edit1:
I rethink it over and find that the problem arises when ESXi puts different tagged VLAN traffic to different VMs; native traffic is discarded and never able to reach DHCP server which is in a VM.
Could it be solved if I run say a Windows server with DHCP that handles DHCP for all VLANs directly on Dell server? No more ESXi and I can then put VMs in its hyper v and do the rest. Apparently it will be some bad $$.
Original post:
I'm about to move in to a new house and currently in the process of buying networking equipments. Not a complete newbie but the following bothers me a lot.
Basic setup:
4* IP cameras for entry gate, yard and etc.
7* Ruckus R710 running Unleashed
1* ICX7150 or similar basic L3 gear for switching and powering the above
1* Dell R240 in the rack connected to the switch on 10G SFP+ port, running ESXi for a few VMs:
1. OpenWRT for firewall, PPPOE and DHCP stuff, this VM gets a passthrough NIC to connect to the ISP modem;
2. Debian for some development fun;
3. Blue Iris for IP cameras playback and recording and
4. freeNAS or similar for personal storage.
Lots of devices for work and entertainment, wired or wireless
Planned VLANs and switch port configs are:
VL10 for wired home users and home wireless SSID, tag ports to APs and Dell server, untag ports to end user devices like PCs, stream boxes, gaming consoles and etc.
VL20 for guest wireless SSID, tag ports to APs and Dell server
VL30 for IP cameras, tag port to Dell server, untag ports to IP cameras
VL99 for TRANSIT traffic between the switch and OpenWRT, tag port to Dell server
ICX7150 will serve as gateway in each of the VLANs and handle all traffic unless going for Internet. On the server, ESXi's virtual switch will distribute the incoming traffic according to the 802.1q tag to respective VMs, i.e. VL10/20 DHCP requests flow to OpenWRT VM, VL99 Internet traffic flows to OpenWRT VM, VL30 IP cameras' video stream flows to Blue Iris VM, VL10 file transfer traffic flows to freeNAS VM. So far so good.
Now here's the catch that makes me scratching my head:
Ruckus Unleashed APs only send and receive management frames (getting IPs and etc.) untagged or in native VLAN 1, while ESXi (for my use case) insists that all arriving at host traffic must be tagged, resulting APs' management frames can't get to OpenWRT VM and therefore no IPs can be served or no management interface.
VMWare article says no native VLAN or untagged traffic
Ruckus says Unleashed APs management traffic is untagged
Is there any workaround so that management data from AP that's untagged gets VL10 added going into the switch port, so that it gets to the ESXi and further into OpenWRT VM? I searched a ton and read about dual mode. Do I simply configure ports to APs VL10 and VL20 tagging with dual mode VL10 and viola? From what I read, this should add VL10 tag to any untagged traffic into these ports and preserve any already-VL10/20-tagged packet going in and out? To me it still sounds problematic because when data going to those dual mode ports the switch cannot know if a packet is normal home net traffic or AP management traffic so it can't decide if it needs to strip away the VL10 tag. If the VL10 tag is in it, then APs are not going to take it as management data, but only as wireless traffic for home wireless SSID.
Sorry for the long question but any help from you geniuses here is very much appreciated.
I rethink it over and find that the problem arises when ESXi puts different tagged VLAN traffic to different VMs; native traffic is discarded and never able to reach DHCP server which is in a VM.
Could it be solved if I run say a Windows server with DHCP that handles DHCP for all VLANs directly on Dell server? No more ESXi and I can then put VMs in its hyper v and do the rest. Apparently it will be some bad $$.
Original post:
I'm about to move in to a new house and currently in the process of buying networking equipments. Not a complete newbie but the following bothers me a lot.
Basic setup:
4* IP cameras for entry gate, yard and etc.
7* Ruckus R710 running Unleashed
1* ICX7150 or similar basic L3 gear for switching and powering the above
1* Dell R240 in the rack connected to the switch on 10G SFP+ port, running ESXi for a few VMs:
1. OpenWRT for firewall, PPPOE and DHCP stuff, this VM gets a passthrough NIC to connect to the ISP modem;
2. Debian for some development fun;
3. Blue Iris for IP cameras playback and recording and
4. freeNAS or similar for personal storage.
Lots of devices for work and entertainment, wired or wireless
Planned VLANs and switch port configs are:
VL10 for wired home users and home wireless SSID, tag ports to APs and Dell server, untag ports to end user devices like PCs, stream boxes, gaming consoles and etc.
VL20 for guest wireless SSID, tag ports to APs and Dell server
VL30 for IP cameras, tag port to Dell server, untag ports to IP cameras
VL99 for TRANSIT traffic between the switch and OpenWRT, tag port to Dell server
ICX7150 will serve as gateway in each of the VLANs and handle all traffic unless going for Internet. On the server, ESXi's virtual switch will distribute the incoming traffic according to the 802.1q tag to respective VMs, i.e. VL10/20 DHCP requests flow to OpenWRT VM, VL99 Internet traffic flows to OpenWRT VM, VL30 IP cameras' video stream flows to Blue Iris VM, VL10 file transfer traffic flows to freeNAS VM. So far so good.
Now here's the catch that makes me scratching my head:
Ruckus Unleashed APs only send and receive management frames (getting IPs and etc.) untagged or in native VLAN 1, while ESXi (for my use case) insists that all arriving at host traffic must be tagged, resulting APs' management frames can't get to OpenWRT VM and therefore no IPs can be served or no management interface.
VMWare article says no native VLAN or untagged traffic
Ruckus says Unleashed APs management traffic is untagged
Is there any workaround so that management data from AP that's untagged gets VL10 added going into the switch port, so that it gets to the ESXi and further into OpenWRT VM? I searched a ton and read about dual mode. Do I simply configure ports to APs VL10 and VL20 tagging with dual mode VL10 and viola? From what I read, this should add VL10 tag to any untagged traffic into these ports and preserve any already-VL10/20-tagged packet going in and out? To me it still sounds problematic because when data going to those dual mode ports the switch cannot know if a packet is normal home net traffic or AP management traffic so it can't decide if it needs to strip away the VL10 tag. If the VL10 tag is in it, then APs are not going to take it as management data, but only as wireless traffic for home wireless SSID.
Sorry for the long question but any help from you geniuses here is very much appreciated.
Last edited: