[00:00] <Llama052_> give me a vlan map[00:00] <Llama052_> of all the vlans you

1. [00:00] <Llama052_> give me a vlan map
2. [00:00] <Llama052_> of all the vlans you have
3. [00:00] <Llama052_> that need to ag into the untangle server
4. [00:00] <Llama052_> also the unmanaged gigabit switch on the edge is strange
5. [00:00] <Llama052_> nvm
6. [00:01] <Llama052_> also you're showing 16x connections to the untangle server?
7. [00:01] <Llama052_> on the specs
8. [00:01] <Llama052_> Looks like you'll need to do vlan tagging on the untangle host
9. [00:02] <Llama052_> and ignore vlan settings on the vmware box
10. [00:02] <yancho> http://imgur.com/a/7B1M5 Llama052_ 4th image .. is that what you need?
11. [00:02] <Llama052_> assuming the core switches connections are lagged?
12. [00:02] <cnf> why are they all trunks?
13. [00:02] <Llama052_> Do you really need all those vlans?
14. [00:02] <Llama052_> but okay
15. [00:03] <Llama052_> cnf, he doesn't have dvs iirc
16. [00:04] <yancho> correct Llama052_
17. [00:04] <Llama052_> so tag those LAGS onto vmware, but leave your vmware management vlan (whatever it may be) untagged
18. [00:05] <cnf> right, time for bed
19. [00:05] <cnf> gl
20. [00:05] <Llama052_> add a vnetwork for the mgmt interface (with vlan specified) and one for everything else without a vlan defined
21. [00:05] <Llama052_> cnf, halp
22. [00:05] <yancho> thanks for ur help cnf .. gn :)
23. [00:05] <Llama052_> and add all the nics to the vswitch for it
24. [00:05] <Llama052_> assuming you have the LAG setup correctly on the switch it should be alive
25. [00:06] <Llama052_> then setup untangle to look for those VLAN ids
26. [00:06] <Llama052_> I'd put WAN and LAN on two different virtual nics though
27. [00:06] <yancho> Llama052_: vnetwork is vlan?
28. [00:07] <Llama052_> you'll want a kernel nic for the management
29. [00:07] <Llama052_> whichever vlan that will live on
30. [00:07] <Llama052_> it will need to know
31. [00:07] <Llama052_> so you could do two vsiwtches, 1 for local and one for wan
32. [00:07] <Llama052_> vswitches*
33. [00:08] <Llama052_> select your vmkernal for management with a vlan, and then make a network for all of your LAN without vlan specified
34. [00:08] <Llama052_> or Virtual machine port group
35. [00:09] <Llama052_> you'll want to verify you have the vlans tagged on the switch connected to the vmware box
36. [00:09] <Llama052_> vmware esx only needs to see the management vlan tbh, you can *untangle* the other vlans on untangle
37. [00:12] <Llama052_> you've got about 5 more minutes before I head home for the night lol
38. [00:12] <yancho> and management vlan has to be vlan 1 ? or can be any number?
39. [00:12] <Llama052_> whatever you want to be able to access the vmware box on
40. [00:12] <Llama052_> the management interface of the vmware box
41. [00:12] <Llama052_> most people have a management vlan
42. [00:12] <yancho> at the moment it is untagged .. unmanaged .. so we can do it managed 1
43. [00:12] <Llama052_> dedicated for admin interfaces and stuff
44. [00:13] <Llama052_> aslong as you can match it on the other side of the switch
45. [00:13] <yancho> 1 on the switches is "default"
46. [00:13] <yancho> so should be good
47. [00:14] <Llama052_> alright then make a new port group for LAN
48. [00:14] <Llama052_> and add all the LAN adapters to it, but don't define a vlan
49. [00:14] <Llama052_> and do IP hash or Port ID load balancing
50. [00:14] <yancho> lan adapters meaning the fibre nics correct?
51. [00:14] <Llama052_> assuming the other side is setup as lag
52. [00:14] <Llama052_> Whatever has all the local vlans tagged to it on the switch
53. [00:14] <Llama052_> and is it a LAG on the switch
54. [00:14] <yancho> we shall go for static lag I presume not lacp to play it safe right?
55. [00:15] <Llama052_> LACP isn't supported without vds
56. [00:15] <Llama052_> static
57. [00:15] <yancho> oki :)
58. [00:16] <yancho> seems like a plan! I guess I'll have a lot of meat to chew up tomorrow
59. [00:17] <yancho> (well today lol .. its past midnight here :( )
60. [00:18] <yancho> the 5 wans have to go each as a single port right? (due to ips etc)
61. [00:19] <Llama052_> yeah you should be able to do that
62. [00:19] <Llama052_> call the untangle folks since you purchased support, they can walk you through a lot of it
63. [00:20] <yancho> and you're still of the opinion that i get an l3 before the l2 switches right?
64. [00:21] <Llama052_> I'd want to get something to take layer-3 before your untangle device
65. [00:21] <Llama052_> if you really expect 1000 concurrent end users
66. [00:21] <Llama052_> especially with vlans
67. [00:22] <Llama052_> all those requests need to go somewhere
68. [00:22] <yancho> yes we can reach that numbers ... but most of the vlans are internet bound .. not much of local traffic
69. [00:22] <Llama052_> vlan-to-vlan
70. [00:22] <Llama052_> you can always see how it works as is
71. [00:22] <Llama052_> also you have a single point of failure with the untangle box
72. [00:22] <yancho> ok .. if we see untangle in pain .. we help with an l3
73. [00:23] <Llama052_> you could do a vmware HA cluster, or get a backup untangle box
74. [00:23] <Llama052_> I'd still research untangle bare metal if possible
75. [00:23] <yancho> yeah i know that .. might be something for the future to get a backup untangle box .. on barebone with vrrm thingy
76. [00:23] <Llama052_> goodluck
77. [00:23] <Llama052_> I'm out
78. [00:24] <yancho> vmware ha cluster is cool too .. still a problem with wans .. so might as well set up a mini untangle just in case
79. [00:24] <yancho> many many many thanks for your help!!! thanks also to you Zew
80. [00:24] <Llama052_> layer-3 switch would fix that