Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Changing VLAN from "Device Type" to "Floor" - Help with config change

 
Highlighted
Collector

Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi,

 

This is my first post on the HP Community Forum, I'm hoping I can get some pointers from the gurus and experts on some VLAN queries that I have.

 

Currently we have HP ProCurve switches all over our building and we have VLANs set up throughout and everything is working great, however we are going through a rapid growth spurt and our current setup cannot provide adequately for us.

 

We have our VLANs set up on a "per device type" basis:

 

VLAN 4: Servers

VLAN 5: Workstations (PCs, laptops, etc)

VLAN 8: RF WIFI (handheld guns in the warehouse)

VLAN 9: Printers

 

Our "core" switch is a 2910 and it has a dedicated NIC for each VLAN that acts as the gateway IP for each subnet, this is as follows:

 

VLAN 4: 172.16.1.250

VLAN 5: 172.16.2.250

VLAN 8: 172.16.3.250

VLAN 9: 172.16.4.250

 

We have a Windows 2008 server (Domain Controller) that is our DHCP server and inside our SuperScope we have 4 scopes for each subnet. The Workstation scope is the only scope that has available addresses to dynamically distribute with the other 3 scopes locked down and using reservations to allow devices to communicate on our network. For example printers have a reservation for VLAN 9 and so the scope assigns the IP address to the device, all fairly standard stuff so far.

 

Now, we have multiple floors with switches on each floor and switches also present in our warehouse, these are all ProCurve 2810s and/or 2910s and we have stacked switches on most floors. With the introduction of mobile devices (iPhones, iPads, Androids, etc) what we are seeing is the workstation VLAN is getting hammered and will regularly get very close to running out of free IP addresses, while VLAN 9 for example has hundreds of IP addresses at its disposal but they are not available due to the way we have it set up.

 

It is painfully evident that this method is not suitable for us and I have proposed a change of VLAN set up from its current state of "per device type" and to change that up and create a new VLAN set up that has a VLAN for each floor. So the VLAN set up would be:

 

VLAN 4 - Servers (This would stay the same, we do not want to change the IP structure of our servers)

VLAN 5 - Lower Ground Floor

VLAN 6 - Upper Ground Floor

VLAN 7 - Ground Floor

VLAN 8 - Level 1

VLAN 9 - Level 2

VLAN 10 - Warehouse

VLAN 11 - Graphics Studio

 

The subnets would be defined as:

 

VLAN 4 - 172.16.1.x  (No change as previously explained)

VLAN 5 - 172.16.5.x

VLAN 6 - 172.16.6.x

VLAN 7 - 172.16.7.x

(You see the pattern here)

 

The VLAN IP Addresses for each interface would be:

 

VLAN 4 - 172.16.1.250 (No change to server VLAN setup)

VLAN 5 - 172.16.5.250

VLAN 6 - 172.16.6.250

VLAN 7 - 172.16.7.250

etc

 

DHCP would change also, I would anticipate that the SuperScope would disappear and a scope for each VLAN would be separately created on our DHCP server.

 

This would give us a huge increase in available addresses and would alleviate the pressure our DHCP server is experiencing under our current setup.

 

As we already have Pro Curves in production and already in the desired locations the "heavy lifting" side of the work is already done, we just need to:

 

1. Create each VLAN on our core switch;

2. Assign the IP address to the interface (following the same IP address convention);

3. Set the IP helper address for each VLAN to be the IP address of our DHCP server;

4. Add the VLAN IDs to the relevant floor switches;

5. Untag the ports on each switch with the relevant VLAN ID;

6. Test a device on each floor to make sure that they:

     a) Get the right IP address;

     b) Can communicate with a device on each VLAN/Floor but most importantly communicate with the server VLAN.

 

Now I know you're all thinking "yes, yes I understand that's all good but where's your question!!??". OK well here are my questions:

 

1. Is my logic correct?

2. Have I missed any crucial steps?

3. What stops a device on the Lower Ground floor (VLAN 5) from getting an IP address from a scope not in its VLAN? I know this might be a stupid newby question but I cannot understand how if I am user "John Doe" and I have a laptop and I live on the lower ground floor, my VLAN would be VLAN 5 and so I should get an IP address from the DHCP scope of the same subnet, but is there a danger that for some reason I get an IP address from the "level 1" scope for example? As you can probably already see this is the biggest stumbling block I have.

