topic Newb Config help MSTP and DMZs in ExtremeSwitching (EXOS/Switch Engine) https://community.extremenetworks.com/t5/extremeswitching-exos-switch/newb-config-help-mstp-and-dmzs/m-p/64312#M18144 Here are my notes from changes made to a fresh out of the box X620. I did upgrade OS to 22.5.1.7-patch1-3<BR /> <BR /> We have 2-X620s that will be for our small Nutanix cluster. This is the 3rd switch that will be our "core" switch. We have a Sophos UTM that will be in front as the firewall - and an older Cisco 3560 that will be decommissioned when we get the Nutanix cluster in production. <BR /> <BR /> Any major errors standing out below? <BR /> <BR /> MetroE VLAN is our comcast fiber. We are plugging that layer 2 comcast connection into this switch so we can run one cable apiece to Sophos UTM1 and SophosUTM2 ( passive HA) <BR /> <BR /> WAN2- is our backup internet and will take up 4 ports on this switch... 1 each going to SophosUTM, 1 going to another router for our lab environment, 1 port to the ATT router. <BR /> <BR /> SIP VLAN is for our ATT SIP trunk - this will be plugged into the Extreme1and2 and Nutanix will need to be aware of this VLAN so the traffic can end up on our virtual machine PBX. <BR /> <BR /> <BR /> Any help/comments will be appreciated! thanks! <BR /> <BR /> Would you like to disable MSTP? No<BR /> Choice to Enable Enhanced Security mode? Yes<BR /> Would you like to Enable Enhanced Security mode? Yes<BR /> Please create an admin account. <BR /> Username<BR /> Password (entered twice)<BR /> <BR /> Login with new user/pass<BR /> <BR /> configure vlan mgmt ipaddress 169.254.90.13 255.255.0.0<BR /> conifgure iproute add default 169.254.90.1 vr vr-mgmt<BR /> configure vlan default ipaddress 10.250.0.47 255.255.255.0<BR /> configure iproute add default 10.250.0.1<BR /> <BR /> configure ssl certificate privkeylen 4096 country US organization Xxxx common-name xxxxSSL<BR /> enable ssh<BR /> enable web https<BR /> <BR /> configure vlan Default delete ports all<BR /> configure vlan Default add ports 1-9 untagged<BR /> <BR /> create vlan "SIP"<BR /> configure vlan SIP tag 10<BR /> <BR /> create vlan "DMZ"<BR /> configure vlan DMZ tag 76<BR /> <BR /> create vlan "MetroE"<BR /> configure vlan MetroE tag 199<BR /> configure vlan MetroE add ports 10-12 untagged<BR /> <BR /> create vlan "WAN2"<BR /> configure vlan WAN2 tag 202<BR /> configure vlan WAN2 add ports 13-16 untagged<BR /> <BR /> configure mstp region region1<BR /> <BR /> configure stpd s0 mode mstp cist<BR /> configure stpd s0 priority 32768<BR /> enable stpd s0<BR /> <BR /> create stpd s1<BR /> configure stpd s1 mode mstp msti 1<BR /> configure stpd s1 priority 32768<BR /> <BR /> <BR /> configure stpd s1 add Default ports all<BR /> configure stpd s1 add SIP ports all<BR /> configure stpd s1 add DMZ ports all<BR /> configure stpd s1 add MetroE ports all<BR /> configure stpd s1 add WAN2 ports all<BR /> <BR /> enable s1 auto-bind vlan Default<BR /> enable s1 auto-bind vlan SIP<BR /> enable s1 auto-bind vlan DMZ<BR /> enable s1 auto-bind vlan MetroE<BR /> enable s1 auto-bind vlan WAN2<BR /> configure s1 ports auto-edge on 3-16<BR /> enable stpd s1 Thu, 21 Mar 2019 23:11:40 GMT exSMM 2019-03-21T23:11:40Z Newb Config help MSTP and DMZs https://community.extremenetworks.com/t5/extremeswitching-exos-switch/newb-config-help-mstp-and-dmzs/m-p/64312#M18144 Here are my notes from changes made