HPE Community
HPE Aruba Networking & ProVision-based
1827286 Members
2178 Online
109717 Solutions
New Discussion

Setting Up a WAN

 
SOLVED
Go to solution
larry22
Advisor

‎09-21-2013 03:27 PM

‎09-21-2013 03:27 PM

Setting Up a WAN

Here is what our network looks like now:

School A - A core switch (10.1.2.51 - Procurve 5412zl) which does all the routing
Sonicwall - 10.1.2.50 where the internet comes from (into X1)
Two subnets - 10.1.2.xxx (512 IPs) = wired LAN - VLAN1
10.2.1.xxx (512 IPs) = wireless LAN - VLAN30
Filter - 10.1.2.18 (filters all traffic, pretty much only adult content)
Other misc. servers, etc.

School B - A core switch (10.5.0.11 - Procurve 5304xl) which does all the routing
Sonicwall - 10.5.0.10 where the internet comes from (into X5 for some reason)
Two subnets - 10.5.0.xxx (512 IPs) = wired LAN - VLAN50
10.6.0.xxx (512 IPs) = wireless LAN - VLAN60
Other misc. servers, etc.

Now, we are going to have a Fiber WAN setup between these two schools. School A will be the Hub and School B will be the spoke. Our ISP says it should be setup like a PTP between the two. 

Some questions:

I'm going to come out of School A right into the current School B core switch bypassing the current School B firewall completely, right? Because the Firewall at School A will takeover all of that. 

What do I need to add to the School B core switch so that any non-School B packets (like the internet) will be passed back to School A (which the WAN will come from)?

The ISP engineer also said that I needed to make sure that what was coming from School B into the School A core switch port - I had to make sure THAT port included all the subnets (something about a "on a stick")?

Thanks!

0 Kudos
23 REPLIES 23
Vince_Whirlwind
Trusted Contributor

‎09-22-2013 02:55 PM

‎09-22-2013 02:55 PM

Solution

Re: Setting Up a WAN

As your SiteB has a core switch/router, you don't need the routing for the SiteB subnets to be done at SiteA.

 

Create a "Inter-School-Link" VLAN9 at both sites:

   Address SiteA VLAN9 interface = 10.9.1.1/24

   Address SiteB VLAN9 interface = 10.9.1.2/24

Now, connect the 5412 and the 5304. The interfaces that form this connection should be in VLAN9, untagged is fine.

 

At SiteA, you now need to configure routing so the SiteA switch knows where the SiteB subnets are:

   10.5.0.0 --> 10.9.1.2

   10.6.0.0 --> 10.9.1.2

 

At SiteB, you just need a default route pointing at SiteA:

   0.0.0.0 --> 10.9.1.1

 

Your SIteA firewall will then probably need the same routes as the SiteA core switch/router, except they will be configured to point at the same interface its current route for 10.2.0.0 points at.

0 Kudos
larry22
Advisor

‎09-22-2013 03:04 PM

‎09-22-2013 03:04 PM

Re: Setting Up a WAN

So, no trunk port?
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-22-2013 03:12 PM

‎09-22-2013 03:12 PM

Re: Setting Up a WAN

You could create a trunk port if you are using multiple fibres to link your sites and want to aggregate them.

0 Kudos
larry22
Advisor

‎09-22-2013 03:13 PM

‎09-22-2013 03:13 PM

Re: Setting Up a WAN

Site B is the first one coming online. Site C and D will follow. All through the same cable from the ISPs fiber. So I would trunk that port?
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-22-2013 03:14 PM

‎09-22-2013 03:14 PM

Re: Setting Up a WAN

Or, if you are referring to VLAN tagging, then no, you already have a core switch/router on SiteB, you do not have any VLANs you need to trunk between sites.

The advice you mention your ISP Engineer has given you does not seem to be correct for your situation. It would be correct if you did not have a router on SiteB.

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-22-2013 03:15 PM

‎09-22-2013 03:15 PM

Re: Setting Up a WAN

Do Sites C & D have their own on-site core switch/router, just like Site B?

