I' am a sys admin who has been tasked with configuring our new core switch. We dont have real dedicated network engineers as we're just a small company with an oversized ego :-)
Right now we have a LAN-to-LAN vpn between our main office and the hosting facilities we're renting two rack spaces at. A breakout to the internet where we have a Sophos firewall in place. Now we need to close the breakout locally and have everything go through hosting. Thus I need do all our routing on our Aruba 2930f, instead of on the firewall and mikrotik routing board we have in place now.
My question is, to get to hosting is it enough to have a 0.0.0.0 0.0.0.0 "insert gateway of hosting firewall" and then configure where to send traffic on the firewall, is it even possible? I' am out a bit deep but I haven't lost hope that I can figure this out eventually, hopefully you guys can be of assistance!
.
.
.
.
Inserting my current config draft below:
.
.
Running configuration:
; JL258A Configuration Editor; Created on release #WC.16.08.0001 ; Ver #14:07.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:24
hostname "KEH10-CORESW"
module 1 type jl258a
time timezone 60
ip access-list extended "UNTRUSTED"
10 permit tcp 10.10.120.0 0.0.0.255 0.0.0.0 255.255.255.255 established
20 permit tcp 10.10.130.0 0.0.0.255 0.0.0.0 255.255.255.255 established
30 permit icmp 10.10.130.0 0.0.0.255 0.0.0.0 255.255.255.255 0
40 permit icmp 10.10.120.0 0.0.0.255 0.0.0.0 255.255.255.255 0
50 deny ip 10.10.120.0 0.0.0.255 10.10.10.0 0.0.0.255
60 deny ip 10.10.120.0 0.0.0.255 10.10.100.0 0.0.0.255
70 deny ip 10.10.120.0 0.0.0.255 10.230.70.0 0.0.1.255
80 deny ip 10.10.130.0 0.0.0.255 10.230.70.0 0.0.1.255
90 deny ip 10.10.130.0 0.0.0.255 10.10.100.0 0.0.0.255
100 deny ip 10.10.130.0 0.0.0.255 10.10.10.0 0.0.0.255
110 permit ip 10.10.120.0 0.0.0.255 0.0.0.0 255.255.255.255
120 permit ip 10.10.130.0 0.0.0.255 0.0.0.0 255.255.255.255 exit
ip route 0.0.0.0 0.0.0.0 10.230.80.1
ip routing
snmp-server community "public" unrestricted snmp-server contact
vlan 1
name "Management"
no untagged 5-8
untagged 1-4,9-10
ip address 172.16.0.1 255.255.254.0
ipv6 enable
ipv6 address dhcp full
exit
vlan 10
name "Servers"
untagged 5-8
tagged 9-10
ip address 10.230.70.1 255.255.254.0
ip helper-address 10.230.70.52
exit
vlan 100
name "Clients"
tagged 9-10
ip address 10.10.100.1 255.255.255.0
ip helper-address 10.230.70.52
exit
vlan 110
name "WiFi"
tagged 9-10
ip address 10.10.110.1 255.255.255.0
ip helper-address 10.230.70.52
exit
vlan 120
name "BYOD"
tagged 9-10
ip access-group "UNTRUSTED" in
ip address 10.10.120.1 255.255.255.0
ip helper-address 10.230.70.52
exit
vlan 130
name "Guest"
tagged 9-10
ip access-group "UNTRUSTED" in
ip address 10.10.130.1 255.255.255.0
ip helper-address 10.230.70.52
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
No comments:
Post a Comment