Re: VLANs in VM

[Robin Wood <robin () digininja org>]

On 16 September 2010 17:52, Colin Vallance <crvallance () gmail com> wrote:
> I'm in the process of fleshing out some other pieces to my lab right now but
> what I've got would probably work for you.  Keep in mind I'm a Cisco
> wireless guy so it's a bit focused on that but you could dump what you don't
> need.
>
> I've got a Dell server running VMware ESXi 4, a Dell Layer 2 switch (it's
> gig, but that isn't a requirement), a seagate dockstar running Debian as a
> NFS server (this is for a stupid reason, ask if you must), a Cisco 2106
> wireless controller, and a few APs (1252, 1242) for my physical hardware.
>
> Inside ESXi I have a few VMS.  Ubuntu server for services (dhcp, ntp,
> radius, etc), Win2k3 for Cisco WCS, Ubuntu desktop for testing, Win XP for a
> wireless client aside from my normal laptop.  I also have a Vyatta instance
> (more on that later).
>
> In ESXi's virtual switching I have several vlan's setup.  Each of these are
> segmented for a replicated customer network.  For example I have a
> management vlan where the controller, WCS, and services box sit, an AP vlan
> for my access points and a user vlan for the wireless clients.  I also have
> a ethernet interface in each of these vlans on the Vyatta instance.  This
> allows me to do routing between vlans and firewalling as I wish.  I also
> have a leg that can get back to my home network which stays firewalled, shut
> off (and unplugged) most of the time.  Having that in place allows me to
> upgrade machines in the VM enviro while still having some sort of air gap.
>
> Now the real handy part here is that the physical switch port on the Dell
> Powerconnect 5324 that the ESXi box is plugged in to is set as a 802.1q
> trunk.  I have that pruned for just the vlans I want to pass but it's
> essentially all the ones mentioned above.  Each of those vlans is also
> created on the Powerconnect so I can assign physical ports (as access ports
> typically) that stuff in the ESXi can see.  ESXi doesn't do VTP/GVRP/MVRP so
> I had to setup the vlans manually on both sides but that's not the end of
> the world.
>
> So getting around to Robin's question.  I believe it would be trivial to
> setup boxes in the vmware environment in specific vlans and play within that
> environment.  If you even wanted to do some work in the physical world
> (which is typically my preference) as long as you had the vlan passing
> through your trunk port you could assign them on the physical switch ports
> appropriately and play from there.  I tend to keep a port on my powerconnect
> as a mirrored port of my trunk just so I can plug in my netbook and fire up
> wireshark/tcp dump.

Wow, that is a flood of information and it kind of makes sense. I'd
need to be running ESXi which I'm currently not but could try.

I think I've got a long way to go on low lever networking to be doing
anything more than trying to hop from VLAN to another and seeing what
sniffers pick up on different network segments. The joys of coming
down the stack from developer rather than up from sys-admin.

Robin

> -Colin
> b0o
>
> On Thu, Sep 16, 2010 at 10:32 AM, Carlos Perez
> <carlos_perez () darkoperator com> wrote:
> > righ now I have an old Cisco 3550 for playing with that, best bet would be
> > to get an old cisco, procurve, 3com ..etc from ebay
> > each vendor has it own twist on "Standard Protocols"
> > On Sep 16, 2010, at 11:27 AM, Robin Wood wrote:
> >
> > > On 16 September 2010 16:08, Matthew Manor <kingmanor () gmail com> wrote:
> > > > Have you tried Vyatta?  It can do most of what Cisco IOS can do but
> > > > virtually, including VLANs, and you can certainly run an entire lab of
> > > > VMs off of it.
> > >
> > > I've just had a quick look through it but can't tell if it would help
> > > or not. I want to put different machines in my VirtualBox lab onto
> > > different VLANs so I can experiment with them. Do you know if their
> > > software product would do that?
> > >
> > > > -Matt Manor
> > > >
> > > > On 9/16/10, Carlos Perez <carlos_perez () darkoperator com> wrote:
> > > > > Do you mean having a switch with 802.1q?
> > > > >
> > > > > Sent from my iPhone
> > > > >
> > > > > On Sep 16, 2010, at 5:03 AM, Robin Wood <robin () digininja org> wrote:
> > > > >
> > > > > > Is there any way to setup a VLAN environment in a virtual
> > > > > > environment?
> > > > > > They are something I've never had much chance to play with and I'd
> > > > > > love to get it labbed up so I can. I know there are virtual systems
> > > > > > for running IOS images but don't think I could then hang a bunch of
> > > > > > VMs off those machines.
> > > > > >
> > > > > > Preferably VirtualBox methods but any VM will do.
> > > > > >
> > > > > > Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com