Switches, Hubs, and Modems
1748060 Members
5120 Online
108758 Solutions
New Discussion

Procurve 5412 Vlans Tagging

 
stephen hebb
New Member

Procurve 5412 Vlans Tagging

Hi,

Apologies if i have gone about this the wrong way but this is my first time asking a question.

We have 2 new Core 5412 Chassis switches VVRP between them on trunk 5.
We have migrated over old systems to this new setup and have attached a Checkpoint Nokia Firewall. This has 3 DMZs 200, 201, 203, Internet. On both 5412 chassis config i have created Vlan 200, 201, 203, 99 (internet) for the separate DMZ's offered by our Firewall. I have assigned the following interfaces to the Vlans:
B13 untagged(VLAN 200),
B15 untagged (VLAN 201),
B17 untagged(VLAN 203),
B19 untagged (Vlan 99)
I have also created Vlan 666 for any unwanted traffic.

I have connected the Firewall DMZ corresponding ports into these interfaces on both cores.

I Have then connected our Citrix Gateway that is in DMZ 200 to interface F17. I have tagged this on VLAN 200, Tagged it in VLAN 1 and untagged in VLAN 666. My assumption was this Citrix gateway should be connectable through DMZ 200, but this does not seem to have happened.

One thing that is working is that we have connected up our vmware ESX boxes in this way and the virtual machines connect fine through these DMZ's with the same tagging and untagging setup.

Could someone please advise where i have have gone wrong? This is just one example as i have 2 other Citrix gateways with the same issue that i have setup in the same way.

Its the same for our internet Vlan 99 i connected a Cisco 1800 box which goes out to the WLAN to interface B12 untagged, and assigned interface B19 tagged so that our firewall can see the outside world but this did not work also.

I have ended up plugging the Cisco box into a 3400 switch and then plugging the firewall into this which worked and allowed us to see the outside world. I would like this all routed through the 5412 switch for a more tidy and redundant solution.

Any assistance much appreciated.

Stephen
1 REPLY 1
Antonio Milanese
Trusted Contributor

Re: Procurve 5412 Vlans Tagging

Hi Stephen,

is unclear to me if Citrix Gateway has its NIC traffic dot1q tagged and interface F17 is untagged or viceversa..
On HP Procurve there is no equivalent of "trunk + allow" behavior so when you are specifying untagged it threats all untagged traffic as member of that vlan (cisco eq. of "access port") and drop not explicitly added "tagged" VLANs..

Regards,

Antonio