8 Krypton

7048 config as default gateway. Next hop Juniper and internet

Jump to solution

Hi, We have a stack of 2x 7048s which are (is?) configured as the default gateway for a number of VLANs coming from some Dell blade chassis. I wont go into too much detail as it's more of a conceptual thing i need to know

8x VLANS, all of which are x.x.x.254, 255.255.255.0. Great. All the internal stuff works a treat.

I now want to take port 48 and plug a juniper firewall into it and have all the internal stuff be able to acces the internet. safely.

I can set up the Juniper and access the internet separately and it all works fine too. How do i join the two together? How do i configure port 48 to be the gateway for the internet for all the VLANS ?

from the outside inwards the external internet connection (internally) is 192.168.1.254. It DHCPs my Juniper with 192.168.1.92 (UnTrust delivered by DHCP from the external router). Juniper Trust IP is negotiable but currently i have it set as 192.168.2.1 (static) and was going to have the port set as 192.168.2.254

So its the conceptual bit of getting all the .254 VLANs to see port 48 as the exit to the internet i'm lokoing for. Then i need to set up DNS etc internally and on the Juniper which is the next challenge.

Thanks in advance

 

 

0 Kudos
1 Solution

Accepted Solutions
Moderator
Moderator

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

The command to enter a route that will direct traffic to the firewall is.

console(config)#IP route 0.0.0.0 0.0.0.0 192.168.2.1

On the 7048 the IP address 192.168.2.254 needs to be for VLAN 10. And then no other VLAN should be in the 192.168.2.x broadcast domain.

console(config)#interface vlan 10

console(config-vlan)#ip address 192.168.2.254 255.255.255.0

Then to relay DHCP packets to the DHCP server you would add a the ip helper command

console(config)#ip helper-address 192.168.1.92 dhcp

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

7 Replies
Moderator
Moderator

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

With the stack performing the routing what we would want to do is setup a VLAN that is dedicated to the connection from the stack to the firewall, then place the connecting port into access mode for that VLAN. Then use a static route to direct traffic from the various VLANs to the next hop in the network, the firewall. I have drawn up a diagram here which I hope takes care of some of your questions.

 

 

The other side of things is that in some cases the firewall may need to have a static route added to it, helping traffic back to the stack.

 

Keep us updated.

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
8 Krypton

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

So what commands would i need to implement this? The Access VLANs you have drawn are actually trunks from a dell chassis switch which are LAG'd onto the 7048. The chassis houses 16 bladeds that are VM hosts and all the servers etc accessing the internet will be from this virtual environment. plus anything else getting plugged in (either an end device or other switches) would need to be able to see this route too

What commands would i need to use?

0 Kudos
Moderator
Moderator

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

The connection from the stack to the blade chassis switches or any other switch on the network would indeed be a Trunk connection, with the VLANs tagged.

console(config-if)# switchport mode trunk

console(config-if)# switchport trunk allowed vlan add 2,3,4 tagged

And can be changed to correspond to the VLANs you have on the network.

The connection from the Stack to the firewall needs to be it's own VLAN and in access mode.

console(config-if)# switchport mode access

console(config-if)# switchport access vlan 10

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
8 Krypton

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

how do i add the route 0.0.0.0 0.0.0.0 192.168.2.254 (or is it 1?)? i did this

conf

int gi1/0/48

switchport mode access

switchport access vlan 10

0 Kudos
Moderator
Moderator

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

The command to enter a route that will direct traffic to the firewall is.

console(config)#IP route 0.0.0.0 0.0.0.0 192.168.2.1

On the 7048 the IP address 192.168.2.254 needs to be for VLAN 10. And then no other VLAN should be in the 192.168.2.x broadcast domain.

console(config)#interface vlan 10

console(config-vlan)#ip address 192.168.2.254 255.255.255.0

Then to relay DHCP packets to the DHCP server you would add a the ip helper command

console(config)#ip helper-address 192.168.1.92 dhcp

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

8 Krypton

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

Thanks Daniel. working like a charm now

0 Kudos
Moderator
Moderator

Re: 7048 config as default gateway. Next hop Juniper and internet

Jump to solution

Excellent, that is great to hear. Thanks for keeping us up to date.

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos