Vlan best practice?

Hello
I have two 3560's that I have to monitor but wont physically be on my network. I vlan'd these switches so that one port would be seperated strictly so I could uplink them with my physical network for SMTP and monitoring.
My question is what port settings are best for this one port that goes back to my network? I would assume that technically being a trunk the port should be switchport mode trunk? and not access.
Funny thing is that when I set it as trunk and plug it in i see a topo change propogate out. Whereas when its set for switchport mode access I do not. STP is running in PVST
port stats are as follows
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
i'm confused as to why this mode would cause the topo changes.
thanks
Eric

Hi,
you have configured a port to access vlan2. Also the same port as trunk port.
Note:Trunk ports are supposed to carry all VLans but not a single vlan.
If you using only a single vlan means trunk port can be used to connect between a switch & a router. In that case you can use switch's uplink port as the trunk port.
eg: int faeth 0/24
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
Also in router the same:
#encapsulation dot1q
Portfast: If a port with portfast enabled means you should connect a device into it eg:switch/router/bridge but not a system becoz port with portfast enabled will make the port to comeup immediately even if goesdown ie., it skips the initial/listen state during the process and directly comes to forwarding state.
If a system is connected to a port with portfast enabled means STP loop may form and network congestion may occur.
Hope this will help you a lot!!!!
Plz rate if this help you!!!!
Regards,
Guru Prasad.R

Similar Messages

  • VLAN Best Practices

    We've just upgraded our wireless infrastructure and streamlined our SSIDs from five (5) to three (3) - Corporate, Guest and Voice. In regards to VLANs, should all Coporate devices (Notebooks, Tablets, Smartphones) be included in one (1) VLAN or should we create three (3) separate VLANs one per device type. What are the best practices? My concern with having one VLAN with all Corporate devices is the amount of devices in the same VLAN and the impact of having Tablets (iPads, Androids) and Smartphones on the same VLAN in terms of network traffic (broadcast, bonjour, etc...) Any comments or suggestion would be greatly appreciated.

    Thanks for the quick reply Stephen! This is somewhat how we have our environment setup. We have an 802.1x SSID and depending on your AD credentials and device type you're dynamically pushed to a VLAN. What I'm questioning are how many VLANS I should have. We are a Community College and have corporate or college own notebooks, tablets and smartphone and we also have student own notebooks, tablets and smartphones. Not sure if I should create 6 VLANs and then apply ACL base on the VLAN or is this overkill. Or have 3 VLANs one per device type, therefore corporate and student notebooks would be in the same VLAN and the corporate and student tablets would be in the same VLAN and finally corporate and student smartphones would be in the same VLAN and then use dACL to differentiate access. Or finally, create two VLANS, one for corporate devices and one for students devices and again use dACL to differentiate access. Not sure what are the pros and cons are for these different scenarios.
    Sent from Cisco Technical Support iPhone App

  • Voice VLANs - Best practices

    Hello --
    We're starting an IPT project that will involve multiple access VLANs for different organizational groups. That said, should we also create multiple voice VLANs per group/building or will one flat VLAN work for voice? The backbone is GigE, so we aren't too concerned about bandwidth.
    What are the pros and cons, and best practices that the community has seen?
    Please let me know.
    Thanks,
    OOU

    I have some documents explaining about understanding and configuring voice vlans. I believe these documents will be helpful for you.
    http://www.cisco.com/en/US/products/hw/switches/ps5213/products_configuration_guide_chapter09186a00801ce02c.html
    http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801cde84.html
    http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf35.html

  • VLAN Best Practice For IT Computers

    In an environment with basic VLANs (Servers, network infrastructure, workstations, IoT devices, wireless), is it commonly perceived as better to place IT workstations (around 6 or so) in their own VLAN?
    I suppose I am debating whether to create access control rules for a single IT VLAN or to stick them elsewhere and possibly have to create the same rules for each separate machine if the VLAN they're in does not share the same rules.  Initially all our VLANs will be without access control rules but will be dialed down incrementally, with testing.  Maybe that doesn't make sense...
    Where do others find IT workstations fit best, in their own VLAN or tucked away elsewhere (and with what)?
    This topic first appeared in the Spiceworks Community

    Whether you have multiple sites or not, it's good practice to put your APs in a separate and dedicated VLAN. 
    If your sites are routed sites, then you can re-use the same VLAN numbers but make sure they are on separate subnets and/or VRF instance.

