Link to home
Start Free TrialLog in
Avatar of pharmon96
pharmon96Flag for United States of America

asked on

Setup VLAN for Internet traffic only using HP and Juniper hardware

I've never setup a VLAN before.  I need to setup a VLAN on the 1st floor of our building for public Internet traffic (using a Linksys AP), denying access to our LAN. The switch on that floor is a HP Procurve 2626 (L3). The 2626 connects to our core HP 2810 (L3) switch (3rd floor) through a 3Com fiber switch.  The core connects to our Juniper SSG140 Firewall. Since I've never attempted this before I need help.

I thought about using a cheap Linsys or DLink router for DHCP and pointing to an outside DNS. I just don't know how to setup and secure the VLAN. Our LAN ip scheme is 10.1.0.0/255.255.0.0 with one remote location (VPN) with ip 192.168.11.0/255.255.255.0. Our LAN Gateway ip is 10.1.1.1.

How do I configure this?
Avatar of mgob
mgob
Flag of United States of America image

What model is the 3com?

Let me make sure I've got what you're requesting setup properly:

You want to pipe DMZ traffic from your Juniper SSG140 down stairs to connect a Linksys AP?
What piece of hardware is the Juniper connected to?

Here is basically what you would do, this idea is independent of your hardware so long as they can all do vlan and vlan trunking:

VLAN 1 = LAN
VLAN 2 = DMZ

Juniper -- VLAN trunk 1 & 2 --> Switch A -- VLAN trunk 1 & 2 --> Switch B -- Switch access VLAN 2 -- > Linksys AP

Now as for how to do on all your hardware I'm not 100% but I do think I know what you want and the above example achieves that.

Let me know if you would like further explanations etc :)

Avatar of pharmon96

ASKER

The 3Com is a model 3000. We have four switches in different parts of the building and they all connect back by fiber to the 3Com. The 3Com has one 100Mb Ethernet port that plugs into our core HP 2810 switch. The Juniper firewall plugs directly into the core switch. Are you famliar with the Procurve way of setting up VLAN's?

Thanks for the help!

Paul
ASKER CERTIFIED SOLUTION
Avatar of mgob
mgob
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok, I think I understand how it needs to be setup on the 2626 but still not clear how the vlan should be setup on the core 2810. I never thought about a DMZ connection between the core and firewall. What's the best way?
Well I'm not familiar with your juniper model (I only have experience on the bigger stuff M10-M320)  So the question is, do you VLAN trunk from the switch to the core or do you have a free port on the firewall to run the connection you want the AP to access to another port on the 2810.

if you do the two link thing (I'm going with that since I'm not sure about trunking on your model juniper) it would go like this:

                /----DMZ ---> 2810 port set to VLAN 2
Juniper                                                                      2810 === VLAN Trunk ==> 3com 3000 === VLAN trunk ====> Other switches
               \-----LAN----> 2810 port set to VLAN 2