to a fresh out of the box X620. I did upgrade OS to 22.5.1.7-patch1-3<BR /> <BR /> We have 2-X620s that will be for our small Nutanix cluster. This is the 3rd switch that will be our "core" switch. We have a Sophos UTM that will be in front as the firewall - and an older Cisco 3560 that will be decommissioned when we get the Nutanix cluster in production. <BR /> <BR /> Any major errors standing out below? <BR /> <BR /> MetroE VLAN is our comcast fiber. We are plugging that layer 2 comcast connection into this switch so we can run one cable apiece to Sophos UTM1 and SophosUTM2 ( passive HA) <BR /> <BR /> WAN2- is our backup internet and will take up 4 ports on this switch... 1 each going to SophosUTM, 1 going to another router for our lab environment, 1 port to the ATT router. <BR /> <BR /> SIP VLAN is for our ATT SIP trunk - this will be plugged into the Extreme1and2 and Nutanix will need to be aware of this VLAN so the traffic can end up on our virtual machine PBX. <BR /> <BR /> <BR /> Any help/comments will be appreciated! thanks! <BR /> <BR /> Would you like to disable MSTP? No<BR /> Choice to Enable Enhanced Security mode? Yes<BR /> Would you like to Enable Enhanced Security mode? Yes<BR /> Please create an admin account. <BR /> Username<BR /> Password (entered twice)<BR /> <BR /> Login with new user/pass<BR /> <BR /> configure vlan mgmt ipaddress 169.254.90.13 255.255.0.0<BR /> conifgure iproute add default 169.254.90.1 vr vr-mgmt<BR /> configure vlan default ipaddress 10.250.0.47 255.255.255.0<BR /> configure iproute add default 10.250.0.1<BR /> <BR /> configure ssl certificate privkeylen 4096 country US organization Xxxx common-name xxxxSSL<BR /> enable ssh<BR /> enable web https<BR /> <BR /> configure vlan Default delete ports all<BR /> configure vlan Default add ports 1-9 untagged<BR /> <BR /> create vlan "SIP"<BR /> configure vlan SIP tag 10<BR /> <BR /> create vlan "DMZ"<BR /> configure vlan DMZ tag 76<BR /> <BR /> create vlan "MetroE"<BR /> configure vlan MetroE tag 199<BR /> configure vlan MetroE add ports 10-12 untagged<BR /> <BR /> create vlan "WAN2"<BR /> configure vlan WAN2 tag 202<BR /> configure vlan WAN2 add ports 13-16 untagged<BR /> <BR /> configure mstp region region1<BR /> <BR /> configure stpd s0 mode mstp cist<BR /> configure stpd s0 priority 32768<BR /> enable stpd s0<BR /> <BR /> create stpd s1<BR /> configure stpd s1 mode mstp msti 1<BR /> configure stpd s1 priority 32768<BR /> <BR /> <BR /> configure stpd s1 add Default ports all<BR /> configure stpd s1 add SIP ports all<BR /> configure stpd s1 add DMZ ports all<BR /> configure stpd s1 add MetroE ports all<BR /> configure stpd s1 add WAN2 ports all<BR /> <BR /> enable s1 auto-bind vlan Default<BR /> enable s1 auto-bind vlan SIP<BR /> enable s1 auto-bind vlan DMZ<BR /> enable s1 auto-bind vlan MetroE<BR /> enable s1 auto-bind vlan WAN2<BR /> configure s1 ports auto-edge on 3-16<BR /> enable stpd s1 Thu, 21 Mar 2019 23:11:40 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/newb-config-help-mstp-and-dmzs/m-p/64312#M18144 exSMM 2019-03-21T23:11:40Z Re: Newb Config help MSTP and DMZs https://community.extremenetworks.com/t5/extremeswitching-exos-switch/newb-config-help-mstp-and-dmzs/m-p/64313#M18145 OP edited Fri, 22 Mar 2019 00:04:10 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/newb-config-help-mstp-and-dmzs/m-p/64313#M18145 exSMM 2019-03-22T00:04:10Z