Solved

How configure vLAN native on vLAN10?

  • 20 April 2023
  • 7 replies
  • 508 views

Hello everyone,
I have to install the first Nutanix cluster from a customer but I can't figure out how to setup the network.
All customer switches (Aruba 2930, 2920) have the native vLAN (vLan1) dedicated to workstations and servers, while the management network is vLan ID 10 where the ESX, storage controllers, backup NAS and the Veeam server backing up the current infrastructure.
This is the situation of all my customers, vLAN10 is completely isolated and unreachable from the native vLAN1, this was done to prevent any ransomware from affecting the backups as well.
Now, Nutanix recommends configuring the CVM and hypervisor host VLAN as the native, or untagged, VLAN on the connected switch ports.
I'm sure it would be nice to have all of the management in the native, adding a node would be much easier and I think the simpler things are kept the better.
Furthermore, vLAN10 is propagated on many remote racks because obviously the backup NAS do not reside in the same racks as the servers, how can I configure this situation?

Thanks in advance.

icon

Best answer by bcaballero 26 April 2023, 16:48

View original

This topic has been closed for comments

7 replies

Userlevel 4
Badge +5

Hi @Purlilium 

As you wrote the recommended configuration is to configure CMV and Hosts VLAN as native VLAN. Here’s and example of an Arista switch

 

The configuration for Active-Backup is simple, just configure both switch ports as trunk and then set the native vlan.

If you plan to run LACP you´ll need also to configure a Port-channel or whatever name it have on your switches with the same configuration, trunk and native vlan.

 

Hope this helps

 

Regards!

Hi @bcaballero,
then I can configure the ports that I connect the Nutanix cluster to on the management vLan (which in my case is the ID10 vlan).
From the documentation I thought you had to necessarily use the native vlan which by default is 1 in Aruba switches...

Userlevel 6
Badge +8

The AHV and CVM in native vlan is to “Keep It Simple” (KIS). But if you need it in separate vlan you can do that as well (and for the KIS procedure, do it during foundation). 

Although the CVM are not accessible via the normal network, that makes managing the environment a bit hard. 

Can't you add another vlan? (for example vlan 20) for CVM and AHV? And make port 9440 (and the other needed ports, see: https://portal.nutanix.com/page/documents/kbs/details?targetId=kA0600000008dQcCAI) available so you can do maintenance. 

Userlevel 4
Badge +5

Hi @Purlilium 

 

As @JeroenTielen wrote having AHV and CVM on port's native VLAN is to keep things simple.

 

I'm not an expert on Aruba switches but i've found this article https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7867/Content/Chp_vlans/vlan_cmds/vla-tru-nat.htm which talks about changing the native VLAN of a port.

 

Based on your first post you have 2 VLANs:

  • VLAN 1 (WKS and Servers) = Configured by default on all switch ports as a native VLAN
  • VLAN 10 (ESX,...) = The VLAN that you would like to configure as native VLAN for Nutanix nodes

 

With that being said, I would configure VLAN 10 as native on required ports, which means that anything that you connect on that ports will be on that VLAN without further configuration, and the other required VLANs as trunked. Then on your cluster via Prism Element create a new network for VLAN 1 to connect required VMs.

 

Hope this helps 

 

Regards

 

 

 

 

Hi @JeroenTielen and @bcaballero, thanks for answers!

Actually I have 7 vLANs (telephone, video surveillance, production, DMZ etc...) but the two that I have described are actually interesting. I also have about twenty stacks/switches spread across various racks over 3 different establishments.
For this very reason I would like to keep things as simple as possible and avoid further complexities.
Here is the complete detail:

  VLAN ID Name
   1 DEFAULT_VLAN
   10 Management
   20 DMZ
   30 Phones
   40 Surveillance
   50 ProdA

The doubt arose due to the fact that currently in all the switches the native vLan is the vlan ID1 which is propagated untagged on the trunks of all the switches.
But I want to follow Nutanix's recommendations and make sure that all nodes and CVMs are untagged, but these machines must be connected on vLAN 10 which is dedicated to management and inaccessible to users for security reasons.

If I understand correctly I have to set the switch ports in untagged mode for vLan 10 (the ones on which I connect the Nutanix nodes) and on the nutanix side leave vLAN 0 as it is without applying tags, then I will create the other networks tagged for all the others vlan.

Userlevel 4
Badge +5

Hi @Purlilium 

 

That is. You can configure Nutanix switch ports with VLAN 10 as native and the rest of VLANs in the trunk. Or you can filter what VLANs will be on the trunk. It’s up to you.

 

If you need to connect VMs to VLAN 10 you can create the network on Prism Element with tag 0 because is the native vlan. Afterwards you can create all the networks in the trunk on Prism Element with their respective tag.

 

Hope this helps

 

Regards!

Hi @bcaballero,

wonderful, it was what I needed.

Thank you very much and have a great day.

Regards