Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best Practices For NAS Port&VLAN Configuration

Group,

I would like to create a VLAN for NAS traffic from 2x servers to a NAS repository so I have a few simple questions. Lets assume the following

Server 1 NIC 3 = 10.0.11.1

Server 2 NIC 3=  10.0.11.2

SAN Nic 1 = 10.0.11.3

For arguements sake let's say the server is on Port 1, Server 2 is port 2 NAS is port 3 you get the idea. I needed some clarification on a few points and any recommendations on best practices.

My understanding is you would like to keep this traffic segregated from other network traffic hence you are putting it on it's on VLAN. Assuming the above would you suggest:

Ports are configured as Trunks with 1UP & 11T or just 11UP? I understand you may want to use Ingress Filtering so you would set the access type to General and set the Ingress to Admit Tagged Only? Use some kind of MAC filtering on the VLAN? Under one setting for VLAN I can set all the other ports as either Excluded or Forbidden, what's the difference between the two?

Thanks in advance as always experts I appreciate your valuable feedback!

  • Small Business Switches
1 REPLY
Green

Re: Best Practices For NAS Port&VLAN Configuration

Hi Ross, in a layer 2 environment, the VLAN will only communicate amongst themselves. Of course, these days some form of intervlan communication is needed, where a layer 3 device would come to practice. A general port is an 802.1q port, where as you may disable ingress filtering, versus a trunk port which you cannot. The ports connecting the NAS and server can be set as an untag member access port. As the access port, the ingress filter applies, therefore any vlan not specified to the port will be discarded.

If you need access to the NAS/server units, your layer 3 device would handle the traffic management and intervlan communication and the port connecting to the L3 device would be a vlan untagged, all others tagged on a trunk or general port. The reason I say "a vlan untagged" is because the adminstrative vlan should not be used for any traffic but also because you may have specific vlans that you want to be a candidate for sharing traffic with.

The difference between forbidden and excluded is not much. If a vlan is forbidden, it means it will not (ever) be a member of the prot assignment, as the excluded simply means it is not a member at this time, but can be.

Also, if your server supports it, you can set up a LAG on the switch. Either static or with LACP.

I hope this answers your question.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
1840
Views
0
Helpful
1
Replies