I would like to create a VLAN for NAS traffic from 2x servers to a NAS repository so I have a few simple questions. Lets assume the following
Server 1 NIC 3 = 10.0.11.1
Server 2 NIC 3= 10.0.11.2
SAN Nic 1 = 10.0.11.3
For arguements sake let's say the server is on Port 1, Server 2 is port 2 NAS is port 3 you get the idea. I needed some clarification on a few points and any recommendations on best practices.
My understanding is you would like to keep this traffic segregated from other network traffic hence you are putting it on it's on VLAN. Assuming the above would you suggest:
Ports are configured as Trunks with 1UP & 11T or just 11UP? I understand you may want to use Ingress Filtering so you would set the access type to General and set the Ingress to Admit Tagged Only? Use some kind of MAC filtering on the VLAN? Under one setting for VLAN I can set all the other ports as either Excluded or Forbidden, what's the difference between the two?
Thanks in advance as always experts I appreciate your valuable feedback!
Re: Best Practices For NAS Port&VLAN Configuration
Hi Ross, in a layer 2 environment, the VLAN will only communicate amongst themselves. Of course, these days some form of intervlan communication is needed, where a layer 3 device would come to practice. A general port is an 802.1q port, where as you may disable ingress filtering, versus a trunk port which you cannot. The ports connecting the NAS and server can be set as an untag member access port. As the access port, the ingress filter applies, therefore any vlan not specified to the port will be discarded.
If you need access to the NAS/server units, your layer 3 device would handle the traffic management and intervlan communication and the port connecting to the L3 device would be a vlan untagged, all others tagged on a trunk or general port. The reason I say "a vlan untagged" is because the adminstrative vlan should not be used for any traffic but also because you may have specific vlans that you want to be a candidate for sharing traffic with.
The difference between forbidden and excluded is not much. If a vlan is forbidden, it means it will not (ever) be a member of the prot assignment, as the excluded simply means it is not a member at this time, but can be.
Also, if your server supports it, you can set up a LAG on the switch. Either static or with LACP.
I hope this answers your question.
Please mark answered for helpful posts
[toc:faq]Introduction: This document describes how to connect SG300 with
Catalyst switch via STP. Spanning Tree Protocol (STP) is a Layer 2
protocol that runs on mainly on switches. The specification for STP is
IEEE 802.1D. The main purpose of STP is to e...
The Sx500 Series Stackable Switches offers different port features. You
can add security to a port, make the port more energy efficient, map a
VLAN to a port, make a port available or not to a specific network
portion, and so forth. The next set of articl...
On a technical level, Cisco 300 Series is far superior to the HP 1910
and 2530 products. This document provides evidence that Cisco has >100
features not supported by the HP platforms. Check this out and decide
for yourselves. Notes (2/5/2014):- Informati...