  • Spanning Tree MST per Vlan, best practice

    Hi Community.
    I did the following MST Spanning Tree Config
    spanning-tree mst configuration
      name xxxxxxx
      revision1
      instance 1 vlan 1, 10-20, 25, 30
    So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
    I see lots of MAC Flaps on ports with two Server links and the outage is for some seconds.
    Is it a better practice to add all possible Vlans to the config. So I do the config like that:
      instance 1 vlan 1-4096
    What you think.
    Best Regards patrick

    Hi,
    So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
    Correct, that is normal behavior with MST.
    I would just add "instance 1 vlan 1-4094" this way there is no outage when you bring up a new vlan.
    HTH

  • Best practices for 1000v CTRL/PKT/MGT VLANs

    We are getting ready to start testing the 1000v in a lab environment, but have a question about VLAN best practices. In the current Cisco 1000v guides it indicates the control/packet/management interfaces should all be on the same VLAN. But elsewhere I've seen references to each network type getting its own VLAN. Given the latest release of the 1000v VSM/VEM, what is the real world best pracices for these three interfaces? Would you typically put all three on the same management VLAN used for physical switches?

    You can safely put them on the same vlan. The call to put them on different vlans was in the initial 1.1 release. We changed that view with the 1.2 release and fully support and recommend putting them all on the same vlan. The only requirement now is that we need no more than 100ms latency on the control network.
    louis

  • Best Practice - Public VLAN

    Looking for a best practice document for providing a secure, public access/internet only VLAN for both wired, and wireless. Need to provide additional secure access WLAN as well.

    You can create separate VLANs for the guest users. You can assign privileges to the guest users based on the SSID. For more information on how to configure VLANs in a Wireless network read the document avaiable at
    http://www.cisco.com/en/US/products/ps5861/products_configuration_guide_chapter09186a00804ed724.html#wp1002608

  • Best practice for Wireless ap vlan

    Is there a best practice for grouping lightweight access points in one vlan or allowing them to be spread across several ??

    Whether you have multiple sites or not, it's good practice to put your APs in a separate and dedicated VLAN. 
    If your sites are routed sites, then you can re-use the same VLAN numbers but make sure they are on separate subnets and/or VRF instance.

  • Best Practice VLAN

    Hi All,
    I have got
    1 of Cisco 3560 (EMI) as Core Switch
    1 of Cisco 3560 (SMI) as Server Switch
    10 of Cisco CE500 as workgroup switches
    4 of different brands workgroup switches
    20 Servers
    300 Users
    10 different departments
    My intensions are to create VLANs on 3560 Core Switch as Server, Finance, Marketing etc
    and connect the the server and workgroup switches to the appropriate ports for their Defined VLANs on 3560Core switch.
    I dont think i need to run VTP Server on core switch as i am going to have all VLANS within that switch?
    Or Can anyone suggest what should be the best practice in this situation.
    thanks
    Muhammad

    I dont think i need to run VTP Server on core switch as i am going to have all VLANS within that switch?
    >> then you need to make the VTP a tranparent mode as you cannot create a vlan on a VTP client. I think maybe what you meant is you will have all user in a particular switch be in the same vlan, for example,
    3560 1/1---vlan 5---CE500---users in vlan 5
    In this case you do not need trunking .
    Or Can anyone suggest what should be the best practice in this situation.
    >> If your planned set-up is identical to above then this is an acceptable set-up and actually quite good for it's simplicity.
    Please rate helpful posts.

  • Questions VLAN design best practices

    As per best practices for VLAN design:
    1) Avoid using VLAN 1 as the “blackhole” for all unused ports.
    2) In the local VLANs model, avoid VTP (use transparent mode).
    Point 1
    In a big network, I'm having VLAN 1 as the blackhole VLAN. I'd like to confirm that, even if we're not complying with best practices, we're still doing fine.
    a) all trunk ports on all switches have the allowed vlans explicitly assigned.
    b) about all ports on all switches are assigned to specific data/voice vlans, even if shutted down
    c) the remaining ports (some unused sfp ports for example) are shutted down
    d) we always tag the native vlan (vlan dot1q tag native)
    So, no data is flowing anywhere on VLAN 1. In our situation, it is safe to use VLAN 1 as blackhole VLAN?
    Point 2
    Event if we're using local VLANs model, we have VTP in place. What are the reasons of the best practice? As already said, we allow only specific VLANs on trunk ports (it's part of our network policy), so we do not have undesired layer 2 loops to deal with.
    Any thoughs?
    Bye
    Dario

    We are currently using VTP version 3 and migrating from Rapid-PVST to MST.
    The main reason for having VTP in place (at least for use) is to have the ability to assign ports to the correct VLAN in each site simply looking at the propagated VLAN database and to manage that database centrally.
    We also avoid using the same VLAN ID at two different sites.
    However, I did find something to look deeped: with MST and VTP, a remote switch can be root for a VLAN it doesn't even use or as active ports into, and this doesn't feel right.
    An example:
    1) switch1 and switch528 share a link with allowed vlan 100
    2) switch1 is the root for instances 0 and 1
    4) VLAN 100 is assigned to instance 1
    5) VLAN 528 is not assigned to any particular instance so it goes under instance 0
    6) VLAN 528 is the Local Data LAN for switch528 (switch501 has VLAN 501)
    swtich528#sh spanning-tree vlan 528
    MST0
      Spanning tree enabled protocol mstp
      Root ID    Priority    24576
                 Address     1c6a.7a7c.af80
                 Cost        0
                 Port        25 (GigabitEthernet1/1)
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
      Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
                 Address     1cde.a7f8.4380
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Interface           Role Sts Cost      Prio.Nbr Type
    Gi0/1               Desg FWD 20000     128.1    P2p Bound(PVST)
    Gi0/2               Desg FWD 20000     128.2    P2p Edge
    Gi0/3               Desg FWD 200000    128.3    P2p Edge
    Gi0/4               Desg FWD 200000    128.4    P2p
    Gi0/5               Desg FWD 20000     128.5    P2p Edge
    switch1#sh spanning-tree vlan 501
    MST0
      Spanning tree enabled protocol mstp
      Root ID    Priority    24576
                 Address     1c6a.7a7c.af80
                 This bridge is the root
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
      Bridge ID  Priority    24576  (priority 24576 sys-id-ext 0)
                 Address     1c6a.7a7c.af80
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Interface           Role Sts Cost      Prio.Nbr Type
    Should I worry about this?

  • Best Practices to separate voice and Data vlans

    Hello All .
    I am coming to the community to get some advices on a specific subject .
    One of my customer is actually using vlan access-list to isolate it is data  from it is voice vlan traffic .
    As most of us knows VLAN ACLs are very difficult to deploy and manage at an access-port level that is highly mobile. Because of these management issues they have been looking for a replacement solution consisting of firewalls but apparently the price of the solution was too high in the sky .
    Can someone guide me towards security best practices when it comes to data and voice vlan traffic isolation please ?
    thanks
    Regards
    T.

    thomas.fayet wrote:Hi again Collin , May I ask you what type of fw / switches / ios version you are using for this topology ? Also is the media traffic going through your fw if one voice vlan wants to talk to another voice vlan ? rgds
    Access Switches: 3560
    Distro: 4500 or 6500
    FW: ASA5510 or Juniper SSG 140 (phasing out the Junipers)
    It depends. In the drawing above, no voice traffic would leave the voice enclave until it talks to a remote site. If we add other sites to the drawing, at a minimum call-sig would traverse the firewall and depending on the location of the callers, all voice traffic may cross the firewall. All of that depends on how you have your call managers/vm/voice gateways designed and where the callers are.

  • Networking "best practice" for setting up a farm

    Hi all.
    We would like to set an OracleVM farm, and I have a question about "best practice" for
    configuring the network. Some background:
    - The hardware I have is comprised of machines with 4 gig-eth NICs each.
    - The storage will be coming primarily from a backend NAS appliance (Netapp, FWIW).
    - We have already allocated a separate VLAN for management.
    - We would like to have HA capable VMs using OCFS2 (on top of NFS.)
    I'm trying to decide between 2 possible configurations. The first would keep physical separation
    between the mgt/storage networks and the DomU networks. The second would just trunk
    everything together across all 4 NICs, something like:
    Config 1:
    - eth0 - management/cluster-interconnect
    - eth1 - storage
    - eth2/eth3 => bond0 - 8021q trunked, bonded interfaces for DomUs
    Config 2:
    - eth0/1/2/3 => bond0
    Do people have experience or recommendation about the best configuration?
    I'm attracted to the first option (perhaps naively) because CI/storage would benefit
    from dedicated bandwidth and this configuration might also be more secure.
    Regards,
    Robert.

