General help with VLAN, Router, Switch and Hyper-V

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
C

cij

New Member
Dec 20, 2017
10
0
1
36
Hello guys,

I need help on a small project and hope anyone can help on this issue?

We are 5 people a life in a shared apartment. Our idea is to have one central server where anyone can create vms, each of us has is own VLAN to split the traffic from each other. But our issue we are real beginners in the network area. Let me try to explain what we have bought and what we plan to:

Hardware:
  1. Router -> TP-Link ER6120 V3
  2. Switch -> Netgear GS724Tv4
  3. Server -> HP DL380p G8

Overview:
  • TP-Link ER6120 V3:
  • Port 1 -> WAN internet access
  • Port 3 -> DHCP Internal communication all devices
  • Port 5 -> Only used for VLANs with a tagged port
  • Port 2 and 5 empty

Netgear GS724Tv4
  • Port 1 -> internet coming from TP-Link ER6120 V3
  • Port 4 -> internal communication used with DHCP
  • Port 19&20 -> tagged port for VLANs

HP Server
  • Port 1 -> Internet and internal communication
  • Port 4 -> not shared port with host and vms only used for VLANs

For internet we get only a wan cable from our student home with a public ip address. This is already setup on the ER6120 V3 and works fine. The WAN Port 1 from TP-Link ER6120 V3 connected with the internet. Then we have the following setup:
  • WAN-Port 1 (ER6120) is connected with port 1 (netgear switch)
  • Port 4 (netgear switch) is connected with port 1 (HP Server) -> Internal communication between all devices
  • Port 5 (ER6120) is connected with port 19 (tagged port on netgear switch)
  • Port 20 (tagged port on netgear switch) is connected with port 4 (HP Server) -> Only used for VLANs

Now when we try to create a test VM and enter the VLAN 100 the internet connection is going lost. For a short period, it has works with the VLAN 100 then we have added the second VLAN 101 and stops working. We have deleted the VLAN 101 again it is working again. But since some hours also the VLAN 100 is not working anymore. We have checked some how-to but we do not understand the currenct issue. Can it be that there is a loop somewhere or does this generally not work like this?

I hope one can understand our problem and apologize in advance for the chatotic explanation
 

Attachments

J

j_h_o

Active Member
Apr 21, 2015
644
180
43
California, US
You're asking a pretty large question. You should split this up: set up your VLANs and route network traffic, then figure out what you're doing about your Hyper-V server for VMs.

Network

That switch appears to be L3 capable.

You can either:
  1. have the router be in each VLAN, or
  2. have your L3 switch be the default gateway in each VLAN, and then set a static route from the switch to your NAT/router/firewall (I would recommend this)
You've shown port membership details, but I don't see any logical network details in your screenshots.

If you're going with Option 1, then you need to create interfaces on each VLAN (and your router needs to have an IP in each VLAN, like 192.168.100.1, 192.168.110.1, 192.168.120.1, etc.) and then your DHCP server would be relayed across each of the VLANs and issue IPs, with the appropriate default gateway in each VLAN. I would not recommend this, since your ER6120 would be responsible for routing traffic between internal VLANs which would likely be done in software/be a performance bottleneck.

If your L3 switch is handling all routing between VLANs, and trunking to your firewall, then you should set it up roughly as follows: (this is what I would strongly recommend)
  1. Create 5 VLANs, say VLAN 100, 110, 120, etc., and "assign" them IP ranges 192.168.100.0/24, 192.168.110.0/24, 192.168.120.0/24, etc.
  2. Decide that the switch will be 192.168.100.1, 192.168.110.1, 192.168.120.1, etc.. Set the IPs on each VLAN, on the switch, and make the necessary ports members of the appropriate VLANs, for cables/ports going to your rooms. You can use Tagged ports if you have additional L2-capable switches in your room/you need more ports; if you're connecting directly to your workstation, then just set them as untag on the appropriate VLAN. Connect a machine on an untag VLAN100 port, static it's IP to 192.168.100.2, and ensure you can ping the switch at 192.168.100.1, etc.
  3. Create a VLAN that is used to trunk to your router. Say VLAN 10, and decide that the Netgear switch is 192.168.10.1.
  4. Put your TPLink/router also in VLAN10 (via an untagged port for now) and set it's IP as 192.168.10.254.
  5. Add static routes on each device, so the router can talk to the switch:
    on your router: 192.168.0.0/16 should be forwarded to 192.168.10.1
    on your switch: 0.0.0.0/0 should be forwarded to 192.168.10.254
  6. Now, devices in each VLAN, with a static IP, should have their default gateways set to the Netgear switch's IP (192.168.100.1, 192.168.110.1, etc.) should have internet access.
  7. Set up DHCP relay: your Netgear switch will have a DHCP relay feature -- and you want to enable this in each of your client VLANs, and have it relay to your DHCP server of choice.
  8. Set up DHCP server: create scopes on your centralized DHCP server for each range (scope1 is 192.168.100.0/24, with default gateway of 192.168.100.1, scope2 would be 192.168.110.0/24 with default gateway of 192.168.110.1, etc.)
Server

For your server... you should set the Hyper-V Virtual Switch port to be a trunked NIC, that is untagged on the management network, and then tagged into VLAN100, VLAN110, etc.

What are you trying to do? What is the problem you're solving that you want the Hyper-V server to have VMs in each VLAN?
 
G

gregsachs

Active Member
Aug 14, 2018
562
192
43
j_h_o said:
You're asking a pretty large question. You should split this up: set up your VLANs and route network traffic, then figure out what you're doing about your Hyper-V server for VMs.

Network

That switch appears to be L3 capable.

You can either:
  1. have the router be in each VLAN, or
  2. have your L3 switch be the default gateway in each VLAN, and then set a static route from the switch to your NAT/router/firewall (I would recommend this)

If your L3 switch is handling all routing between VLANs, and trunking to your firewall, then you should set it up roughly as follows: (this is what I would strongly recommend)
Click to expand...
The only negative of option #2 is that the firewall/ACL configuration in the switch may be harder than doing in the router, and that may be a reason for doing the intra-vlan in the router. I personally do it this way for exactly this reason.
 
C

cij

New Member
Dec 20, 2017
10
0
1
36
Hello and thank you very much for your feedback and support.


About the background why we want to do this, we are different developers and want to ensure data separation here. The server will be used for development and different type of services like mysql, sql, webserver etc. our local machines are too small for the amount of vms. This is why we want to fix this issue on this way. We have knowledge in other areas but as you can se not in networking :(
 
You must log in or register to reply here.
Top Bottom