VLAN Issue

Glenn Manry
Glenn Manry used Ask the Experts™
on
I am setting up a VLAN according to the attached diagram. I am not sure this will work, as the firewall will be at a remote location that receives its internet from my location, BUT I also want direct access to their network at my location. The issue is the ISP connection. I want those ports to be without an IP configuration (HP Procurve IP set to disabled). Do, I have that traffic be tagged. My understanding on Procurves is that I can have one port on a VLAN be untagged traffic.

Previously I had problems with the ISPs ARP tables and these switches if they were not set to IP disabled. So, I want the VLAN attached to the external ports and the ISP to basically be "dumb," but still have the VLAN to the internal network. Please see the attached diagram.
VLAN.pdf
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Network Analyst
Commented:
I would get ride of the vlan 20 and vlan 10 links you have between your HP switches. You don't need them because you have fiber ports that you are trunking between these switches, plus you might create a routing loop. Also I'm assuming that your firewall is inline and isn't doing routing, so your external vlan is going to have to extend to port 3 on the top HP switch shown on the diagram.
Andy BartkiewiczNetwork Analyst

Commented:
Also Port 3 on the top switch will need to be a routed port and set as the gateway of last resort

Author

Commented:
I apologize, the dotted lines in my diagram are for implication of connection via the trunk. I made that diagram for lay people, and I left out some explanatory text in order to mask specifics.

So, I have the trunk and the VLAN 10 and 20 for the proper separation of functions. However, my FW is doing the routing. Should I change the layer 3 switch to a layer 2?

Thanks.

Author

Commented:
I believe the layer 3 switch is interfering with the setup. I am going to re-implement with two layer two switches.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial