Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vlan setup on procurve switch

Posted on 2009-07-07
2
Medium Priority
?
903 Views
Last Modified: 2012-05-07
At the moment I have a number of unmanaged switches that are going to be replaced with a HP ProCurve 4204VL switch
Please see the attached file for a screen dump of how the interfaces on our Firewall are configured.
Port 1 is the LAN - 172.16.0.0/16
Port 2 is the DMZ - 192.168.0.0/24
WAN1 is the WAN - 202.86.209.104/29

The current LAN switches are uplinked between each other.
The DMZ switch is one separate switch.
The cable out of Port 2 on the Firewall plugs into port 1 of this small switch then all the servers in the DMZ plug into separate ports on that same switch.

What I would like to do is segment off 4 ports on the ProCurve switch namely B17 to B20 and use B17 to connect to Port 2 on the firewall - B18, B19, B20 to connect servers.
Essentially I want to have a 4 port virtual switch within this 72 port physical switch.
All servers patched into the ports designated for the DMZ must be able to talk between each other and communicate back to the LAN via port B17.
As the configuring of the Firewall was a long and painful task, I don't not want to reconfigure that in any way.

I have attached the running config of the switch in the same attached file.

ProCurve-Config.doc
0
Comment
Question by:amanadili
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
jburgaard earned 2000 total points
ID: 24807820
Hi amanadili,

Some asumptions:
Your servers are only going to have one IP (in the dmz-range, like 192.168.0.3, that is NOT 192.168.0.3 AND 172.16.0.3) if that is the case the server-ports only need to be untagged in dmz-vlan.
-in other words the routing between LAN and dmz is taken care of in firewall.

This is your only switch: spanning tree is not needed.
If you need spanning tree, please be aware: you have 2 links between switch and firewall, stp could eventualy block the one! if you want stp, tuning could be necessary.
 
GVRP is not enabled on switch, but I guess no harm in: vlan1 forbid B17

so here we go:
no snmp-server community "public" Unrestricted
snmp-server community "myownsecret" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   forbid B17
   untagged A1-A24,B1-B16,B21-B24,C1-C24
   ip address 172.16.0.11 255.255.0.0
   no untagged B17-b20
   exit
vlan 192
   name "DMZ"
   untagged B17-b20
   no ip address
   exit
no spanning-tree
write mem

HTH
0
 

Author Comment

by:amanadili
ID: 24809593
Hi,

The servers will only have one IP.

There will be a total of 3 switches - the core switch (ProCurve) a Netgear layer3 managed switch connecting to the core and an unmanaged netgear also connecting to the core.
There will eventually be just one switch on the network when the layout of the office changes.

Do I need to configure STP?
Would it be better for the ProCurve to do the routing rather than the firewall (FortiGate 110C)?

I have removed the "forbid' from the config - i was playing around with something.
I am unable to get NO SPANNING-TREE entered on the config.

Thanks
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question