    user1070509 wrote:
    Option #4 (802.3ad) looks promising, but I don't know if this can be made to work across
    separate switches.It can, if your switches support cross-switch trunking. Essentially, 802.3ad (also known as LACP or EtherChannel on Cisco devices) requires your switch to be properly configured to allow trunking across the interfaces used for the bond. I know that the high-end Cisco and Juniper switches do support LACP across multiple switches. In the Cisco world, this is called MEC (Multichassis EtherChannel).
    If you're using low-end commodity-grade gear, you'll probably need to use active/passive bonds if you want to span switches. Alternatively, you could use one of the balance algorithms for some bandwitch increase. You'd have to run your own testing to determine which algorithm is best suited for your workload.
    The Linux Foundation's Net:Bonding article has some great information on bonding in general, particularly on the various bonding methods for high availability:
    http://www.linuxfoundation.org/en/Net:Bonding

  • ASA 5505 Best Practice Guidance Requested

    I am hoping to tap into the vast wealth of knowledge on this board in order to gain some "best practice" guidance to assist me with the overall setup using the ASA 5505 for a small business client.  I'm fairly new to the ASA 5505 so any help would be most appreciated!
    My current client configuration is as follows:
    a) business internet service (cable) with a fixed IP address
    b) a Netgear N600 Wireless Dual Band router (currently setup as gateway and used for internet/WiFi access)
    c) a Cisco SG-500-28 switch
    d) one server running Windows Small Business Server 2011 Standard (primary Domain Controller)
         (This server is currently the DNS and DHCP server)
    e) one server running Windows Server 2008 R2 (secondary Domain Controller)
    f) approximately eight Windows 7 clients (connected via SG-500-28 switch)
    g) approximately six printers connected via internal network (connected via SG-500-28 switch)
    All the servers, clients, and printers are connected to the SG-500-28 switch.
    The ISP provides the cable modem for the internet service.
    The physical cable for internet is connected to the cable modem.
    From the cable modem, a CAT 6 ethernet cable is connected to the internet (WAN) port of the Netgear N600 router.
    A Cat 6 ethernet cable is connected from Port 1 of the local ethernet (LAN) port on the N600 router to the SG-500-28 switch.
    cable modem -> WAN router port
    LAN router port -> SG-500-28
    The ASA 5505 will be setup with an "LAN" (inside) interface and a "WAN" (outside) interface.  Port e0/0 on the ASA 5505 will be used for the outside interface and the remaining ports will be used for the inside interface.
    So my basic question is, given the information above of our setup, where should the ASA 5505 be "inserted" to maximize its performance?  Also, based on the answer to the previous question, can you provide some insight as to how the ethernet cables should be connected to achieve this?
    Another concern I have is what device will be used as the default gateway.  Currently, the Netgear N600 is set as the default gateway on both Windows servers.  In your recommended best practice solution, does the ASA 5505 become the default gateway or does the router remain the default gateway?
    And my final area of concern is with DHCP.  As I stated earlier, I am running DHCP on Windows Small Business Server 2011 Standard.  Most of the examples I have studied for the ASA 5505 utilize its DHCP functionality.  I also have done some research on the "dhcprelay server" command.  So I'm not quite sure which is the best way to go. First off, does the "dhcprelay server" even work with SBS 2011?  And secondly, if it does work, is the best practice to use the "dhcprelay" command or to let the ASA 5505 perform the DHCP server role?
    All input/guidance/suggestions with these issues would be greatly appreciated!  I want to implement the ASA 5505 firewall solution following "best practices" recommendations in order to maximize its functionality and minimize the time to implement.
    FYI, the information (from the "show version" command) for the ASA 5505 is shown below:
    Cisco Adaptive Security Appliance Software Version 8.4(7)
    Device Manager Version 7.1(5)100
    Compiled on Fri 30-Aug-13 19:48 by builders
    System image file is "disk0:/asa847-k8.bin"
    Config file at boot was "startup-config"
    ciscoasa up 2 days 9 hours
    Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW016 @ 0xfff00000, 2048KB
    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                                 Boot microcode   : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                                 Number of accelerators: 1
    0: Int: Internal-Data0/0    : address is a493.4c99.8c0b, irq 11
    1: Ext: Ethernet0/0         : address is a493.4c99.8c03, irq 255
    2: Ext: Ethernet0/1         : address is a493.4c99.8c04, irq 255
    3: Ext: Ethernet0/2         : address is a493.4c99.8c05, irq 255
    4: Ext: Ethernet0/3         : address is a493.4c99.8c06, irq 255
    5: Ext: Ethernet0/4         : address is a493.4c99.8c07, irq 255
    6: Ext: Ethernet0/5         : address is a493.4c99.8c08, irq 255
    7: Ext: Ethernet0/6         : address is a493.4c99.8c09, irq 255
    8: Ext: Ethernet0/7         : address is a493.4c99.8c0a, irq 255
    9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
    10: Int: Not used            : irq 255
    11: Int: Not used            : irq 255
    Licensed features for this platform:
    Maximum Physical Interfaces       : 8              perpetual
    VLANs                             : 3              DMZ Restricted
    Dual ISPs                         : Disabled       perpetual
    VLAN Trunk Ports                  : 0              perpetual
    Inside Hosts                      : 10             perpetual
    Failover                          : Disabled       perpetual
    VPN-DES                           : Enabled        perpetual
    VPN-3DES-AES                      : Enabled        perpetual
    AnyConnect Premium Peers          : 2              perpetual
    AnyConnect Essentials             : Disabled       perpetual
    Other VPN Peers                   : 10             perpetual
    Total VPN Peers                   : 12             perpetual
    Shared License                    : Disabled       perpetual
    AnyConnect for Mobile             : Disabled       perpetual
    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
    Advanced Endpoint Assessment      : Disabled       perpetual
    UC Phone Proxy Sessions           : 2              perpetual
    Total UC Proxy Sessions           : 2              perpetual
    Botnet Traffic Filter             : Disabled       perpetual
    Intercompany Media Engine         : Disabled       perpetual
    This platform has a Base license.

