Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

 
Highlighted
warmad
Visitor

Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

I have a HP 1920 layer 3 switch and i have two HP Procurve 2530 switches. I want to set up 3 different VLANS on each layer 2 switch. the first layer 2 switch will have VLAN 200, 300 and 400. The second layer 2 switch will have VLAN 500,600 and 700. Do i set up the Layer 3 switch as VLAN100? and tag a port from each of the layer two switches that would physically connect to the layer 3 switch? Do all the VLANS get their own ip subnet like Vlan 100 is 192.168.1.xxx, VLAN 200 would get 192.168.2.xxx, VLAN 300 would get 192.168.3.xxx...etc? I want to put my servers, printers and the firewall on the Layer 3 switch. Is that ok? Lastly, if my servers are on the same ip subnet like 192.168.1.xxx how do they talk to the pc's on all the different VLANS with different ip subnets? Thank you.

9 REPLIES 9
Highlighted
Vince-Whirlwind
Honored Contributor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

The 1920 will be where all your routing is performed, so yes, 

On the 1920,
- create VLAN 99 192.168.99.1/24 "management"
- create VLAN 100 192.168.1.1/24
- create VLAN 200 192.168.2.1/24
- create VLAN 300 192.168.3.1/24
... etc
- on the uplink to 2530#1, tag VLANs 99,200,300,400
- on the uplink to 2530#2, tag VLANs 99,500,600,700
- ip route 0.0.0.0 --> firewall

On 2530#1
 - create VLANs 100,200,300 (no IP address)
 - create VLAN 99 192.168.99.11/24 "management"
 - on the uplink to the 1920, tag VLANs 99,200,300,400
 - on the Access switchports, untag VLAN 200 OR 300 OR 400, as required
 - ip default gateway 192.168.99.1

etc...

All your hosts should use the .1 address in their subnet as their default gateway.

Highlighted
16again
Respected Contributor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

48 ports model of hp1920 can only handle 256 MAC addresses.
Smaller models can only handle 60 addresses.

I'd start by counting all hosts on all VLANS combined , to decide if you need a more powerful L3 switch.  

Highlighted
warmad
Visitor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

With that setup my next questions are.  1. Do i need to add routes from my firewall to those VLAN IP's?  S

2. Since my DHCP and DNS servers, printers are currently on 192.168.1.0 network do i manually need to go to each pc on all the different ip subnets and give them ip's, subnet and default gateway?  or can my windows server 2012 give out ip's using DHCP?  or does the Layer 3 switch do DHCP?  I just want any pc plugged into any vlan able to access the servers and printers.  Thank you.

warmad
Visitor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

I have a total of 40 users.

Highlighted
Vince-Whirlwind
Honored Contributor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

That seems like an awfully large number of VLANs for just 40 users.

The textbooks *still* present VLANs as a method of segregating functional business units. This is wrong.
Segregation of business units just isn't necessary anymore, since Windows NT4 gave you the ability to authenticate users properly and authorize their access to resources. 
(That was almost 25 years ago. The textbook writers just don't work in the real world).
In actual fact, planning VLANs as per the textbooks is very poor design - the thing you *don't* want is VLANs that span many switches.

You should have one VLAN for DATA, or, one VLAN for DATA per switch
You should have one VLAN for VOICE, or one per switch.
You might want a seperate VLAN for management.
You should have a separate VLAN for the connection to your Firewall.

And as per the above advice, a 1920 isn't really a "core" switch, but it should do for you, assuming you don't have any fancy-pants systems that do high-throughput data transfers.
Remember you are going to have more MAC addresses on your network than users.

As far as DHCP goes, you put an IP-helper address on each VLAN interface on your "core" which identifies the IP address of your DHCP server. (Not needed on the VLAN the server itself is on though).

Highlighted
warmad
Visitor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

Oh, Boy.  I was under the imression that by having multiple VLANS on the three switches i could limit the domain broadcast and only traffic within each VLAN would only be seen by the pc's of those VLANS.  With the HP 1920 switch i cannot log in the CLI.  It says wrong password.  I find no where in the web interface of the 1920 switch to add a helper address for each VLAN.

Highlighted
16again
Respected Contributor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

GUI:

On Network, DHCP,  DHCP-relayTAB:  
1) Enable DHCP server
2) add your DHCP server to group
3) Enable relay per interface

The GUI isn't supported...officially.  You can enter it from telnet/SSH session with commands below, but using it might close the door on future support requests at HP support.

_cmdline-mode on
y
Jinhua1920unauthorized
system-view

 

Highlighted
Vince-Whirlwind
Honored Contributor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

Yes, VLANs allow you to prevent PC NICs from seeing other PC NICs' frames sent to broadcast MACs.

A PC NIC can cope with seeing the broadcasts on a LAN with hundreds or even thousands of other devices.

As a risk-management exercise, however, cutting each broadcast domain back to a single switch (or switch-stack) with, say, <200 hosts makes for nice easy management.

Highlighted
-TM-
Advisor

Re: Configure HP 1920 Layer 3 and HP Procurve 2530 Layer 2 switch with VLANS

 With the HP 1920 switch i cannot log in the CLI.

The default is telnet service. If you enable ssh service, you still need to add ssh as access method to the user. Otherwise it keeps saying : "wrong password"