HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 2910al VLANs and Routing

 
Piet-KTUU
Occasional Visitor

Procurve 2910al VLANs and Routing

Greetings...

I'm in the process of expanding my network out to various sites, and I would like to make use of my 2910al(s) to do some VLAN routing. All my sites contain HP Procurve 2910al either 24 Port or 48 Port.

Primary Site (PS)  is connected to the main intranet and then contains 5 VLANs (111-115) that are intranet routable and 5 VLANS (511-515) that aren't. For the purposes of this discussion let's say that all VLANs are  /24. (192.168.10.11-15) (172.16.100.11-15)

Remote Site #1 (RS1) has all 5 VLANS plus VLAN 511,512,5113 and is connected to PS

Remote Site #2 (RS2) has all 5 VLANS plus VLAN 511,512 and is connected to RS1 and PS

Remote Site #3 (RS3) has all 5 VLANS plus VLAN 514,515 and is connected to PS

Remote Site #4 (RS4) has all 5 VLANS plus VLAN 514,515 and is connected to RS3

Remote Site #5 (RS5) has all 5 VLANS plus VLAN 515 and is connected to RS4

Remote Site #6 (RS6) has all 5 VLANS plus VLAN 514 and is connected to RS4

So basic questions:

#1. How do I make it so that the 5 VLANs are intranet routable and the other 5 internal VLANs are isolated?

#2. Are there any Gotcha's in this scenario that I need to be aware of?

Thanks.

- Piet

1 REPLY
Vince-Whirlwind
Honored Contributor

Re: Procurve 2910al VLANs and Routing

It's a bit difficult figuring out what your proposed setup us.

You talk about VLANs, so do we assume you are talking about Layer2 links joining the sites?

I would say your first step is to come up with a network diagram which reflects how the sites are joined together with all relevant links and IP addressing on it.

If it is a Layer2 network, then maybe you have routing enabled on the main site and not on any of the other switches, and so you can have access list just on the Main site switch.

Still, you seem to be using VLANs for security - this was what was done prior to about 1993 when Windows NT came out. Since then, security is done on the hosts using rights and permissions.
Networking manuals to this day perpetuate the notion that VLANs should be used for security. It's nonsense.