HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Community
Aruba & ProVision-based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VLAN Gateway/Static Route

 
SOLVED
Go to solution
colly72
colly72
Occasional Advisor

‎03-04-2016 06:44 AM

‎03-04-2016 06:44 AM

VLAN Gateway/Static Route

OK, so I have a Hyper-V 2012 R2 host, which is connected (via converged fabric with 8 Teamed NICs) to my HP5500 HI IRF core switches. The VMs on the host are in their own VLAN (VLAN 70), which using inter vlan routing on the core, works perfectly. They get their IPs from the DHCP server where required and can access the internet, via our Sophos UTM (which is the default gateway of the core stack).

I now have a requirement to create a DMZ and have a new VM on the host connected to it. I then want the Sophos UTM to do the firewall rules to allow /restrict access.

My question is, how do I go about it? I thought I could create a new Virtual switch, then bind two NICs to it, then use that virtual switch for the new VM. How though, do I get it to use the UTM as the router and not the core switch?

Any help gratefully received.

0 Kudos
Reply
3 REPLIES
16again
16again
Respected Contributor

‎03-04-2016 11:54 PM

‎03-04-2016 11:54 PM

Re: VLAN Gateway/Static Route

On switch, add a VLAN for DMZ.  On switch aggregated interface towards HyperV , add this VLAN tagged.  On HyperV, configure guest VM to use this DMZ VLAN.  (Enable virtual lan identification checkbox, and specify VLAN number below it)

Reply
colly72
colly72
Occasional Advisor

‎03-07-2016 01:51 AM

‎03-07-2016 01:51 AM

Re: VLAN Gateway/Static Route

I've already done that, but the VLAN is still using the core switch as it's router.  I want the VLAN to have the Sophos UTM as it's default gateway, so I can use it all allow/deny traffic between the DMZ/LAN.  All my other VLANs should have the core switch as the default gateway.

Do I need to use policy based routing for this?  Can anyone give me an example config?

0 Kudos
Reply
16again
16again
Respected Contributor

‎03-07-2016 02:00 AM

‎03-07-2016 02:00 AM

Solution

Re: VLAN Gateway/Static Route

Simply configure the default gateway on the HyperV guests, or alter DHCP settings, so Sophos IP is used.
If core switch isn't involved in routing DMZ packets ,  get rid of the core layer3 interface in the DMZ.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.