Now we need to configure our switches based on the picture from the cabling post
We can see:
| 1 | 3 | 5 | 7 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | 23 | 25 | 27 | 29 | 31 | 33 | 35 | 37 | 39 | 41 | 43 | 45 | 47 |
| 2 | 4 | 6 | 8 | 10 | 12 | 14 | 16 | 18 | 20 | 22 | 24 | 26 | 28 | 30 | 32 | 34 | 36 | 38 | 40 | 42 | 44 | 46 | 48 |
- we expand this for
- use port 1 for uplinks (outside,red)
- use port 2 for the deployer node (blue) will trunk all vlans (except the management) and the management vlan (gray) being the native vlan.
- add 2 more ESX servers (with ILOs) (servers, yellow), (management, gray)
- move the NAS from [26,28,30,32] to [30, 32,34,36] (storage, white)
- add a second NAS connection to [29,31,33,35] (storage, white)
- (inside, green)
- (pfsync, purple) if we choose to not use the internal NIC connection or need to attach another crate for vm/storage migration.
| 1 | 3 | 5 | 7 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | 23 | 25 | 27 | 29 | 31 | 33 | 35 | 37 | 39 | 41 | 43 | 45 | 47 |
| 2 | 4 | 6 | 8 | 10 | 12 | 14 | 16 | 18 | 20 | 22 | 24 | 26 | 28 | 30 | 32 | 34 | 36 | 38 | 40 | 42 | 44 | 46 | 48 |
As mentioned in an earlier post, this will let a single switch run the whole crate in the event of a switch failure, but will also alow us to spread the components across both switches such that a single switch failure will not take the crate's resources offline.
(blue) trunk: untagged: 1; tagged: [5, 10-30, 256, 257] (red) outside: untagged: 257 (green) inside: untagged: 256 (gray) management: untagged: 5 (yellow) servers: untagged: 5; taggged [11-30] (white) storage: untagged: 11 (purple) pfsync: untagged: 10 (black) unuses: untagged: 1
In addition, we will be creating port-channel groups for storage on [29,31,33,35] and [30,32,34,36] as the NAS supports it. Rather than log into the switch and type each of our ~32 port configurations by hand, let's write some ruby to autogenerate our configs if we give it our design from above:
portmaker.rb
#!/usr/bin/env ruby
#
# convert hash of switch port "types" and a hash of switchport assignments to a working switch configuration
#
require "erb"
################################################################################
vlans = {
'trunk' => { 'pvid' => 1, 'tagging' => (10..30).to_a.push(5,256,257).sort },
'vmware_esx' => { 'pvid' => 5, 'tagging' => (11..30).to_a },
'outside' => { 'pvid' => 257 },
'inside' => { 'pvid' => 256 },
'management' => { 'pvid' => 5 },
'storage' => { 'pvid' => 11 },
'pfsync' => { 'pvid' => 10 },
}
ports = {
'trunk' => (2..4).to_a,
'outside' => [1, 8, 44],
'inside' => [6, 42],
'management' => (13..16).to_a,
'vmware_esx' => (17..28).to_a.push(10,46).sort,
'storage' => (29..36).to_a,
'pfsync' => [12, 48],
}
################################################################################
# Array#to_ranges
# Converts an array of values (which must respond to #succ) to an array of ranges. For example,
# [3,4,5,1,6,9,8].to_ranges => [1,3..6,8..9]
class Array
def to_ranges
array = self.compact.uniq.sort
ranges = []
if !array.empty?
# Initialize the left and right endpoints of the range
left, right = self.first, nil
array.each do |obj|
# If the right endpoint is set and obj is not equal to right's successor
# then we need to create a range.
if right && obj != right.next
if left == right
ranges << left
else
ranges << Range.new(left,right)
end
left = obj
end
right = obj
end
if left == right
ranges << left
else
ranges << Range.new(left,right)
end
end
ranges
end
end
interfacerb = '
interface 0/<%= @port %>
description \'<%= @type %>\'
vlan ingressfilter
<% unless @vlanparticipation.nil? -%>
vlan participation include <%= @vlanparticipation %>
<% end -%>
<% unless @pvid.nil? -%>
vlan pvid <%= @pvid %>
<% end -%>
<% unless @vlantagging.nil? -%>
vlan tagging <%= @vlantagging %>
<% end -%>
port-security max-dynamic 0
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp med confignotification
exit
'
(1..48).each do |port|
@port = port
found=0
@pvid = nil
@vlantagging = nil
@vlanparticipation = nil
ports.keys.each do |type|
@type = type
if ports[type].grep(port).length.nonzero?
@pvid = vlans[type]['pvid']
participation = Array.new().push(vlans[type]['pvid'])
if vlans[type]['tagging']
# @vlantagging = vlans[type]['tagging'].join(',')
@vlantagging = vlans[type]['tagging'].to_ranges.to_s.gsub!(/[\[\]]/,'').gsub(/\.\./,'-').gsub(/\s/,'')
participation.concat(vlans[type]['tagging'])
end
# @vlanparticipation = participation.sort.join(',')
@vlanparticipation = participation.to_ranges.to_s.gsub!(/[\[\]]/,'').gsub(/\.\./,'-').gsub(/\s/,'')
