Comware

 View Only
last person joined: 2 days ago 

Back to discussions
Expand all | Collapse all

Need help VLAN's and routing via firewall 2810 switches SETUP

This thread has been viewed 0 times

  • 1.  Need help VLAN's and routing via firewall 2810 switches SETUP

    Posted Jul 26, 2011 03:33 PM
      |   view attached

    Hi there, I need expert help on creating VLAN's and routing of VLAN traffic. I
    am a beginner when it comes to routing/firewalls and VLAN's. This is probably a
    pretty simple setup for most of you...

    We are a separate organization apart from the rest of the company.
    Our building/organization has a firewall that is also connected via a
    fiber converter to the rest of the company. On our LAN we have a windows domain called:
    REED.LOCAL, the workstations that are part of the Default VLAN are members of this domain.

    On our LAN we have 3 switches, 2 HP Procurve 2810 and a Cisco Linksys switch.
    On the 3 switches I want to have 2 VLAN's made available, CSC and APC, the equipment on
    these VLAN's will NOT be a member of my REED.LOCAL domain.
    My idea is this:
    To have one of the Procurve switches as the "MAIN SWITCH" and
    uplink the 2 other switches to this "MAIN SWITCH", the servers on my LAN will be on the "MAIN SWITCH".
    For routing between the VLAN's we have a firewall that also supports VLAN's.
    I want only the "MAIN SWITCH" to have an uplink cable to the firewall that should
    function as a router for the VLAN's that are active on all of my switches and also for my internet traffic etc.

    I want the VLAN's on all the different switches to be able to route using the firewall
    Extra requirement, the VLAN that is called APC is meant for separating workstations that should be able to join a windows domain called APC.RO. This domain and it's servers actually reside on the other side of the firewall and these are NOT in ANY VLAN. However I want the workstations in my APC vlan to be able to communicate with every (APC.RO domain member) workstation and server of that domain on the other side of the firewall.

    Later on if there is a budget we want to replace the UTP uplinks with the miniGBIC
    modules.

    Will this setup work this way (see also picture)?
    What exactly should the setup look like (tagging of uplink ports?, Gateway's to be filled in on each device?)
    Do I need to enable Spanning Tree Protocol?
    If so, do I need to configure Spanning Tree Protocol in any way or is just
    enabling it on all switches enough?

    Hope you can help me out with this setup, thanks,

    Xenos2011


    #2810
    #STP
    #VLAN's
    #router
    #tagging
    #VLAN
    #tagged
    #routing


  • 2.  RE: Need help VLAN's and routing via firewall 2810 switches SETUP

    Posted Aug 14, 2011 01:08 PM

    Hi

     

    From your topology I understand that your default VLAN is the one where your office PCs connect to.

     

    How to configure this is fairly simple: just make sure that the inter-switch (and the router) ports are tagged on all 3 VLANs. This will allow clients on each VLAN to reach the firewall, which will take care of routing. Your firewall must have an interface (IP address) on each VLAN, and this must be configured as default gateway to the clients on each VLAN. Spanning Tree is a loop protection, so since you don't have loops you don't have to configure that.

     

    The question of devices which are not in any VLAN is a bit ... different issue. You have to remember that each VLAN is also a separate subnet. So if these devcies are on a fourth, separate subnet and your router knows how to forward data to that subnet, it shouldn't be a problem.