Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: VLANs in VM
From: Colin Vallance <crvallance () gmail com>
Date: Thu, 16 Sep 2010 11:52:06 -0500

I'm in the process of fleshing out some other pieces to my lab right now but
what I've got would probably work for you.  Keep in mind I'm a Cisco
wireless guy so it's a bit focused on that but you could dump what you don't
need.

I've got a Dell server running VMware ESXi 4, a Dell Layer 2 switch (it's
gig, but that isn't a requirement), a seagate dockstar running Debian as a
NFS server (this is for a stupid reason, ask if you must), a Cisco 2106
wireless controller, and a few APs (1252, 1242) for my physical hardware.

Inside ESXi I have a few VMS.  Ubuntu server for services (dhcp, ntp,
radius, etc), Win2k3 for Cisco WCS, Ubuntu desktop for testing, Win XP for a
wireless client aside from my normal laptop.  I also have a Vyatta instance
(more on that later).

In ESXi's virtual switching I have several vlan's setup.  Each of these are
segmented for a replicated customer network.  For example I have a
management vlan where the controller, WCS, and services box sit, an AP vlan
for my access points and a user vlan for the wireless clients.  I also have
a ethernet interface in each of these vlans on the Vyatta instance.  This
allows me to do routing between vlans and firewalling as I wish.  I also
have a leg that can get back to my home network which stays firewalled, shut
off (and unplugged) most of the time.  Having that in place allows me to
upgrade machines in the VM enviro while still having some sort of air gap.

Now the real handy part here is that the physical switch port on the Dell
Powerconnect 5324 that the ESXi box is plugged in to is set as a 802.1q
trunk.  I have that pruned for just the vlans I want to pass but it's
essentially all the ones mentioned above.  Each of those vlans is also
created on the Powerconnect so I can assign physical ports (as access ports
typically) that stuff in the ESXi can see.  ESXi doesn't do VTP/GVRP/MVRP so
I had to setup the vlans manually on both sides but that's not the end of
the world.

So getting around to Robin's question.  I believe it would be trivial to
setup boxes in the vmware environment in specific vlans and play within that
environment.  If you even wanted to do some work in the physical world
(which is typically my preference) as long as you had the vlan passing
through your trunk port you could assign them on the physical switch ports
appropriately and play from there.  I tend to keep a port on my powerconnect
as a mirrored port of my trunk just so I can plug in my netbook and fire up
wireshark/tcp dump.

-Colin
b0o

On Thu, Sep 16, 2010 at 10:32 AM, Carlos Perez <
carlos_perez () darkoperator com> wrote:

righ now I have an old Cisco 3550 for playing with that, best bet would be
to get an old cisco, procurve, 3com ..etc from ebay
each vendor has it own twist on "Standard Protocols"
On Sep 16, 2010, at 11:27 AM, Robin Wood wrote:

On 16 September 2010 16:08, Matthew Manor <kingmanor () gmail com> wrote:
Have you tried Vyatta?  It can do most of what Cisco IOS can do but
virtually, including VLANs, and you can certainly run an entire lab of
VMs off of it.

I've just had a quick look through it but can't tell if it would help
or not. I want to put different machines in my VirtualBox lab onto
different VLANs so I can experiment with them. Do you know if their
software product would do that?


-Matt Manor

On 9/16/10, Carlos Perez <carlos_perez () darkoperator com> wrote:
Do you mean having a switch with 802.1q?

Sent from my iPhone

On Sep 16, 2010, at 5:03 AM, Robin Wood <robin () digininja org> wrote:

Is there any way to setup a VLAN environment in a virtual environment?
They are something I've never had much chance to play with and I'd
love to get it labbed up so I can. I know there are virtual systems
for running IOS images but don't think I could then hang a bunch of
VMs off those machines.

Preferably VirtualBox methods but any VM will do.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


--
Sent from my mobile device
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault