English Community

Datacenter SystemsThinkSystem
All Forum Topics
Options

20 Posts

06-24-2020

US

18 Signins

130 Page Views

  • Posts: 20
  • Registered: ‎06-24-2020
  • Location: US
  • Views: 130
  • Message 1 of 2

SE350 with LOM-Switchboard - How to modify network presets and work with UCI

2020-10-05, 3:52 AM

Use Case - SE350 with a LOM-Switchboard running ESXi.  The problem is that the LOM-Switchboard does not natively allow communication out of the on-board switch to the upstream network.  There is one network preset that does allow it and that is preset #5, but it uses the wireless setup as a client to connect to your upstream wireless access point. That is kinda cool for a server to do that, but what if you want to use a wired connection instead?  The following instructions show how its done.  

 

Get the wireless working.

Using XCC, change to preset #5 and enable wireless and change it to client mode. Fill in the settings for your network SSID and password.  This will establish a connection between ESXi and your upstream network thru the wireless.  If you did this right, ESXi should be able to pull an IP from your network and is a good indicator that things are going well so far.

 

Using an SSH client, log into the LOM-Switchboard (192.168.70.125 is the default IP) with username: oper password:(same as used in XCC)

Optional - change wifi_wan_sta to static address

sudo uci set network.wifi_wan_sta.proto='static'

sudo uci set network.wifi_wan_sta.ipaddr='192.168.X.X'

sudo uci set network.wifi_wan_sta.netmask='255.255.255.0'

sudo uci commit network.wifi_wan_sta

sudo /etc/init.d/network restart

 

If you go back into XCC and restart the Edge Network Board you can verify that the static IP now appears for wifi inside the XCC utility.

 

Setting up eth2 (port 6) as your wired uplink connection

By default, eth2 (port 6) is assigned to the egde_lan.  You need to remove it.  We will reassign it to another network interface in a later step.  

 

Using an SSH client, remove eth2 from edge_lan

sudo uci set network.edge_lan.ifname='eth1 eth3 eth5 eth6'

 

Create cloud_wan interface with eth2 with optional static IP. When I did this step I lost wireless connectivity between the server and my network. I already had a patch cable connected to port 6 and my network but I wasn't able to ping port 6 yet and ESXi could not yet talk to my network.

 

sudo uci set network.cloud_wan=interface

sudo uci set network.cloud_wan.ifname='eth2'

sudo uci set network.cloud_wan.ipv6='1'

sudo uci set network.cloud_wan.metric='10'

sudo uci set network.cloud_wan.proto='static'

sudo uci set network.cloud_wan.ipaddr='192.168.4.7'

sudo uci set network.cloud_wan.netmask='255.255.255.0'

 

Create cloud_bridge interface. As soon as this is done, connectivity will re-establish via eth2 (port 6).  ESXi can now pull an IP from your network. (Setting a static management IP in ESXi is standard)

sudo uci set network.cloud_bridge=interface

sudo uci set network.cloud_bridge.proto='relay'

sudo uci set network.cloud_bridge.network='cloud_wan edge_lan'

sudo uci commit network.cloud_bridge

sudo /etc/init.d/network restart

 

At this point, from what I could tell, nothing else needed to be done.  However, if we examine the Firewall setting for the wifi_wan_sta, we could build the same kind of rule sets for the cloud_wan

 

Creation of FW zone for cloud_wan

sudo uci add firewall zone

sudo uci set firewall.@zone[8].name='cloud_wan'

sudo uci set firewall.@zone[8].input='ACCEPT'

sudo uci set firewall.@zone[8].output='ACCEPT'

sudo uci set firewall.@zone[8].forward='ACCEPT'

sudo uci set firewall.@zone[8].network='cloud_wan'

sudo uci set firewall.@zone[8].masq='1'

sudo uci set firewall.@zone[8].mtu_fix='1'

 

Creation of FW zone for cloud_bridge

sudo uci add firewall zone

sudo uci set firewall.@zone[9]=zone

sudo uci set firewall.@zone[9].name='cloud_bridge'

sudo uci set firewall.@zone[9].input='ACCEPT'

sudo uci set firewall.@zone[9].output='ACCEPT'

sudo uci set firewall.@zone[9].forward='ACCEPT'

sudo uci set firewall.@zone[9].masq='1'

sudo uci set firewall.@zone[9].mtu_fix='1'

sudo uci set firewall.@zone[9].network='edge_lan cloud_wan'

 

Creation of FW rules for cloud_wan

sudo uci add firewall rule

sudo uci set firewall.@rule[19].name='Open-CloudWAN-SpecificPorts'

sudo uci set firewall.@rule[19].src='cloud_wan'

sudo uci set firewall.@rule[19].proto='tcp udp'

sudo uci set firewall.@rule[19].dest='mgmt_lan'

sudo uci set firewall.@rule[19].dest_port='22 80 443'

sudo uci set firewall.@rule[19].target='ACCEPT'

sudo uci set firewall.@rule[19].enabled='0'

 

sudo uci add firewall rule

sudo uci set firewall.@rule[20]=rule

sudo uci set firewall.@rule[20].name='Reject-CloudWAN'

sudo uci set firewall.@rule[20].src='cloud_wan'

sudo uci set firewall.@rule[20].proto='tcp udp'

sudo uci set firewall.@rule[20].dest='mgmt_lan'

sudo uci set firewall.@rule[20].dest_port='1-1024'

sudo uci set firewall.@rule[20].target='DROP'

sudo uci set firewall.@rule[20].enabled='1'

 

save all modified values

sudo uci commit

reload config

 

At this point you may want to go back into XCC and perform a reboot of the Edge Network Board.  It seemed to help when things didn't work quite right for me.  

 

Final notes - According to the User Guide, the wifi_wan_sta and the cloud_wan are suppose to failover/failback, but this doesn't work for me.  In fact at this point I can't get the wireless to work at all unless I delete the cloud_wan interface and move eth2 back to the edge_lan interface.  Getting this feature to function is a battle for another day.

Reply
Options

569 Posts

08-14-2018

US

549 Signins

10164 Page Views

  • Posts: 569
  • Registered: ‎08-14-2018
  • Location: US
  • Views: 10164
  • Message 2 of 2

Re:SE350 with LOM-Switchboard - How to modify network presets and work with UCI

2020-10-13, 18:39 PM

Hello @cargostud , thank you for the process and sharing your experience. I will send this over to the support team and get their insight on this. 

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete