BDMcGrew
Dabbler
- Joined
- Sep 22, 2015
- Messages
- 49
So... I'm posting this here, hoping that, much like myself there are a lot of enterprise professionals out here that have the same kind of enterprise lab setup at home they do in the barn. Otherwise, it's so off-topic that it barely fits in this forum!
I've got this ESXi HA Cluster I've been building an talked about in a few other posts, 4 nodes, 2 NAS boxes and 2 Dell 6248 switches. All of that is working fine but I want to virtualize my firewall in to the cluster since it's all HA and fault tolerant. The firewall is a Linux box with 3 NIC's in use.
eth0 goes to the internal network 192.168.0.0/24
eth1 goes to the residential cable modem on a /24 dhcp network.
eth2 goes to the business cable modem with a static /25 network.
Each node in the HA cluster has 4 NIC's and they're all in a LAG and working great. My idea was to create a VLAN for each cable modem and a Distributed Port Group on the vDS and enable vlan tagging, thus allowing modem traffic to be segregated from the rest of the network but keeping the whole HA fault tolerance going whereby the VM's will all move in the even of a failure.
I configured this all up on the switch and vDS, ran the P2V converter on the firewall and lit it up, it didn't work - failed miserably. So I stopped and backed way up to the very basics. I created a single vlan on the switch with 2 port assigned, plugged the residential dhcp modem into one and my notebook in the other figuring dhcp would get and address and I'd be off and running. Nope, no chance.
So I called the cable company support line thinking maybe I'd get lucky and get T3 support and I did. They basically said WTF and told me to go away.
Backed up another step, deploying a stone stupid Netgear unmanaged switch, cable modem and notebook and boom, came right up on DHCP and life was good. Back to the vlan ports and it's dead again. Remove cable modem and connect a router in its place (with dhcp server) to same vlan port and it worked, I could ping and pass traffic. Put the modem back in that spot and nothing. The vlan ports are untagged and simply configured switchport access vlan 223, nothing else. I don't get it, it's almost like the modem knows what I'm doing and just turns it's ethernet interface off.
I'm using an Arris 822G modem with no configuration options that I can get to. There is an advanced tab in the web gui but requires a password of the day and so it does me no good.
Has anyone ever done something like this before or dealt with anything similar? If so, this probably makes sense to you and if not, it probably doesn't. I mean, I find it hard to believe that the cable modem can just throw up a barrier and flat refuse to talk to a switch because it's a vlan?
The second Dell 6248 switch is a cold spare right now, I haven't bought the stacking cards (yet), that's another project for later but I did swap the switches to make sure I wasn't dealing with a hardware problem as well as tried multiple ports on each switch. Nothing.
Ultimately my goal is to have a cable modem on port 48 and another on port 47, each in their own vlan and have that vlan traffic tagged and forwarded to the 4 LAG's that are on ports 1/g1-1/g16. And, the theory works - as long as I'm doing it all with something other than the cable modem - any other IP device plays just fine.
I'm thinking there's got to be some magic switch incantation to get this modem to wake up and talk correctly??? I have only tried the one 'residential' modem so far since the business modem is a direction connection to customers sites and I can't have it down for an extended period of time.
The firewall is ClearOS 6 which is based on a Linux CentOS 6 installation.
Ideas and suggestions welcomed... anyone, anyone???
thanks!
-b
I've got this ESXi HA Cluster I've been building an talked about in a few other posts, 4 nodes, 2 NAS boxes and 2 Dell 6248 switches. All of that is working fine but I want to virtualize my firewall in to the cluster since it's all HA and fault tolerant. The firewall is a Linux box with 3 NIC's in use.
eth0 goes to the internal network 192.168.0.0/24
eth1 goes to the residential cable modem on a /24 dhcp network.
eth2 goes to the business cable modem with a static /25 network.
Each node in the HA cluster has 4 NIC's and they're all in a LAG and working great. My idea was to create a VLAN for each cable modem and a Distributed Port Group on the vDS and enable vlan tagging, thus allowing modem traffic to be segregated from the rest of the network but keeping the whole HA fault tolerance going whereby the VM's will all move in the even of a failure.
I configured this all up on the switch and vDS, ran the P2V converter on the firewall and lit it up, it didn't work - failed miserably. So I stopped and backed way up to the very basics. I created a single vlan on the switch with 2 port assigned, plugged the residential dhcp modem into one and my notebook in the other figuring dhcp would get and address and I'd be off and running. Nope, no chance.
So I called the cable company support line thinking maybe I'd get lucky and get T3 support and I did. They basically said WTF and told me to go away.
Backed up another step, deploying a stone stupid Netgear unmanaged switch, cable modem and notebook and boom, came right up on DHCP and life was good. Back to the vlan ports and it's dead again. Remove cable modem and connect a router in its place (with dhcp server) to same vlan port and it worked, I could ping and pass traffic. Put the modem back in that spot and nothing. The vlan ports are untagged and simply configured switchport access vlan 223, nothing else. I don't get it, it's almost like the modem knows what I'm doing and just turns it's ethernet interface off.
I'm using an Arris 822G modem with no configuration options that I can get to. There is an advanced tab in the web gui but requires a password of the day and so it does me no good.
Has anyone ever done something like this before or dealt with anything similar? If so, this probably makes sense to you and if not, it probably doesn't. I mean, I find it hard to believe that the cable modem can just throw up a barrier and flat refuse to talk to a switch because it's a vlan?
The second Dell 6248 switch is a cold spare right now, I haven't bought the stacking cards (yet), that's another project for later but I did swap the switches to make sure I wasn't dealing with a hardware problem as well as tried multiple ports on each switch. Nothing.
Ultimately my goal is to have a cable modem on port 48 and another on port 47, each in their own vlan and have that vlan traffic tagged and forwarded to the 4 LAG's that are on ports 1/g1-1/g16. And, the theory works - as long as I'm doing it all with something other than the cable modem - any other IP device plays just fine.
I'm thinking there's got to be some magic switch incantation to get this modem to wake up and talk correctly??? I have only tried the one 'residential' modem so far since the business modem is a direction connection to customers sites and I can't have it down for an extended period of time.
The firewall is ClearOS 6 which is based on a Linux CentOS 6 installation.
Ideas and suggestions welcomed... anyone, anyone???
thanks!
-b