 

I apologise for the long post, I wanted to give as much information as possible in the hope that I get the most direct answer.

 

I appreciate any advice you can give and look forward to a healthy conversation about my post.

 

Thanks guys.

 

Jamie

 

7 REPLIES 7
Highlighted
Trusted Contributor

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi Jamie,

 

Your logic is correct and what you outline should work fine.

 

DHCP ip helper address works as follows...

 

When a DHCP request comes in on the switch's VLAN interface, the receiving device will take that DHCP broadcast and forward it as a unicast to the address configured in the ip help-address.  The L3 device will put it's own interface address in the giaddr field of the request packet.  This will allow the DHCP server to determine which pool of addresses to use to service the request.

 

Because of this you should not have any issues with incorrect IP addresses being issued to the wrong VLAN - unless of course you incorrectly configure the edge port :)

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
Highlighted
Valued Contributor

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

The above description of IP helpers is correct.

 

Just a thought - for the network you are describing the there might just be a better choice of core switch than the 2910. Although a 2910 can route, a fully featured L3 switch such as a 5400zl would give you benefits such as multicast-routing, dynamic routing, routed ACLs and redundant PSUs.

 

Pete

Highlighted
Collector

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi Chrisd131313,

 

Thanks for your reply and confirmation that I'm on the right track it's comforting to know I somehow know what I'm talking about.

 

Stupid question, but what is the Edge port?

Highlighted
Collector

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi Pete,

 

Thanks for your reply, I wish we had the luxury of introducing new gear but we're stuck with what we have however I feel confident that the equipment can do what we're trying to achieve.

 

Cheers,

 

Jamie

Highlighted
Collector

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi Guys,

 

I have another question, with the only Layer 3 switch at my disposal being our "core switch" (2910) and all other switches in the office and warehouse being layer 2 (2810's) does this stop my plan from coming to fruition?

 

I am being asked "What switch layer am I planning on this working with" and I'm not sure how to answer it.

 

I know the 2910 is a layer 3 and as it will be housing the new interfaces and VLANs my answer is that the 2810s merely serve as "message passers" and direct the traffic to the VLAN interfaces on the 2910 based on the VLAN port tagging.

 

Am I correct in what I am saying? Can someone provide a more complete answer to my question if I am wrong?

 

Thanks.

Highlighted
Valued Contributor

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Jamie,

 

From what I have read, you seem to have all the pieces to make a basic multi-VLAN architechture work:

  • L3 capable switch in core
  • IP helpers configured on VLAN interfaces (usually on L3 switch)
  • 802.1Q capable switches at the edge
  • DHCP server configured with multiple scopes

 

A common misunderstanding around switches is the use of the L2/L3 terminology:

  • L3 switches have the ability to support multiple VLANs and can forward packets between nodes on different VLANs (i.e. routing).
  • L2 switches commonly have the ability to support multiple VLANs, however they cannot move packets between those VLANs themselves.

 

Be aware that your single core now becomes a single point of failure, and if/when it dies, you can't just chuck in that 2810 from under the desk and wait patiently for HP to ship the replacement. It might even be worth keeping hold of one of the old 2626/2650's as they were actually basic L3 switches and might save your back when the grim reaper calls in your 2910.

 

Hope this helps,

 

Pete

Highlighted
Collector

Re: Changing VLAN from "Device Type" to "Floor" - Help with config change

Hi Pete,

 

Thanks for the clarification, I feel a whole lot better about my plan.

 

I do have one final question though, it appears that some switches are physically set in positions where they serve multiple floors, specifically our Level 1 and Warehouse locations. This will mean that the ports will have to be 100% identified and when the time comes the VLAN tagging (or untagging in HP's "logic") will have to be carefully set to allow eacyh floor to talk on the right VLAN and receive the correct IP addresses from our DHCP server.

 

Is it just a matter of making sure the VLANs are tagged correctly for each location? Is there more that needs to be done?