HPE Community
Switches, Hubs, and Modems
1751926 Members
5136 Online
108783 Solutions
New Discussion юеВ

Simulating a HUB using a few 5304xl ports

 
SOLVED
Go to solution
MDF
Occasional Advisor

тАО09-30-2006 04:01 AM

тАО09-30-2006 04:01 AM

Simulating a HUB using a few 5304xl ports

I currently have my internet connection comes in port 1 of a small hub. Port 2 of the hub goes out to an Aventail appliance and then from the Aventail box to 5304xl to provide internet for a few vlans. Port 3 of the hub goes to a Cisco router for other tasks. Everything is working fine.

My question is:

Is it possible to create a 5 ports VLAN on 5304xl switch (say A1,A2,..A5) to simulate the function of the hub above and have internet connection goes to A1, out on A2 to the Aventail unit and then from the Aventail to the 5304xl again?

vlan 2
name "HUB2"
untagged A1-A5
no ip address
exit

I tried it and it doesn't work. Please keep in mind that everything is working perfectly. I only want to replace the cheap hub in my network by simulating a hub using the the same 5304xl for reliabilty reason.

*Switch Config File attached
0 Kudos
9 REPLIES 9
Mohieddin Kharnoub
Honored Contributor

тАО09-30-2006 03:44 PM

тАО09-30-2006 03:44 PM

Re: Simulating a HUB using a few 5304xl ports

Hi

Do you use the Aventail appliance as an Gateway for the 5300 ? is the 172.19.252.105 is the Aventail IP address ?

Aventail appliances are SSL VPN boxes can work in parallel unless you have your own setup for it.

But if you don't want this SSL VPN to work as gateway and keep it only for Remote Access VPN, then yes you can do that.

Say on the 5300 in Vlan1 you have 3 ports untagged A1-A2-A3, now when you remove the Hub, the internet connection comes to A1, and from A2 to the Aventail, and A3 to the Cisco, so this 3 Ports Vlan is a normal Hub.
And you don't need to do any further configuration to the 5300 except the default route guide it to your internet router.

Good Luck !!!
Science for Everyone
0 Kudos
MDF
Occasional Advisor

тАО09-30-2006 05:24 PM

тАО09-30-2006 05:24 PM

Re: Simulating a HUB using a few 5304xl ports

No, the Aventail unit is used by our head office to control internet access to divisions. 172.19.252.105 is the internet router address.

Here is the original setup:

Internet Router-Aventail-5304xl

But we recently added a cisco router (to do other tasks) the setup becomes:

Internet Router-(1)Hub(2)-Aventail-5304xl
Hub(3)-Cisco Router

(x) is the port number on the Hub.

Since the 5304xl has redundant power supply, I would like to create a vlan that act as a hub to replace the cheap hub that we currently using.



0 Kudos
MDF
Occasional Advisor

тАО09-30-2006 05:26 PM

тАО09-30-2006 05:26 PM

Re: Simulating a HUB using a few 5304xl ports

Internet Router-(1)Hub(2)-Aventail-5304xl
-------------------Hub(3)-Cisco Router
0 Kudos
Matt Hobbs
Honored Contributor

тАО09-30-2006 09:41 PM

тАО09-30-2006 09:41 PM

Re: Simulating a HUB using a few 5304xl ports

If you need the Aventail to see all traffic that is giong through your internet connection, then you can possibly try setting up a monitor/mirror port.

Set the port on the 5300 that connects to the Aventail as the mirror port, and the port that connects to the Internet as the monitor port.

That way all traffic that goes in and out the Internet port, will also go to the Aventail port.

The Cisco port probably does not need to be setup like a hub and can be left as a switched port.
0 Kudos
MDF
Occasional Advisor

тАО10-02-2006 05:47 AM

тАО10-02-2006 05:47 AM

Re: Simulating a HUB using a few 5304xl ports

Sorry. The box is the NETSCREEN 5GT not AVENTAIL appliance. Again, everything is working. All I want to do is to replace the cheap HUB in our network with a VLAN on the 5304xl switch.

Please SEE the attached file for network illustraion.

Thanks...
0 Kudos
MDF
Occasional Advisor

тАО10-02-2006 05:48 AM

тАО10-02-2006 05:48 AM

Re: Simulating a HUB using a few 5304xl ports

Here is the illustration
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО10-02-2006 09:19 PM

тАО10-02-2006 09:19 PM

Re: Simulating a HUB using a few 5304xl ports

Hi

I don;t think you can do that.
But what yo ucan do, the Juniper Netscreen 5GT has 5 Ethernet Ports, by default 4 Trust and 1 Untrust and you need 2 Untrust ports and the rest are Trust.
What you need to do is, in the Interfaces screen, just move one of the Trust interfaces to untrust zone, and these 2 untrust interfaces will be in the same Zone (consider it a 2 ports switch) , one of the Untrust wil connect to the Internet Router, and the Other will connect to the Cisco extra device, and the Trust interface to the 5304.

I'm sure this will work with you, and if you need help in configuring the Netscreen let me know.

Good Luck !!!
Science for Everyone
0 Kudos
MDF
Occasional Advisor

тАО10-03-2006 12:27 AM

тАО10-03-2006 12:27 AM

Re: Simulating a HUB using a few 5304xl ports

Mohieddin,

Thank you for your help.

I am aware that I can set up 2 untrust ports on the Netscreen but I thought that is used for a backup internet connection. From what I understand from the manual, this dual untrust mode is used when you have 2 internet connections (one primary and one backup).

If you are 100% sure this can be done, please confirm and I will ask my head office to reconfigure the netscreen 5GT unit.

0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО10-03-2006 05:29 AM

тАО10-03-2006 05:29 AM

Solution

Re: Simulating a HUB using a few 5304xl ports

Hi

You are correct, but usually Juniper call all WAN connections Untrust interfaces, and that includes ADSL, serial, Ethernet ...
So you can have ADSL as WAN connection and the ethernet port as Backup.

But in your scenario you are using an external router to do the routing, so your WAN connection from the 5GT is the ethernet port, and you can cutomize the Untrust Zone to have 2 of them.
If you notice from the Web interface you can select different modes of the 5 interfaces, like Trust, Untrust ot Trust, Untrust and DMZ and so on.
Anyway you can do that from the CLI and WEB UI

Don't forget to assign points to all posts that helped you.

Good Luck !!!
Science for Everyone
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.