HPE Community
Aruba & ProVision-based
1753360 Members
5094 Online
108792 Solutions
New Discussion

Re: DMZ + Vlan on HP 2920 switch + Sonciwall Gateway + Transparent Mode for VMs on a server?

 
markm75
Frequent Advisor

‎04-12-2018 09:32 AM - edited ‎04-13-2018 10:35 AM

‎04-12-2018 09:32 AM - edited ‎04-13-2018 10:35 AM

Configuring and adding a DMZ vlan for two ports on an hp 2920?

Im hoping someone might be able to assist on figuring out a bit of a networking nightmare (maybe not that hard actually).

I have the following equipment:

HP 2920 Procurve switch  (no vlans configured currently), works fine..

Sonciwall Gateway 2040 with ports x0 (gateway 172.16.0.1), X1 (fios connection wan .114 external), X2 PRI/backup internet, X3 (set currently to .114 as on x1 and transparency mode set for external .115 through .120).
**x3 i have going to the hp 2920 on port 32

Server:  2016 server with two gigabit ports.. one port goes to HP 2920 port 28..   The other gigabit port i have going to port 30 on the hp 2920.  (this will run vmware workstation with at least two guests, both of which need external ip addresses, its workstation because of usb compatibility issues to avoid added hardware)

So on the hp 2920, the "dmz" related ports are port 32, port 30 

It was my understanding this was the way to do this, however i'm not clear on if the x3 can even route to port 32 even if 32 and 30 are both on a dmz vlan (yet to be created)..

Second to all this.. i'm not sure what ip i put on port 30 on the server  (i'm thinking a random private ip scheme that isnt the same as the rest of the network which is on 172.16.x.x (255.255.248.0).. such as 10.x or 192.x?)

Then for the vmware workstation guests, i need to keep them isolated but be able to assign ip addresses to each of them (external ones).

Does this arrangement seem correct or is there an issue routing x3 to the vlan.. and if it will route is it as simple as going into the gui and creating the first vlan (tagged or untagged?) but only for the two ports for now?

Thanks in advance

 

 

0 Kudos
4 REPLIES 4
markm75
Frequent Advisor

‎04-13-2018 10:34 AM - edited ‎04-13-2018 10:40 AM

‎04-13-2018 10:34 AM - edited ‎04-13-2018 10:40 AM

Re: DMZ + Vlan on HP 2920 switch + Sonciwall Gateway + Transparent Mode for VMs on a server?

I've managed to get all this working, bypassing the switch temporarily..

I guess now my primary question is how to configure the vlan portion just for ports 30/32..

 

Here is the main default_Vlan with all ports set to untagged:

 

 

 

*do i have to edit this to remove port 30 and 32?  

IE:  right now it has    1/1-1/48,2/1-2/48,3/1-3/48,4/1-4/48,Trk1  (stack of 5 switches)

Would i have to manually enter every switch like this to exclude these two? (this switch is member stack 02 so i assume):

1/1-1/48,2/1-2/29, 31, 2/33-2/48,3/1-3/48,4/1-4/48,Trk1 

edit: i realize now this is stack cmdr 1, which is in the 1/xx range for ports so maybe:

1/1-1/29, 31, 1/33-1/48 , 2/1-2/48 ,3/1-3/48,4/1-4/48,Trk1

and when i add vlan of 20 and untagged i get these options:

 

 

I assume I should (?) check off primary vlan (default is also checked as primary)

Ports 30,32

Manual Ip not disabled and give it the switch ip as well?

0 Kudos
markm75
Frequent Advisor

‎04-16-2018 09:22 AM

‎04-16-2018 09:22 AM

Re: DMZ + Vlan on HP 2920 switch + Sonciwall Gateway + Transparent Mode for VMs on a server?

Does anyone have any input on how to proceed on the vlan part of this?

 

Thanks

0 Kudos
markm75
Frequent Advisor

‎04-18-2018 11:20 AM - edited ‎04-18-2018 11:22 AM

‎04-18-2018 11:20 AM - edited ‎04-18-2018 11:22 AM

Re: DMZ + Vlan on HP 2920 switch + Sonciwall Gateway + Transparent Mode for VMs on a server?

I think i do need to do the following.. what i'm not sure on is if i need the Trk1 set for the dmz 20 vlan i've created..

Default Vlan

 

Before:  manual ip 172.16.0.45 , untagged

1/1-1/48,2/1-2/48,3/1-3/48,4/1-4/48,Trk1

 

After: manual ip: 172.16.0.45, untagged

1/1-1/29,1/31, 1/33-1/48,2/1-2/48,3/1/3/48,4/1-4/48,Trk1

 

 

DMZ 20:  manual ip set to 172.16.0.45, untagged

1/30,1/32 , Trk1

0 Kudos
markm75
Frequent Advisor

‎04-18-2018 02:21 PM

‎04-18-2018 02:21 PM

Re: DMZ + Vlan on HP 2920 switch + Sonciwall Gateway + Transparent Mode for VMs on a server?

Solving my own thread here i guess...

 

I used the old GUI interface and just added the two ports as untagged for the dmz vlan, i didnt setup an ip config to the 172.16.0.45 nor set as primary, despite not doing these two things, everything is working for the dmz purposes after plugging them into port 30 and 32 at this point.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.