This document will outline how to set up and configure the router to allow for the OneView system and another BMS system to be accessed from the one source. The key theory behind this is to enable communication between different Subnets and VLANs, while maintaining adequate separation.
To first understand why we need a router (layer 3 device), we must have an understanding of what VLANs and Subnets are. The following is a brief description on VLANs and Subnets.
Brief Theory Behind VLANs and Subnets
VLANs work by tagging packets from devices with VLAN Tags.
This allows networks to separate traffic based on its tag, such as only allowing communication between devices with the same VLAN tag. Having the same VLAN tag means devices are on the same VLAN. This is done on layer-2 of the OSI model.
Subnets work by separating devices by their IP address, using a Subnet mask.
The Subnet mask decides what portion of the IP address describes the network, and what portion describes the host. This is done on layer three of the OSI model.
A VLAN and a Subnet are two different ways of separating traffic. Devices must be on the same VLAN AND the same Subnet in order to communicate.
For further information on VLANs and Subnets please watch our instructional video: https://www.youtube.com/watch?v=DvX7aWdqKss
What are the Design Requirements?
Now that we have the basic theory covered, we next need to know what design we are trying to configure on our router.
-
We want the other BMS system to be on the same VLAN / Subnet as the new Optigo system.
In this scenario we do not actually require any layer-3 configuration to allow access from a laptop to both devices. The clients may have installed the router for other reasons, such as using NAT to reduce IP addresses needed from IT.
As long as there is a layer-2 connection between the two systems, and they are all on the same VLAN / Subnet, they will operate as they would have before installing the router.
NOTE: This approach is not recommended for systems with more than 10 packets-per-second of broadcast. High amount of broadcast can lead to suboptimal performance on all systems.
-
We want to keep these systems separate, but have the two systems accessible from a single source (laptop/PC).
Configuration for Separate VLANs and Subnets
If the requirement is that the two Management systems be kept separate for all functional purposes, then we need to place the two systems in different VLANs / Subnets.
STEP 1:
First we must recreate the VLANs and Subnets on which the existing devices are configured, VLAN 10, VLAN 15, VLAN 20.
- Navigating to the VLANs & Subnets page in Optigo OneView
- Clicking ‘Create New’ to add a new VLAN.
- Do this for the three VLANs, ensuring that you are not creating duplicate VLANs.
STEP 2:
After having created the VLANs and Subnets, we must allow access from the laptop to both of the separate systems. This will allow communication between the laptop and the Optigo system, VLAN 10 and VLAN 15. It will also allow communication between the laptop and the other BMS system, VLAN 10 and VLAN 20. But most importantly, it will not allow communication between the two systems.
- Scroll down on the VLANs & Subnets page to the Inter-VLAN Routing section. Here we can add VLANs as a connected VLAN.
- Press the + button to add VLAN 15 and VLAN 20 to VLAN 10.
You will notice that VLAN 10 is also simultaneously added to VLAN 15 and VLAN 20. The important thing is that VLAN 15 and VLAN 20 are not in each other's connected VLANS.
STEP 3:
Tag the switch ports with the correct VLAN ID.
We need to ensure that the correct ports are assigned to the correct VLAN.
- Navigate to the Ports section
- Assign the VLAN ID by clicking on the ports VLAN ID Column, as shown in the image below.
Configuration for RDP with Separate VLANs and Subnets
Here, the requirement is to allow for Remote Desktop Protocol (RDP) for remote access to a laptop, and to access the BMS system from this laptop, BUT we do not want the BMS system VLAN to have Internet access.
This is a very similar configuration to the previous configuration of two BMS systems. Only instead of keeping two BMS systems separate, we are keeping the BMS system and the WAN separate, while giving the laptop access to both again.
The key difference between the two is that we only require two VLANs. Instead of giving the laptop access to two other VLANs, we are giving it access to one VLAN, and giving it WAN access.
STEP 1: Create the VLANs and Subnets on which the existing devices are configured.
STEP 2:
Next allow access from the laptop to the BMS systems, between the VLAN 10 and VLAN 15.
Press the + button to add VLAN 15 to VLAN 10.
You will notice that VLAN 10 is also simultaneously added to VLAN 15.
STEP 3:
Next we allow WAN access to our laptop, VLAN 10.
Scroll down on the screen to find the ‘WAN Access for VLANs’. Enable access for VLAN 10.
STEP 4:
Tag the switch ports with the correct VLAN ID.
We need to ensure that the correct ports are assigned to the correct VLAN.
Navigate to the Ports section, and assign the VLAN ID by clicking on the ports VLAN ID Column, as shown in the image below.
Comments
0 comments
Please sign in to leave a comment.