This post is more than 5 years old
31 Posts
0
24015
7048 config as default gateway. Next hop Juniper and internet
Hi, We have a stack of 2x 7048s which are (is?) configured as the default gateway for a number of VLANs coming from some Dell blade chassis. I wont go into too much detail as it's more of a conceptual thing i need to know
8x VLANS, all of which are x.x.x.254, 255.255.255.0. Great. All the internal stuff works a treat.
I now want to take port 48 and plug a juniper firewall into it and have all the internal stuff be able to acces the internet. safely.
I can set up the Juniper and access the internet separately and it all works fine too. How do i join the two together? How do i configure port 48 to be the gateway for the internet for all the VLANS ?
from the outside inwards the external internet connection (internally) is 192.168.1.254. It DHCPs my Juniper with 192.168.1.92 (UnTrust delivered by DHCP from the external router). Juniper Trust IP is negotiable but currently i have it set as 192.168.2.1 (static) and was going to have the port set as 192.168.2.254
So its the conceptual bit of getting all the .254 VLANs to see port 48 as the exit to the internet i'm lokoing for. Then i need to set up DNS etc internally and on the Juniper which is the next challenge.
Thanks in advance
Anonymous
274.2K Posts
1
July 24th, 2013 11:00
The command to enter a route that will direct traffic to the firewall is.
console(config)#IP route 0.0.0.0 0.0.0.0 192.168.2.1
On the 7048 the IP address 192.168.2.254 needs to be for VLAN 10. And then no other VLAN should be in the 192.168.2.x broadcast domain.
console(config)#interface vlan 10
console(config-vlan)#ip address 192.168.2.254 255.255.255.0
Then to relay DHCP packets to the DHCP server you would add a the ip helper command
console(config)#ip helper-address 192.168.1.92 dhcp
Anonymous
274.2K Posts
0
July 24th, 2013 06:00
With the stack performing the routing what we would want to do is setup a VLAN that is dedicated to the connection from the stack to the firewall, then place the connecting port into access mode for that VLAN. Then use a static route to direct traffic from the various VLANs to the next hop in the network, the firewall. I have drawn up a diagram here which I hope takes care of some of your questions.
The other side of things is that in some cases the firewall may need to have a static route added to it, helping traffic back to the stack.
Keep us updated.
haggisnneeps
31 Posts
0
July 24th, 2013 08:00
So what commands would i need to implement this? The Access VLANs you have drawn are actually trunks from a dell chassis switch which are LAG'd onto the 7048. The chassis houses 16 bladeds that are VM hosts and all the servers etc accessing the internet will be from this virtual environment. plus anything else getting plugged in (either an end device or other switches) would need to be able to see this route too
What commands would i need to use?
haggisnneeps
31 Posts
0
July 24th, 2013 09:00
how do i add the route 0.0.0.0 0.0.0.0 192.168.2.254 (or is it 1?)? i did this
conf
int gi1/0/48
switchport mode access
switchport access vlan 10
Anonymous
274.2K Posts
0
July 24th, 2013 09:00
The connection from the stack to the blade chassis switches or any other switch on the network would indeed be a Trunk connection, with the VLANs tagged.
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add 2,3,4 tagged
And can be changed to correspond to the VLANs you have on the network.
The connection from the Stack to the firewall needs to be it's own VLAN and in access mode.
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 10
haggisnneeps
31 Posts
0
July 27th, 2013 04:00
Thanks Daniel. working like a charm now
Anonymous
274.2K Posts
0
July 29th, 2013 07:00
Excellent, that is great to hear. Thanks for keeping us up to date.