    Hey Jon,
    Again, many thanks for the info!
    I guess I left that minor detail out concerning the Guest network.  I have a second Netgear router that I am using for Guest netowrk access.  It is plugged in to one of the LAN network ports on the first Netgear router.
    The second Netgear (Guest) router is setup on a different subnet and I am letting the router hand out IP addresses using DHCP.
    Basic setup is the 192.168.1.x is the internal network and 192.168.11.x is the Guest network.  As far as the SBS 2011 server, it knows nothing about the Guest network in terms of the DHCP addresses it hands out.
    Your assumption about the Guest network is correct, I only want to allow guest access to the internet and no access to anything internal.  I like your idea of using the restricted DMZ feature of the ASA for the Guest network.  (I don't know how to do it, but I like it!)  Perhaps you could share more of your knowledge on this?
    One final thing, the (internal) Netgear router setup does provide the option for a separate Guest network, however it all hinges on the router being the DHCP server.  This is what led me to the second (Guest) Netgear router because I wanted the (internal) Netgear router NOT to use DHCP.  Instead I wanted SBS 2011 to be the DHCP server.  That's what led to the idea of a second (Guest) router with DHCP enabled.
    The other factor in all this is SBS 2011.  Not sure what experience you've had with the Small Business Server OS's but they tend to get a little wonky if some of the server roles are disabled.  For instance, this is a small busines with a total of about 20 devices including servers, workstations and printers.  Early on I thought, "nah, I don't need this IPv6 stuff," so I found an article on how to disable it and did so.  The server performance almost immediately took a nose dive.  Rebooting the server went from a 5 minute process to a 20 minute process.  And this was after I followed the steps of an MSDN article on disabling IPv6 on SBS 2011!  Well, long story short, I enabled IPv6 again and the two preceeding issues cleared right up.  So, since SBS 2011 by "default" wants DHCP setup I want to try my best to accomodate it.  So, again, your opinion/experiece related to this is a tremendous help!
    Thanks!

  • Best practice with WCCP flows for WAAS

    Hi,
    I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
    All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
    WAAS# sh interface gi 1/0
    Internet Address                    : 10.0.1.1
    Netmask                             : 255.255.255.0
    Admin State                         : Up
    Operation State                     : Running
    Maximum Transfer Unit Size          : 1500
    Input Errors                        : 0
    Input Packets Dropped               : 0
    Packets Received                    : 20631
    Output Errors                       : 0
    Output Packets Dropped              : 0
    Load Interval                       : 30
    Input Throughput                    : 239 bits/sec, 0 packets/sec
    Output Throughput                   : 3270892 bits/sec, 592 packets/sec
    Packets Sent                        : 110062
    Auto-negotiation                    : On
    Full Duplex                         : Yes
    Speed                               : 1000 Mbps
    WAAS# sh interface gi 2/0
    Internet Address                    : 10.0.2.1
    Netmask                             : 255.255.255.0
    Admin State                         : Up
    Operation State                     : Running
    Maximum Transfer Unit Size          : 1500
    Input Errors                        : 0
    Input Packets Dropped               : 0
    Packets Received                    : 86558
    Output Errors                       : 0
    Output Packets Dropped              : 0
    Load Interval                       : 30
    Input Throughput                    : 2519130 bits/sec, 579 packets/sec
    Output Throughput                   : 3431 bits/sec, 2 packets/sec
    Packets Sent                        : 1580
    Auto-negotiation                    : On
    Full Duplex                         : Yes
    Speed                               : 100 Mbps
    The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
    Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
    Is there a best practice recommended by Cisco on this ?
    Thanks.
    Stéphane

