[SOLVED] Vlans

[has123]

Hi,

I'm new to Zentyal and am hoping someone can guide me. I've setup my lab as follows:
Hyper-V 2008R2 server with 3 virtual nics. Nic1=server management (external network -192.168.2.x), Nic2=VMs (192.168.2.x), Nic3= Zentyal network (192.168.101.x - no gateway). There is a dhcp router on the network (192.168.2.1).
Nics 1 and 2 on the Hyper-V server are connected to the dhcp router. Nic 3 is connected to a D-Link layer 2 managed switch. The switch has an IP address of 192.168.101.1

I've installed Zentyal as a hyper-v machine and it runs great. I have set up eth0 as external (192.168.2.81/24.) Eth1 is Internal (192.168.101.254).
I have created a gateway on the Zentyal (192.168.2.1). I have also added 192.168.2.1 as a DNS server on the Zentyal.

Using static IPs (192.168.101.x/24, GW Zentyal, DNS Zentyal), servers connected to the switch can resolve DNS, and get to the internet.

In order to set up vlans, I did the following:
1) Created 3 VLANS on the Zentyal: VLAN 101 (192.168.101.2), VLAN 102(192.168.102.2), VLAN 103 (192.168.103.2).
I then created the three VLANs on the D-Link switch. Now my machines on the 192.168.101.x subnet can ping each other, the switch, and the Zentyal but not anything on the internet. They can also no longer ping the 192.168.2.1 router. Can someone please advise as to how I can fix this? Do I need to create a bridge between the VLANs and the gateway (192.168.2.1)?
Thanks.
Has123

[cheesyking]

I'm just trying to figure out how to do this kind of setup myself...

My limited understanding is that you have to do routing between vlans and between a vlan and the internet so forget about bridges.

I'm not entirely clear on what network settings you're using on the vlan machines, the same as before the vlans were setup?

Using static IPs (192.168.101.x/24, GW Zentyal, DNS Zentyal), servers connected to the switch can resolve DNS, and get to the internet.

If they're using zentyal as their default GW that should be OK.

One thing you might want to check is whether your machines on the vlans are actually able to contact the zentyal server, eg can they get the admin console or ssh in. Pings can be returned by anything and IIRC the firewall in zentyal will return a ping even if it's actually blocking other traffic.

[has123]

Hi Cheesy King,

Got it working. The trick is to create multiple interfaces in hyper -v for the Zentyal VM, and give each of them a VLAN ID. With the Zentyal VM, you will see multiple Ethernet sockets. Give them Static IPs instead of making them 802.1Q trunks.

The connection from the physical switch to the server / hyper-v virtual switch should be trunked (as long as the network card supports it, Hyper-V will too..). In Server 2008R2/ Hyper-V2, the connection from the virtual switch to the virtual interface on the VM cannot be trunked. Hence the need to create multiple interfaces and assign them VLANs in Hyper-V.

Everything works fine now including DHCP and DNS on the various VLANS.

Regards,
Has123

[cheesyking]

Thanks for the feedback! You've made my life a lot easier