How to configure a HP Blade 3020 Cisco Switch for a DMZ or alternative VLAN with XenServer

CISCO Configuration

Useful Cisco Commands

  • show vlan brief
  • show run interface gi0/xx
  • switchport access vlan 30
  • switchport trunk encapsulation dot1q
  • switchport mode trunk

HP Blade 3020 Cisco Switch Overview

This switch is a 24 port switch that is split in to logical sections, virtual and physical.

The first 16 ports, gi0/1 to gi0/16 are allocated to blade server network ports and are mapped according to their position in the enclosure. You can find these mappings via the HP Onboard Administrator web page, under the port mapping section of each blade server.

The following 8 ports, gi0/17 to gi0/24, are located physically at the back of the blade enclosure and they can be used to uplink to other networks. These ports can also be accessed via the web management console for the switch.

To configure all the ports it is best to either telnet or use a console session to the switch. You can use a freeware program called Putty and a Cisco console cable to access the switch via the console. Putty cab also be used for telnet sessions if telnet is enabled.

Creating a DMZ Cisco procedure

  1. Document all blade network ports and their mappings that need to be allocated to the DMZ network and decide on a VLAN number eg. Blade NIC1 maps to port gi0/3 on switch 1
  2. Log on to the switch using telnet or console
  3. Once logged on run the following commands in order
    1. Enable
    2. Create DMZ vlan:
      i.      config terminal
      ii.      vlan database
      iii.      vlan 30 name DMZ
      iv.      exit
      v.      exit
      vi.      wr
    3. Add blade network port to DMZ
      i.      config terminal
      ii.      interface gi0/3
      iii.      switchport mode trunk
      iv.      switchport trunk encapsulation dot1q
      v.      switchport access vlan 30
      vi.      exit
      vii.      exit
      viii.      wr
    4. After adding the blade network port we need to allocate one of the physical ports as an uplink port to the DMZ eg. Gi0/24
      i.      config terminal
      ii.      interface gi0/24
      iii.      switchport mode trunk
      iv.      switchport trunk encapsulation dot1q
      v.      switchport access vlan 30
      vi.      exit
      vii.      exit
      viii.      wr
  4. If the destination is another switch make sure that the VLAN matches for the uplink port.

Xenserver Configuration

  1. On the Pool level add an external network

  1. Name the network DMZ

  1. Point the network to the physical blade NIC or NIC bond allocated to the DMZ network. Make sure to add the Vlan tag of the DMZ Vlan eg. 30

  1. Finish
  2. When creating a DMZ virtual machine make sure to add it to the DMZ network and to allocate the OS a DMZ IP address eg. 192.168.30.3/24
2011
05/06
CATEGORY
Citrix
Citrix XenServer
TAGS


Write comment

  1. No trackbacks yet.

Leave a comment

Connect with me…

View Andrew Seeliger's profile on LinkedIn
Follow andrewseeliger on Twitter
Please make some donations