

If your really wanted to have your 2950 in use, doing something, you could setup the device with two VLANs on it, and have it trunk to a port on the ZyWall (assuming it supported it).

0 Helpful

Go to solution
dijitaljedi
Level 1
Level 1
In response to moemoe1818

‎04-16-2012 02:23 PM

You sir, are a gentleman and a scholar.  Will test that out once I get the firewall in.  It seems pretty easy to configure, and thankfully I got that 2950 for free so if anything I can just throw it to the side and using it for switching and use my Linksys as an AP as you suggested.  Will let you know how it works out.  THanks again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card