HPE Community
Aruba & ProVision-based
1752810 Members
5995 Online
108789 Solutions
New Discussion

Re: WLAN VLAN for ProCurve 3400cl...

 
tropolite
Occasional Advisor

‎07-17-2012 02:16 PM

‎07-17-2012 02:16 PM

WLAN VLAN for ProCurve 3400cl...

 

A noobie to VLAN configuration and network architecture so first up apologies if this is an easy question or answered in other threads but I don't really know what I'm looking for to begin with.

 

I have a ProCurve 3400cl 48pt. Only the primary VLAN is configured.

On our DC Server (Win2008R2) we have a primary DHCP zone IP of 192.168.1.xx

 

Scenario: We've installed a new WLAN infrastructure. I want the WLAN users to receive a new IP address (newly configured zone on DHCP), IP range 192.168.5.xx (a separate NIC on the DC Server is configured for this IP).

 

I understand the ProCurve 3400cl can be setup for VLAN and and route traffic (to negate the need for using a separate router)?

 

I wish to setup a VLAN (#50), for ports 41 & 42 so I can connect our WLAN management appliance (Zone Director), to pt 41 and connect the DC NIC to pt 42, so that users logging into the WLAN will receive a 192.168.5.xx IP yet can still use our internet access, printers etc. The contractors that installed the WLAN hardware did say something about 'trunking' which I don't understand.

 

Here's hoping that I've explained my scenario reasonably and that it is easy for those here to move me in the right direction.

 

Appreciate any guidance/direction in configuring this...

 

regards

tropolite

0 Kudos
11 REPLIES 11
paulgear
Esteemed Contributor

‎07-17-2012 05:30 PM

‎07-17-2012 05:30 PM

Re: WLAN VLAN for ProCurve 3400cl...

Trunking (in this context) means putting multiple VLANs on the same port, using 0 or 1 untagged VLANs, and 1 or more tagged VLANs.  (As opposed to the ProCurve CLI, in which trunking means link aggregation.)

 

I'm not sure how your Ruckus gear is set up, but the way i've seen it done usually is that the wifi access points are plugged into an untagged port on a wireless management VLAN, and then also tagged with the data VLANs on which the clients will actually be placed (VLAN 50 in your case).  Then depending on the SSID the user connects to, they will be put in an appropriate VLAN.  (This is so you can run multiple SSIDs on different VLANs to segregate staff & guests, or other similar setups.)

 

The Zone Director then should be on the wireless management VLAN to talk to all the access points, and on another VLAN (probably the default in this case) for you to manage it (and possibly to connect to remote RADIUS servers and the like).

 

The 3400cl can be set up to route between the VLANs.  If you do this, you don't need a second NIC in the Windows server - you can just configure the switch as a DHCP relay and it will provide the necessary connectivity to the server.  If you would rather keep the second NIC, you may want to configure routing and firewalling on the Windows server instead of the switch.

 

You'll also need to configure your Internet gateway to know about the new wireless VLAN somehow, otherwise your wireless clients will have no Internet acces.  See http://h30499.www3.hp.com/t5/LAN-Routing/Beginner-s-guide-to-adding-an-IP-range/m-p/5667415 for a discussion about this - it sounds like your network is fairly similar to theirs.

 

I hope that points you in the right direction...

 

BTW, i would recommend using VLAN 5 rather than 50 if you're going to use the IP range 192.168.5.0/24.  Alternatively, use 192.168.50.0/24 if you want to stick with VLAN 50.  It will make your life easier if you make a standard that 192.168.X.0/24 maps to VLAN number X.

Regards,
Paul
0 Kudos
tropolite
Occasional Advisor

‎07-17-2012 07:27 PM

‎07-17-2012 07:27 PM

Re: WLAN VLAN for ProCurve 3400cl...

 

Hi Paul

Firstly and most importantly thank you for your time in responding to my plee.

 

You have certainly given me some excellent suggestions/conventions to use. I like your suggestion of using the 3400cl to route between the VLANS. This sounds like a simpler solution to utilizing another NIC on the DC.

 

Zone Director is directly connected to a PoE switch and in turn this switch is connected to port 41 on the 3400cl (Zone Director and APs for management purposes are assigned IPs from the primary zone 192.168.1.xx (undistributed segment of the IP range)

 

To configure the 3400cl switch as a DHCP relay, if I am reading your post correctly, I would follow the thread you have linked for me? If not, can you dotpoint the process of doing this based on the details of our infrastructure?

 

Yes, I will need to configure ISA to allow the new IP range access (at the moment that is the least of my concern, but thank you for reminding me)  :-)

 

I will change the VLAN ID# to match our WLAN IP address as you suggest, that is a great recommendation.

 

Once again Paul thank you in advance for your much appreciated input and direction.

 

regards

tropolite

0 Kudos
paulgear
Esteemed Contributor

‎07-18-2012 01:18 PM

‎07-18-2012 01:18 PM

Re: WLAN VLAN for ProCurve 3400cl...

The thread i linked talks about the issue of getting a route to your new range onto your Internet gateway. It doesn't directly address DHCP relays. For that you need to set up a scope/range on your DHCP server, and use 'ip helper-address 192.168.1.x' on the new VLAN to point clients on that VLAN to the DHCP server. And obviously, you'll need routing set up as well.

Advice: get routing working on the switch with static IPs before you play with the DHCP relay stuff.

