First time poster here. I am trying to solve an issue where I need two different networks/subnets communicating between my Juniper firewall and my Cisco 2950 switch.
On the firewall I took two ports and split them up by assigning them seperate vlans (these are layer 3 ports). One vlan (port) is setup for network 10.1.1.x network, and the other is setup for 172.90.60.x. Communication is fine when I take a computer and setup a static IP in that range and connect it to the correct port on the firewall.
The problem is that we have a media converter coming into the main room that has both networks running on it and I need to split these up from our Cisco switch. Previous to implementing our firewall this media converter was plugged into our Cisco switch (all default config) and both networks on it could talk fine out to the ISP switch and to the internet.
I can plug in one of the vlan ports from the firewall into the Cisco switch and then plug in a test computer into a seperate port on the switch (correct static IP range on the computer) and it works fine. I can do the exact same thing for the other network and that also works fine. But when I try to plug in both ports from the firewall at the same time, it looks like it creates a loop and shuts the one port down.
How can I get this to work so I can have them communicate without creating a loop? Is it possible? What would the best way be to go about it? I really hope this setup works because there is no other solution that I can think of to firewall the two networks off of that one media converter.
Please see the attached PDF. That will show you exactly what I am trying to do. If you need me to provide any additional information or such, I will gladly do that. I really appreciate your expert advice and opinions.
It is little confusing what you are trying to do, but lets see if I can help you. You have 2 subnets (10.1.1.0 and 18.104.22.168)
I am assuming they are /24 subnets. Now, you have one subnet from one media converter going to the new switch and the other subnet going directly to the firewall. To make it simple, here is what I suggest, connect both media converters to the switch and keep the switch as a layer-2 device only. Create 2 vlans on the switch. Lets call them vlan 10 and vlan 20 and put each port that comes from each media converter in each of these vlans. Then trunk the connection between the switch and the firewall and create both vlans (10 and 20) on the firewall with corresponding ip subnets. Once this completely configured, you should be able to ping from one subnet to the other.
Thanks for digging into this issue. I did realize before I posted this question that it might be somewhat confusing. Sorry I didn't clarify it more.
I appreciate your suggestion, but I think it might be off in some aspects. In the PDF I should have just put one media converter instead of two in there to simplfy things. In other words, I could have got rid of media converter 1 and my problem would still be relevant.
I would just be working off of the one connection (media converter 2) which down the line, hosts computers using both networks. So with that one ethernet cable coming off of the media converter, I have to firewall both of these networks.
My though was to use the Cisco switch to split them into 2 connections/ethernet cables so that they could then go into the firewall as two seperate connections.
Juniper support told me that there is no way that I could configure the firewall to host both of these networks off of one port without turning it into a layer two switch (loss of security). They said that I would have to redesign the network after the firewall to get it to work. So it seems like I am stuck with definitively using two seperate ports on the firewall. Which means I have to run two ethernet cables back to the Cisco switch.
Hopefully this help clarify things. I'm not even sure it will work but it's the only idea I have right now.
To simplify it even more. I need this: two connections coming off of the firewall (each connection hosting a different subnet), going into the Cisco switch. Then one connection (coming off of the Cisco) hosting the traffic coming from the two connections off of the firewall, going to the one media converter. All of this functioning without creating a loop.
Hopefully this puts it into perspective a little better. Thanks much.