I had it all configured the way I thought it had to be and it was
still not working.
I was configuring my new Cisco switch with the web
management interface. When I finally connected on the serial port, I
realized I hadn't allowed the VLANs across the trunk ports. It was a
stupid oversight on my part, but as soon as I did that, everything
started working.
I ultimately decided to leave my Cisco switch running
in L2 mode. Someday, I may decide to configure it to run in L3.
In the
mean time, I was able to rip out several unnecessary switches and patch
cables now that everything in on a managed switch and using VLANs.
Thanks for the input.
Tom
On 04/21/2013 5:17 am, Paul Gear wrote:
> On 04/21/2013 11:26 AM, Tom Jensen wrote:
>
>> ... I realize this
really isn't Shorewall specific since each VLAN interface would be
entered as a zone and rules configured appropriately. But I would
appreciate some validation with my planned approach. Has anyone done
something similar? Is my thinking with VLANs correct? I don't have much
experience with VLANs yet. Is there documentation using Shorewall in a
similar setup?
>
> Hi Tom,
>
> I do something very similar with my
main client at present. In fact,
> we're working on putting everything
in VLANs (not just internal stuff)
> and running the server with bonded
interfaces, so that the staff at our
> remote offices don't have to
care which server NIC is which. They can
> just plug into any (or all)
of the interfaces and it will work.
>
> I typically set up something
like this:
>
> - VLAN 1: management - contains switch, wifi AP, and
sometimes ESXi
> server management IPs
>
> - VLAN 10: staff - PCs,
printers, staff laptops via wifi, sometimes file
> servers
>
> - VLAN
20: public - PCs, sometimes printers, guest wifi devices
>
> - VLAN 30:
ADSL modem - PPPoE runs on this interface.
>
> In the bonded scenario i
described, we would put all of the ethX
> interfaces into bond0 (in ALB
or TLB mode, so that there's no need for
> LACP on the switch), then
use the bond0.VLAN interfaces as the shorewall
> zones (except the
management VLAN, which is just bond0, and ppp0, which
> will be your
DSL interface for the net zone).
>
> To do this, you need to make sure
the server NICs are plugged into trunk
> ports on the Cisco switch.
Switch setup for the above would be
> something like this:
>
> vlan
1
> name mgt
> vlan 10
> name staff
> vlan 20
> name public
> vlan 30
>
name adsl
> interface GigabitEthernet1/0/1
> switchport mode trunk
>
switchport trunk native vlan 1
> switchport trunk encapsulation dot1q
>
switchport trunk allowed vlan 10,20,30
> interface
GigabitEthernet1/0/2
> switchport mode trunk
> switchport trunk native
vlan 1
> switchport trunk encapsulation dot1q
> switchport trunk allowed
vlan 10,20,30
> ... (repeat for as many server NICs as you want)
>
>
Regards,
> Paul
>
>
------------------------------------------------------------------------------
>
Precog is a next-generation analytics platform capable of advanced
>
analytics on semi-structured data. The platform includes APIs for
building
> apps and a phenomenal toolset for data science. Developers
can use
> our toolset for easy data analysis & visualization. Get a free
account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
[1]
> _______________________________________________
> Shorewall-users
mailing list
> [email protected]
>
https://lists.sourceforge.net/lists/listinfo/shorewall-users [2]
--
Tom Jensen | President
Digital Toolbox
Phone | Direct
651-503-3559
Email | [email protected]
Links:
------
[1]
http://www2.precog.com/precogplatform/slashdotnewsletter
[2]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