There's plenty of good info about DHCP relay in the Advanced Traffic Guide manual: http://www.hp.com/rnd/support/manuals/3400cl.htm
Regards,
Paul
0 Kudos
tropolite
Occasional Advisor

‎07-22-2012 06:28 PM

‎07-22-2012 06:28 PM

Re: WLAN VLAN for ProCurve 3400cl...

Hi Paul

Just got back to work... thanks for the suggestion on direction and the link.

I have a new zone already created for the WLAN IPs but will do as you suggest first.

 

Appreciate your expert suggestions.

Cheers

tropolite

0 Kudos
tropolite
Occasional Advisor

‎07-24-2012 12:29 AM

‎07-24-2012 12:29 AM

Re: WLAN VLAN for ProCurve 3400cl...

Hi Paul

 

Sadly I've hit a brick wall but I'm somewhat pleased with my progress as I 'think' I've been able to configure most of what I needed to on the 3400CL (albiet wrong as it still isn't doing what I need it to do).

 

My noobism is getting in the way.

 

Here's settings as I have them,

3400CL has an IP on the primary VLAN 10.0.1.xx

Default gateway 10.0.1.xx (correct Gateway)

IP Routing

Default VLAN (1) Untagged 1-48

IP Address 10.0.1.xx   255.255.255.0 (same as primary VLAN address)

IP helper-address 10.0.1.xx (same as DHCP Server) (hoping not to use second NIC as per your first post)

WLAN VLAN (50)

IP Address  10.0.50.x2  255.255.255.0 (changed DHCP Zone as your recommendation in first post)

IP helper-address 10.0.50.x1

tagged 41-42  (port 41 is Zone Director)

 

Other APs and ZD are all using undistributed IPs from the primary VLAN accross other switches indirectly connected to the 3400CL.

 

Zone Director is connected to port 41, however I do not get an IP of 10.0.50.xx assigned. Our ISA Server is configured to allow the network ranges of 10.0.1.xx and 10.0.50.xx.

 

The ZD WLAN SSID that I'm attempting to connect to is configured to use VLAN 50.

 

I hope I've covered the details for you to hopefully pinpoint where I've gone unwired (pun intended).

 

If you have a moment, I'd appreciate your input Paul.

 

Regards

tropolite

 

0 Kudos
paulgear
Esteemed Contributor

‎07-24-2012 04:17 AM

‎07-24-2012 04:17 AM

Re: WLAN VLAN for ProCurve 3400cl...

I think this is going to work a lot better if you post your config, preferably with the ports named.

A few quick points, though:

  • You don't need 'ip helper-address ...' on the VLAN that your DHCP server is on (although it shouldn't hurt anything).
  • Your 'ip helper-address ...' on VLAN 50 must be the IP of the DHCP server on VLAN 1 if your DHCP server is going to stick with a single NIC.
  • I'm not sure what you mean by "undistributed IPs".  If ports 1-48 are all untagged on VLAN 1, then the ZD will get an IP address on VLAN 1.

 

Regards,
Paul
0 Kudos
tropolite
Occasional Advisor

‎07-24-2012 07:08 PM

‎07-24-2012 07:08 PM

Re: WLAN VLAN for ProCurve 3400cl...

 

Hi Paul

 

Firstly, I've changed the IP helper-address on VLAN 50 as the IP for the DHCP Server - 10.0.1.14

'Undistributed IPs' is an allocation of IPs not distributed automatically via DHCP (shouldn't really matter but thought I'd add this just in case it did).

 

As suggested (I hope) following are the relevant named ports etc..

Default VLAN#1

 

pt#31-32 DC Server / DHCP Server

pt#41 Zone Director (VLAN#50) tagged

pt#45-46 Switches (other layer 2 switches with APs connected all on Default VLAN #1)

 

ip default-gateway: 10.0.1.4

ip routing: enabled

DHCP-Relay: Enabled

Option 82: Enabled

Response Validation: Enabled

Option 82 handle policy: append validate

Remote ID: mac

 

vlan #1

name "Default_vlan"

untagged #1-48

ip address 10.0.1.35 255.255.255.0

 

vlan #50

name "WLAN"

ip address 10.0.50.2 255.255.255.0

ip helper-address 10.0.1.14 (DHCP Server address)

tagged #41

 

The single NIC on the DHCP server has been configured with the 10.0.50.1 IP in the advanced settings

DHCP Zone (10.0.50.01-254), is active with the Scope Options set the same as the primary zone (i.e. 003 Router 10.0.1.4, 006 DNS Servers 10.0.1.14, 015 DNS Domain Name xxxxx.xxxx).

 

Zone Director's SSID that I'm testing is configured for VLAN #50. I have another SSID group that uses the default vlan #1 (which retrieves an IP without issue).

 

That is all the relevant information I can see.

Hopefully there is enough here to pinpoint what I've got wrong, I'm guessing the issue is to do with way I have set the DHCP relay?

 

Again I appreciate your patience and time Paul.. I have learnt quite a bit since starting this exercise.

 

regards

tropolite

0 Kudos
paulgear
Esteemed Contributor

‎07-30-2012 11:02 PM

‎07-30-2012 11:02 PM

Re: WLAN VLAN for ProCurve 3400cl...

One problem i can see with your config is the router for VLAN 50 - it must be an address on VLAN 50.

Regards,
Paul
0 Kudos
tropolite
Occasional Advisor

‎07-31-2012 01:55 AM

‎07-31-2012 01:55 AM

Re: WLAN VLAN for ProCurve 3400cl...

 

Thanks Paul, but I'm still missing something. I clearly need training in Networking.

 

I've appreciated your time mate.

 

regards

tropolite

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.