HPE Community
HPE Aruba Networking & ProVision-based
1822197 Members
3691 Online
109640 Solutions
New Discussion юеВ

Switch port ProCurve 5412zl

 
Virginie A.-Jacques
New Member

тАО11-30-2010 07:29 AM

тАО11-30-2010 07:29 AM

Switch port ProCurve 5412zl


Hi,

I have a Procurve 5412zl switch on which I enabled routing. It is my central switch. I want to set it as the gateway for all the Vlans. A sonicwall connected to the main switch provides internet access for the network.

I have 2 problems:

1- I want the DHCP requests for all Vlan (except VLAN 10) to be redirected to the Sonicwall. I plan to use ip helper-address. Hope it's gonna work. Do you have advice about this?

2- I want the users to be able to access the internet (from all Vlans). I don't know how the configure the link between the switch and the sonicwall. I tried a configuration with "no switchport" in Packet Tracer and it was successful. But this command doesn't exist for HP ProCurve...

0 Kudos
2 REPLIES 2
Michael_Breuer
Esteemed Contributor

тАО11-30-2010 02:31 PM

тАО11-30-2010 02:31 PM

Re: Switch port ProCurve 5412zl

Hello,

best practice is to setup a dedicated transfer Vlan to route the traffic between the Procurve and the firewall. On the Procurve you just put the port connected to the firewall in that Vlan - you will achieve the same functionality as a routed port.


example:

IP address on the firewall: 10.10.10.2/24


VLAN 30
name ...
ip address ...
ip helper-address 10.10.10.2

...

VLAN 60
name "TRANSFER"
ip address 10.10.10.1/24
untagged A1 (the port connected to the firewall)

ip route 0.0.0.0 0.0.0.0 10.10.10.2

Cheers,

Michael
Ingentive Networks GmbH
0 Kudos
Maurizio_Pigato
Regular Visitor

тАО10-28-2015 08:02 AM - edited тАО10-28-2015 08:02 AM

тАО10-28-2015 08:02 AM - edited тАО10-28-2015 08:02 AM

Re: Switch port ProCurve 5412zl

Hello guys, especially @Michael_Breuer

I have a similar configuration and similar problem,

 

You are recommending "Best practice is to use a dedicated transfer VLAN  with only two IPs: the firewall and the routing switch" but what about NATting? I mean, in general from the Firewall you have some services which are mapped to specific ports (i.e. port 80 & 443 for mail).

How can I map the port forward to reach my servers?

 

Example

*********

 

Vlan 10: PC

10.10.10.0/24

 

Vlan 20: Printers

10.10.20.0/24

 

Vlan 40: Servers

10.10.40.0/24

10.10.40.1 is HTTP & HTTPS Server

10.10.40.254 HP switch

 

 

Vlan 60: Transfer

10.10.60.253 HP Switch

10.10.60.254 Firewall (let's say Watchguard for example)

 

How can I NAT the services from 10.10.60.254 to 10.10.40.1 ?

 

Thanks a lot for your advices

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.