    Hi Stephane,
    We usually advise the following in such scenario with an internal module:
    "ip wccp 61 redirect in" the LAN interface.
    "ip wccp 61 redirect in" on the WAN one.
    "ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
    That way, we are sure that no loops are created because of the WCCP redirection.
    Regards,
    Nicolas

  • Best Practice setting up NICs for Hyper V 2008 r2

    I am looking at some suggestions for best practice for setting up a hyper V 2008 r2 at a remote location with 5 nics, one for managment vlan and other 4 on the data vlan.  This server will host  2 virtual machines, one is a DC and the other
    is a member local DHCP server.  The server is setup now with one nic on the management Vlan and the other nic's set to get there ip from the local dhcp server on on the host.   We have the virtual networks setup in Hyper V to
    point to each of the nics using the "external connection".  The virtual servers 'DHCP and AD" have there own ip set within them.  Issues we are seeing,  when the site looses external connections for a while they cannot get ip
    addresses from the local dhcp server anymore.
    1. NIC on management Vlan -- IP Static -- Physical host
    2. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V  -- virtual server DHCP
    3. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- Virtual server domain controller
    4. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- extra
    5. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- extra
    Thanks in advance

    Looks like you may be over complicating things here.  More and more of the recommendations from Microsoft at this point would be to create a Logical Switch and then layer on Logical Networks for your management layers, but here is what I would do for
    you simple remote office.  
    Management NIC:  Looks good (Teaming would be better, but only if you had 2 different switching to protect against link failures at the switch level.  Doesn't seem relevant in this case however.
    NIC for Data Network VLAN:  I would use one NIC in your case if you can have the ability to Trunk multiple VLANs at the switch level to the NIC.  That way you are setting the VLAN on the VMs NIC that you want to access and your
    Virtual Switch configuration is very simple.  On this virtual switch however, I would uncheck IPv4 and IPv6.  There is no need to give this NIC an address as you are just passing traffic through them from the VMs that are marked with VLAN tags.  Again,
    if you have multiple physical switches in the building teaming could be an option, but probably adds more complexity than is necessary for a small office. 
    Even if you keep your Virtual Switches linked to separate NICs unchecking IPv4 and IPv6 makes sense. 
    Disable all the other NICs
    Beyond that, check your routing.  Can you ping between all hosts when there is not interruption? What DHCP server are they getting there addresses on normally?  Where are your name resolution servers (DNS, WINS)?  
    No silver bullet here, but maybe a step in the right direction.
    Rob McShinsky (VirtuallyAware.com)
    VirtuallyAware - Experiences in a Virtual World (Microsoft MVP - Virtual Machine)

Maybe you are looking for

  • How do I set up my mail as an IMAP service?

    I currently use Thunderbird as my mail app.  I am considering useing Mac Mail but I want to use it in IMAP mode.  My first attempt at using Mac Mail automatically set up my account as POP, downloaded all the messages from the server and deleted them.

  • Has anyone been denied the edge program by sales after CSR states approval?

    I have been a customer a decade. Even before it was called Verizon. Due to my latest events with CSR, the ELMIRA NY STORE(swore I'd never return- dishonest used car salesman attitude, do not like educated customers on Verizon policies-caught in lying

  • Message "Lost" in a JMS adapter.

    hi to all, i need to connect XI to IBM Websphere MQ, using JMS adapter. I did it well, i can exchange the message perfectly, but i have a strange behavior when websphere send message(XML) on queue with same_msgId for all message. In this case i recei

  • Imported and deleted photos are always showing up as "new photos"

    recently iphoto is acting strange: photos that i have previously imported from my iphone into iphoto (and then subsequently deleted) are constantly showing up as "new photos" when i connect the iphone to iphoto. why is it getting confused like this,

  • Possibility to use new Mac mini with an USB-DAC?

    Anybody knowing anything about the possibility to use the new Mac mini with an USB-DAC. My reason for the question is that I've heard that USB3 doesn't handle sound. I'm thinking about to buy a mac mini and use it as an HTPC and signalsource together