Aruba & ProVision-based
1748033 Members
4690 Online
108757 Solutions
New Discussion

Procurve 2910al VLANs and Routing

 
Piet-KTUU
New Member

Procurve 2910al VLANs and Routing

Greetings...

I'm in the process of expanding my network out to various sites, and I would like to make use of my 2910al(s) to do some VLAN routing. All my sites contain HP Procurve 2910al either 24 Port or 48 Port.

Primary Site (PS)  is connected to the main intranet and then contains 5 VLANs (111-115) that are intranet routable and 5 VLANS (511-515) that aren't. For the purposes of this discussion let's say that all VLANs are  /24. (192.168.10.11-15) (172.16.100.11-15)

Remote Site #1 (RS1) has all 5 VLANS plus VLAN 511,512,5113 and is connected to PS

Remote Site #2 (RS2) has all 5 VLANS plus VLAN 511,512 and is connected to RS1 and PS

Remote Site #3 (RS3) has all 5 VLANS plus VLAN 514,515 and is connected to PS

Remote Site #4 (RS4) has all 5 VLANS plus VLAN 514,515 and is connected to RS3

Remote Site #5 (RS5) has all 5 VLANS plus VLAN 515 and is connected to RS4

Remote Site #6 (RS6) has all 5 VLANS plus VLAN 514 and is connected to RS4

So basic questions:

#1. How do I make it so that the 5 VLANs are intranet routable and the other 5 internal VLANs are isolated?

#2. Are there any Gotcha's in this scenario that I need to be aware of?

Thanks.

- Piet

1 REPLY 1
Vince-Whirlwind
Honored Contributor

Re: Procurve 2910al VLANs and Routing

It's a bit difficult figuring out what your proposed setup us.

You talk about VLANs, so do we assume you are talking about Layer2 links joining the sites?

I would say your first step is to come up with a network diagram which reflects how the sites are joined together with all relevant links and IP addressing on it.

If it is a Layer2 network, then maybe you have routing enabled on the main site and not on any of the other switches, and so you can have access list just on the Main site switch.

Still, you seem to be using VLANs for security - this was what was done prior to about 1993 when Windows NT came out. Since then, security is done on the hosts using rights and permissions.
Networking manuals to this day perpetuate the notion that VLANs should be used for security. It's nonsense.