0 Kudos
larry22
Advisor

‎09-22-2013 03:16 PM

‎09-22-2013 03:16 PM

Re: Setting Up a WAN

If a 2910gl does routing then yes.
0 Kudos
larry22
Advisor

‎09-22-2013 03:21 PM

‎09-22-2013 03:21 PM

Re: Setting Up a WAN

Actually maybe its a 2910al.
0 Kudos
larry22
Advisor

‎09-22-2013 03:53 PM

‎09-22-2013 03:53 PM

Re: Setting Up a WAN

Yep, its a 2910al.
0 Kudos
larry22
Advisor

‎09-22-2013 04:41 PM

‎09-22-2013 04:41 PM

Re: Setting Up a WAN

Hi Vince,
I think I get everything you're saying except below.  I know how to do the ip-route 0.0.0.0 0.0.0.0 10.9.1.1 at Site B but I don't know how to "configure routing so SiteA knows where the 10.5 and 10.6 subnets are".  What command is that?
@Vince_Whirlwind wrote:

At SiteA, you now need to configure routing so the SiteA switch knows where the SiteB subnets are:

   10.5.0.0 --> 10.9.1.2

   10.6.0.0 --> 10.9.1.2

 

 

 

0 Kudos
larry22
Advisor

‎09-22-2013 04:59 PM

‎09-22-2013 04:59 PM

Re: Setting Up a WAN

So it would be from the config:
ip route 10.5.0.0 255.255.254.0 10.9.1.2
ip route 10.6.0.0 255.255.254.0 10.9.1.2

THEN, on site B core put ip route 0.0.0.0 0.0.0.0 10.9.1.1

Thanks,
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-22-2013 07:37 PM

‎09-22-2013 07:37 PM

Re: Setting Up a WAN

Yes, that looks OK.....except for your 10.5.0.0 subnet - if you are using a /23 mask, then the subnet is 10.4.0.0/23.

0 Kudos
larry22
Advisor

‎09-23-2013 03:13 AM

‎09-23-2013 03:13 AM

Re: Setting Up a WAN

Okay, two things: I already out them in but when I do no IP route to fix the netmask issue it doesn't delete it. Also, should these show up under show IP route. But they do under show config.
0 Kudos
larry22
Advisor

‎09-23-2013 06:48 AM

‎09-23-2013 06:48 AM

Re: Setting Up a WAN

Are you sure?  I mean at Site B, the wired LAN is 10.5.0.1-10.5.1.254 - 512 or something (/23) and wireless is 10.6.0.1-10.6.1.254.  Why would it be 10.4?

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-23-2013 04:54 PM

‎09-23-2013 04:54 PM

Re: Setting Up a WAN

Spoiler
 

 

Oh yeah - ignore me, I was having a blonde moment.

0 Kudos
larry22
Advisor

‎09-23-2013 05:44 PM

‎09-23-2013 05:44 PM

Re: Setting Up a WAN

Okay, well I think I'm all set.  I've already created the static routes, the VLans, etc.  As soon as I get the go-ahead from the ISP, I'm going to hook them both up to the untagged VLAN9 port, then change the default route at Site B to Site A 10.9.1.1.

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-23-2013 05:56 PM

‎09-23-2013 05:56 PM

Re: Setting Up a WAN

Just make sure all the hosts at SiteB have their default GW on your SiteB Core switch/router and not on the local firewall.

0 Kudos
larry22
Advisor

‎09-23-2013 06:07 PM

‎09-23-2013 06:07 PM

Re: Setting Up a WAN

They do already, my gateway/router for all statics and DHCP is 10.5.0.11 (the core switch).  10.5.0.10 is the Sonicwall.

0 Kudos
larry22
Advisor

‎09-25-2013 04:27 PM

‎09-25-2013 04:27 PM

Re: Setting Up a WAN

Vince - worked like a charm. Thanks for all your help.

Bit of a digression, it's a bad idea to have port monitoring on all your ports on your core switch, right?
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-25-2013 06:15 PM

‎09-25-2013 06:15 PM

Re: Setting Up a WAN

Do you mean using a tool such as Solarwinds to query the core switch for port stats on every port?

 

If so, then it's probably a good idea, it doesn't generate huge amounts of traffic, but you can check the traffic and CPU load by changing the polling interval up or down and seeing the change in average CPU%, etc...

0 Kudos
larry22
Advisor

‎09-25-2013 06:21 PM

‎09-25-2013 06:21 PM

Re: Setting Up a WAN

No, I found that my predecessor had set up E3 as a mirror and then monitored ALL the ports on the switch.
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎09-26-2013 05:47 PM

‎09-26-2013 05:47 PM

Re: Setting Up a WAN

What is all this mirrored traffic being used for? It may not be particularly useful.

0 Kudos
larry22
Advisor

‎09-26-2013 05:55 PM

‎09-26-2013 05:55 PM

Re: Setting Up a WAN

I have no idea what she was thinking, can't be very efficient.  I think she thought that it would help the filter.  But for the filter you only need to monitor the WAN port.

 

Question about the static routes and NAT's I did for the Sonicwall.  Since all my subnets at all the schools are 10.X.X.X, could I just do one route called 10.0.0.0/8 for my static routes and NAT's rather than doing it for every single subnet.  Any issues with that?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.