ESXi w/VLANs, HP 1810-24g trunk home network questions

crazyj

Member
Nov 19, 2015
71
2
8
47
I'm working on rearranging my home network to be split up a bit better for security, and to avoid some potential problems.

I'm hoping someone out there can tell me if my proposed setup makes sense. I'm wanting to segregate things a bit better using VLANS in anticipation of:
-separating the mgmt network
-keeping my security cameras completely contained to their own network with no outside access
-separating the consumer devices from trusted devices

Currently, all of my setup is flat using 192.168.2.x, including the router/gateway at 192.168.2.1. ISP modem consumes the 1.x range. I'd like to move the router address to avoid 2.x as well, since there could be VPN issues at 1.x and 2.x, if I ever use a VPN.

First of all, looking at the network layout, does that make sense as an end goal?
-can I remove the VLAN1 in the switch? Anyone have experience with the HP switches and if I need the trunk/LAGG ports set as Untagged in VLAN1 and if it needs to stay that way?

I'm hesitant to make changes en-mass from reluctance to dealing with losing a network connection to the server or the switch. None of it is on VLANs currently, so I'd be making a lot of changes at once.

Correct me if I'm wrong here:
-vswitch setups change first (adding in all the VLAN port-groups and moving the VMs to them)
-make sure the BMC/DRAC and ESXi are using DHCP rather than static at least for now
-router needs the VLANs and bridges configured to which ports will be the uplinks
-physical switch changes next. implementing all the VLANs and moving the MGMT port and VLAN (might need to connect a laptop to each VLAN port group if I lose connection)
-after all that I should be able to move the router address, but I think if I've configured the VLAN bridges properly, each VLAN uses its own gateway, correct? VLAN 44 uses 44.1 as a gateway, right?
-once all that's done and I can access the VMware console, I can open each VM's console and adjust the networking IP addresses there, yes?
 

Attachments

TXAG26

Active Member
Aug 2, 2016
352
108
43
I have that switch and trunks/LAGGs don't work well for a small home network. Not worth the trouble. I agree, leave VLAN 1 alone and just don't use it. Your router will need to be on a fully tagged port and make sure it is accessible and passing traffic between all of the new VLANs you create before cutting everything over to the new network configuration.
 

crazyj

Member
Nov 19, 2015
71
2
8
47
The passing traffic between all vlans part of this is eluding me at the moment. And dhcp doesn’t seem to want to work in all the ports. I think I need a bit more info on tomato vlans.
 

crazyj

Member
Nov 19, 2015
71
2
8
47
I got rid of the LAGG but I'm still passing a bunch of VLANs, which seems to work all right.

This switch still gives me occasional problems. ESXi VMs end up with network problems and I end up having to restart it every few months. Ever have similar issues?
 

maze

Active Member
Apr 27, 2013
573
94
28
I got rid of the LAGG but I'm still passing a bunch of VLANs, which seems to work all right.

This switch still gives me occasional problems. ESXi VMs end up with network problems and I end up having to restart it every few months. Ever have similar issues?
i used Them extensively around 10 years ago in a dorm network.. the vlan part is just a pita.. i did exactly what others are talking about - put Down vlan 1 and dont use it, and Then use tagged vlans out untill you hit your access ports.

keep the firmware updated, iirc that helped our stability quite a bit.. :)