HPE Community
Aruba & ProVision-based
1752662 Members
5769 Online
108788 Solutions
New Discussion

Trunking interconnectivity with Firewall Issue

 
PomaH
Occasional Visitor

‎10-21-2014 03:02 PM - last edited on ‎10-26-2014 07:34 PM by

‎10-21-2014 03:02 PM - last edited on ‎10-26-2014 07:34 PM by

Trunking interconnectivity with Firewall Issue

Hello Community!

 

I have an issue to connect trunking interfaces between Fortigate 200D and 2 Procurve 3800 switches.

 

Here is how I have it set up:

 

I have couple of vlans say: vlan11, vlan12, and vlan50. Identical port assignment on both switches. Ports 25 are connected with SFP+ cable. Potr 25 is carrying tagged traffic for all vlans. This is simply to connect two switches

 

Now I have ports 1 and 2 also setup as trunks and they only carrying tagged traffic for vlan11, vlan12 on both switches.

 

Port1 on switch1 is connected to NIC1 on Hyper-v server. I created virtual Hyper-v switch from NIC1. Each VM now can pass tagged traffic depending on their corresponding vlan.

 

Port2 on switch2 is connected to Int1 on Fortigate device which is also carrying tagged traffic for vlan11 and vlan12.

 

This way everything works.

 

The second I move both Hyper-V wire and Fortigate wire to one switch port 1&2 it stops working. It doesn’t matter which switch, switch1 or switch2.

For it to work hyper-v and fortigate trunks must be connected to separate switches.

 

I need to have it working in both scenarios since I'm planning to do NIC teaming on Hyper-v. One connection to Hyper-v server is not an option.

 

I disabled STA, no help. Only these two lines related to STA exist and I cant get then removed

 

 

spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4

 

Trk1 are ports 1&2

Trk2 are ports 25&26

 

 

I banging my head for the second day and can't get this to work.

 

I will highly appreciate any advice.

 

Thank you

 

 

P.S. This thread has been moved from Comware-Based to ProCurve / ProVision-Based. -HP Forum Moderator

 

 

 

0 Kudos
3 REPLIES 3
Vince-Whirlwind
Honored Contributor

‎10-22-2014 09:22 PM

‎10-22-2014 09:22 PM

Re: Trunking interconnectivity with Firewall Issue

you've trunked ports 1&2 together as "Trk1", and you are connecting port1 to one device and port2 to a completely different device?

 

Of course that's not going to work.

Delete "Trk1".

 

But what I would really do is stack the two 3800s together.

Create "Trk1" with members Sw1Port1 & Sw2Port1

Create "Trk2" with members Sw1Port2 & Sw2Port2

 

Patch FW to SW1Port1 & Sw2Port1

Patch Server to SW1Port2 & Sw2Port2

0 Kudos
PomaH
Occasional Visitor

‎10-23-2014 08:12 AM

‎10-23-2014 08:12 AM

Re: Trunking interconnectivity with Firewall Issue

Can this be done without stacking? I dont have stocking module at the moment. Also I'm planning to expand  this to 4 switches.

 

Thank you for adwise

 

 

0 Kudos
Vince-Whirlwind
Honored Contributor

‎10-23-2014 09:47 PM

‎10-23-2014 09:47 PM

Re: Trunking interconnectivity with Firewall Issue

Delete Trk1 and make sure the physical switchports have the correct config on them.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.