puts ERB.new(interfacerb,nil,"-").result
found=1
end
end
# puts "#{port}: unconfigured" if found.zero?
end
portmaker output (you can see why I don't want to type this manually)
interface 0/1 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/2 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/3 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/4 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/6 description 'inside' vlan ingressfilter vlan participation include 256 vlan pvid 256 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/8 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/10 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/12 description 'pfsync' vlan ingressfilter vlan participation include 10 vlan pvid 10 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/13 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/14 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/15 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/16 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/17 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/18 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/19 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/20 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/21 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/22 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/23 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/24 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/25 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/26 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/27 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/28 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/29 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/30 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/31 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/32 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/33 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/34 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/35 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/36 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/42 description 'inside' vlan ingressfilter vlan participation include 256 vlan pvid 256 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/44 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/46 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/48 description 'pfsync' vlan ingressfilter vlan participation include 10 vlan pvid 10 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/1 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/2 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/3 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/4 description 'trunk' vlan ingressfilter vlan participation include 1,5,10-30,256-257 vlan pvid 1 vlan tagging 5,10-30,256-257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/6 description 'inside' vlan ingressfilter vlan participation include 256 vlan pvid 256 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/8 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/10 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/12 description 'pfsync' vlan ingressfilter vlan participation include 10 vlan pvid 10 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/13 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/14 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/15 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/16 description 'management' vlan ingressfilter vlan participation include 5 vlan pvid 5 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/17 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/18 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/19 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/20 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/21 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/22 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/23 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/24 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/25 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/26 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/27 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/28 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/29 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/30 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/31 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/32 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/33 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/34 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/35 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/36 description 'storage' vlan ingressfilter vlan participation include 11 vlan pvid 11 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/42 description 'inside' vlan ingressfilter vlan participation include 256 vlan pvid 256 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/44 description 'outside' vlan ingressfilter vlan participation include 257 vlan pvid 257 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/46 description 'vmware_esx' vlan ingressfilter vlan participation include 5,11-30 vlan pvid 5 vlan tagging 11-30 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit interface 0/48 description 'pfsync' vlan ingressfilter vlan participation include 10 vlan pvid 10 port-security max-dynamic 0 lldp transmit-tlv port-desc lldp transmit-tlv sys-name lldp transmit-tlv sys-desc lldp transmit-tlv sys-cap lldp med confignotification exit
Some thoughts on subnetting
Each crate will be given a 10.x.0.0/16 subnet in addition to it's 198.51.100.x/27 subnet. The result of this will be that the crates can be connected and the same "type" of traffic will be on the same VLANs, and can run side-by-side. We would then have a 10.255.5.0/24 subnet sharing the same VLAN (vlan 5) with 10.254.5.0/24, but there would be no IP collisions and all the traffic would be in the same "risk domain" (i.e. server traffic on server VLANs, outside traffic on outside VLANs, inside traffic on inside VLANs. This will allow us to migrate entire networks from crate to crate without re-wiring or reconfiguring VLANs. Every crate will be a part of a network of up to 8 crates (from the /27 of the backplane network)
VLAN-1 will be our 198.51.100.32/27 network VLAN-5 will carry 10.x.5.0/24 VLAN-10 will carry 10.x.10.0/24 VLAN-11 will carry 10.x.11.0/24 ... and so on ... VLAN-30 will carry 10.x.30.0/24 VLAN-256 will carry 10.x.0.0/24 VLAN-257 will carry whatever the uplink provides. (We may not have control over this when we move the crate.)
So now we can use our serial connection from the deployer box to console our switches and log in as ubnt/ubnt. From serial interface: 115200 8n1 rollover (cisco) cable, pl2303, straight through (no null modem), we will use the TEST-NET-3 subnet - +6/+7 edge01/edge01, respectfully.
edge01
network protocol none Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n) y network parms 198.51.100.38 255.255.255.224 198.51.100.33 (UBNT EdgeSwitch) #show network Interface Status............................... Up IP Address..................................... 198.51.100.38 Subnet Mask.................................... 255.255.255.224 Default Gateway................................ 198.51.100.33 IPv6 Administrative Mode....................... Enabled IPv6 Prefix is ................................ fe80::7683:c2ff:fefd:6bf4/64 Burned In MAC Address.......................... 74:83:C2:FD:6B:F4 Locally Administered MAC address............... 00:00:00:00:00:00 MAC Address Type............................... Burned In Configured IPv4 Protocol....................... None Configured IPv6 Protocol....................... None IPv6 AutoConfig Mode........................... Disabled Management VLAN ID............................. 1 configure do vlan database vlan 5,10-30,256,257 exit configure (paste in the output from portmaker.rb) exit (UBNT EdgeSwitch) #copy system:running-config nvram:startup-config This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully . Configuration Saved!
At this point all ports should be on the correct VLAN and should persist after a reload. And if you've plugged the deployer node into port 2 of the switch, the switch is now reachable, and you can ssh in as ubnt.
root@deployer2:~# ping 198.51.100.38 PING 198.51.100.38 (198.51.100.38) 56(84) bytes of data. 64 bytes from 198.51.100.38: icmp_seq=1 ttl=64 time=3.68 ms 64 bytes from 198.51.100.38: icmp_seq=2 ttl=64 time=1.81 ms 64 bytes from 198.51.100.38: icmp_seq=5 ttl=64 time=1.75 ms
configured the other switch
edge01
enable network protocol none network parms 198.51.100.39 255.255.255.224 198.51.100.33 copy system:running-config nvram:startup-config configure do vlan database vlan 5,10-30,256,257 exit configure (paste in the output from portmaker.rb) exit copy system:running-config nvram:startup-config
The deployer node only has the native VLAN 1 configured, but also has [ 5, 10-30, 256-257 ] presented to it in a tagged trunk. We might need those later, but for now we can move on to deploying our OpenBSD nodes.