Hello.
I have this configuration and I don't know how I should configure the port where I connect switch 1 to switch 2 for the firewall to do its job. Port 24 on switch 1 connect to port 23 on switch 2 and port 24 on switch 2 connect to firewall.
I would appreciate your help. Thanks.
Hello, I would say:
Port 24 of Switch 1 should be Tagged member of VLAN 100 and VLAN 101 (to evaluate if it needs to be also Untagged member of some other VLAN id, it depends)
Port 23 of Switch 2 should be Tagged member of VLAN 100 and VLAN 101 (to evaluate if it needs to be also Untagged member of some other VLAN id, it depends)
Port 24 of Switch 1 and Port 23 of Switch 2 act as a trunk (here trunk means carrying more VLAN tags) and they should be set on both ends as point-to-point-mac true (because those ports interconnect two switches -> in ProCurve it means a command such as spanning-tree ethernet <port-id> point-to-point-mac true IF you have spanning tree properly configured yet on both switches).
Port 24 of Switch 2 (facing your Firewall) should be a Tagged member of VLAN 100, VLAN 101, VLAN 200 and VLAN 201: the assumption is that your Firewall is properly configured to be the router for those four VLAN ids...and so its Ethernet Interface facing the Switch 2 should be configured to carry VLAN 100, 101, 200 and 201 and it should be configured with VLAN IP addresses (those are the Gateway IP Addresses respectively for clients of VLAN 100, clients of VLAN 101, clients of VLAN 200 and clients of VLAN 201). Another assumption is that Switch 1 and Switch 2 don't perform any IP Routing (ip routing disabled).
Edit: another assumption (more related to terminology I used, concepts remain the same) is that you're dealing with HP ProVision or Aruba ArubaOS-Switch OS based switch series.
I'm not an HPE Employee
Trunk?
Not with the meaning that the word "port trunk" has in PVOS/ArubaOS-Switch context.
You should know that "Port Trunking" (I didn't cite this feature because your switches haven't any "Port Trunk" in the topology you pictured) in PVOS/ArubaOS-Switch context means "Links Aggregation" (Non Protocol or LACP) and it doesn't mean carrying multiple VLANs over a logical/physical interface as one could expect.
In simple words, for a Cisco guy your:
- Switch 2 Port 24 (to Firewall)
- Switch 1 Port 24 (to Switch 2 Port 23)
- Switch 2 Port 23 (to Switch 1 Port 24)
will be set all as "Trunk" ports (because in Cisco jargon a "Trunk" port is a port carrying multiple VLANs)...but for a HP/HPE/Aruba guy working on PVOS/ArubaOS-Switch based Switch series those ports need simply to be tagged with
multiple VLANs (the VLANs you require to be "transported").
Access ports instead are simply untagged on relevant VLANs (untagged on a VLAN id = set with Native VLAN id = set wth the PVID).
Since you didn't say absolutely nothing to identify the switches you're referring to...pay attention to wording...wording is really important and using a term or another could cause nasty misunderstandings.
Edit: since you posted on a HPE Community (Networking) Forum my assumption is that you're dealing with HP/HPE or HPE Aruba Switch Series...PVOS means ProVision OS (used in old HP ProCurve switches), ArubaOS-Switch instead is the new OS of old PVOS...and runs on newer HP/HPE Aruba Switch Series. There are others but it's enough.
I'm not an HPE Employee