This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Newb Config help MSTP and DMZs

Newb Config help MSTP and DMZs

exSMM
New Contributor

‎03-21-2019 04:11 PM

Here are my notes from changes made to a fresh out of the box X620. I did upgrade OS to 22.5.1.7-patch1-3

We have 2-X620s that will be for our small Nutanix cluster. This is the 3rd switch that will be our "core" switch. We have a Sophos UTM that will be in front as the firewall - and an older Cisco 3560 that will be decommissioned when we get the Nutanix cluster in production.

Any major errors standing out below?

MetroE VLAN is our comcast fiber. We are plugging that layer 2 comcast connection into this switch so we can run one cable apiece to Sophos UTM1 and SophosUTM2 ( passive HA)

WAN2- is our backup internet and will take up 4 ports on this switch... 1 each going to SophosUTM, 1 going to another router for our lab environment, 1 port to the ATT router.

SIP VLAN is for our ATT SIP trunk - this will be plugged into the Extreme1and2 and Nutanix will need to be aware of this VLAN so the traffic can end up on our virtual machine PBX.


Any help/comments will be appreciated! thanks!

Would you like to disable MSTP? No
Choice to Enable Enhanced Security mode? Yes
Would you like to Enable Enhanced Security mode? Yes
Please create an admin account.
Username
Password (entered twice)

Login with new user/pass

configure vlan mgmt ipaddress 169.254.90.13 255.255.0.0
conifgure iproute add default 169.254.90.1 vr vr-mgmt
configure vlan default ipaddress 10.250.0.47 255.255.255.0
configure iproute add default 10.250.0.1

configure ssl certificate privkeylen 4096 country US organization Xxxx common-name xxxxSSL
enable ssh
enable web https

configure vlan Default delete ports all
configure vlan Default add ports 1-9 untagged

create vlan "SIP"
configure vlan SIP tag 10

create vlan "DMZ"
configure vlan DMZ tag 76

create vlan "MetroE"
configure vlan MetroE tag 199
configure vlan MetroE add ports 10-12 untagged

create vlan "WAN2"
configure vlan WAN2 tag 202
configure vlan WAN2 add ports 13-16 untagged

configure mstp region region1

configure stpd s0 mode mstp cist
configure stpd s0 priority 32768
enable stpd s0

create stpd s1
configure stpd s1 mode mstp msti 1
configure stpd s1 priority 32768


configure stpd s1 add Default ports all
configure stpd s1 add SIP ports all
configure stpd s1 add DMZ ports all
configure stpd s1 add MetroE ports all
configure stpd s1 add WAN2 ports all

enable s1 auto-bind vlan Default
enable s1 auto-bind vlan SIP
enable s1 auto-bind vlan DMZ
enable s1 auto-bind vlan MetroE
enable s1 auto-bind vlan WAN2
configure s1 ports auto-edge on 3-16
enable stpd s1
0 Kudos
1 REPLY 1

exSMM
New Contributor

‎03-21-2019 05:04 PM

OP edited
0 Kudos
GTM-P2G8KFN