Solved: You dont need to reinstall

filiberto.aguirre · ‎09-16-2014

Hi,

I have installed CM 10.x publisher and Expressway-C 8.2.1 (both in VM)in one server BE 6000 and CM subscriber and Expressway-E 8.2.1(both in VM) in other server BE6000, all the applications are in the same network segment (voice). As this is my first installation of expressway C /E I have no idea how to manage the option of DMZ for expressway-E in a virtualized enviroment.

I found in a cisco document "Considerations for Deploying Cisco Expressway Solutions on a Business Edition Server" the option of sigle firewall design. In my case I have already set the ip address without VLAN of expressway-E and now I need to change the IP address and assigned the VLAN that correspond to DMZ.

The document shows that the VLAN of DMZ is assigned when the OVA template is run, so my doubt is ; Do I need to reinstall de Expressway-E VM?

there is no option of changing the IP and assigned the VLAN that correspond to DMZ without reinstalling?

in case of reinstalling the serial number of VM remains the same?

regards

George Thomas · ‎09-17-2014

Correct, so right now both vlans 10 and 71 are being tagged by the switch. ESXi doesnt recognize the tags and hence the loss of connectivity. If you set the VLAN ID 10 on the VM network port group that is assigned to CUCM/CUCN, ESXi will also start understanding the VLAN tags and you should get connectivity back.

Please rate useful posts.

View solution in original post

George Thomas · ‎09-17-2014

You dont need to reinstall Expressway-E. Personal opinion is you create a new vswitch in VMWare and assign it to a separate NIC on the UCS server and assign this NIC to the DMZ vlan. This way there is a physical separation between DMZ/internal. You could also trunk the VLAN using the existing links and create a new vmnetwork in VMWare and assign VLAN tags to them. If you click on the VM and edit settings -> Networks, you have the option to change the vmnetwork.

You can change the IP address of the Expwy from console by running the setup command once again or you could change the IP from the web interface as well (This will have to be done prior to changing vmnetworks in VMware).

Please rate useful posts.

filiberto.aguirre · ‎09-17-2014

Hi George,

thank you so much for your recommendation, I tried to set in port 1 DMZ and settind the port in switch in trunk mode, but lost connectivity with all VM.

I attach some screenshot as reference, I'm not sure if the association on DMZ to Exp-E is correct

interface GigabitEthernet3/20
description UCSC220 Secundario_PTO1

switchport trunk allowed vlan 10,71,100
switchport mode trunk
spanning-tree portfast trunk

thanks for your time

regards

George Thomas · ‎09-17-2014

Did you add the switchport trunk command right now or was it how it was setup earlier?

Please rate useful posts.

filiberto.aguirre · ‎09-17-2014

I have just added the trunk options in switch's port

regards

George Thomas · ‎09-17-2014

Ok , that means initially the switchport didnt have the trunk commands but it was added? You will have to connect to CIMC and log into ESXi, go to the networking settings and specify the VLAN ID in there. That should let you regain access to ESXi/VMs.

Please rate useful posts.

filiberto.aguirre · ‎09-17-2014

George,

currently I've just defined VLAN 71 ,for DMZ the other VMs (CM, Unity, Presence) not, they are in VLAN 10 (voice vlan).

I you see the screenshots no VLANs for that VMs.

George Thomas · ‎09-17-2014

Correct, so right now both vlans 10 and 71 are being tagged by the switch. ESXi doesnt recognize the tags and hence the loss of connectivity. If you set the VLAN ID 10 on the VM network port group that is assigned to CUCM/CUCN, ESXi will also start understanding the VLAN tags and you should get connectivity back.

Please rate useful posts.

filiberto.aguirre · ‎09-19-2014

Hi George,

thanks for your comments, finally I have full connectivity :-)

regards

how to assign VLAN ID for DMZ in Expressway- E in Virtual Machine