ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

New to ProCurve - VLAN Help

Nick_M
Occasional Visitor

New to ProCurve - VLAN Help

Example (not exact configuration):

 

Firewall: 10.200.0.1

 

Desktop and  Phone VLANs should be able to talk to each other, across switches

Guest Wifi VLAN should only be able to send traffic to default route (firewall)

 

 

3 2920 48G PoE+ w/ 10GbE module for uplinks between switches for a ring network

       trunk 1 between Switch 1 and Switch 2

       trunk 2 between Switch 2 and Switch 3

       trunk 3 between Switch 3 and Switch 1

 

 

Switch 1 = 1st Floor

Switch 2 = 2nd Floor East

Switch 3 = 2nd Floor West

 

 

Switch 1:

trunk A1-A2 trk1 trunk

trunk B1-B2 trk3 trunk

 

ip route 0.0.0.0 0.0.0.0 10.200.0.1

 

VLAN 1 ip address 10.200.0.101 / 255.255.0.0

                  untagged 1-48, trk1, trk3

 

VLAN 10

                name "Servers"

                ip address 10.200.1.1 / 255.255.255.0 

 

VLAN 1101

                name "Desktops 1st Floor"

                ip address 10.200.11.1 / 255.255.255.0

 

VLAN 1102

                name "Phones 1st Floor"

                ip address 10.200.12.1 / 255.255.255.0

 

VLAN 1103

                name "Guest Wifi 1st Floor"

                ip address 10.200.13.1 / 255.255.255.0 

 

 

 

Switch 2:

trunk A1-A2 trk1 trunk

trunk B1-B2 trk2 trunk

 

VLAN 10

                name "Servers" 

 

VLAN 1 ip address 10.200.0.102 / 255.255.0.0

                  untagged 1-48, trk1, trk2

 

VLAN 2101

                name "Desktops 2nd Floor East"

                ip address 10.200.21.1 / 255.255.255.0

 

VLAN 2102

                name "Phones 2nd Floor East"

                ip address 10.200.22.1 / 255.255.255.0

 

VLAN 2103

                name "Guest Wifi 2nd Floor East"

                ip address 10.200.23.1 / 255.255.255.0 

 

 

 

Switch 3:

trunk A1-A2 trk2 trunk

trunk B1-B2 trk3 trunk

 

VLAN 10

                name "Servers" 

 

VLAN 1 ip address 10.200.0.103 / 255.255.0.0

                  untagged 1-48, trk2, trk3

 

VLAN 2201

                name "Desktops 2nd Floor West"

                ip address 10.200.24.1 / 255.255.255.0

 

VLAN 2202

                name "Phones 2nd Floor West"

                ip address 10.200.25.1 / 255.255.255.0

 

VLAN 2203

                name "Guest Wifi 2nd Floor West"

                ip address 10.200.26.1 / 255.255.255.0 

 

 

 

I can send traffic between switches on VLAN1, what do I need to do to facilitate say sending traffic from Switch 2 VLAN 2101 to Switch 3 VLAN 2201?

 

Thanks for any assistance or help.

 

NM

3 REPLIES
Uma_Maheswar
Frequent Advisor

Re: New to ProCurve - VLAN Help

Tag trunks for all the required vlans

 

example :

Switch1(Config)# vlan 1101 tag trk1,trk3
Switch1(Config)# vlan 1102 tag trk1,trk3

 

But I suspect this configuration is wrong unless you have more than 254 users/phones on every floor or if your requirement is different than a normal configuration.

 

You have created dedicated voice and desktops vlans for every floor, good in a way to break the broadcast. But 0.0.0.0/24 is a small network and its good to keep all the desktops and phones individually in a single vlan if sufficient enough to maintain.

 

As you desire to have inter-vlan communication, you must extend all the vlans across all the three switches.

 

Plan and redesign if required. I mean, to use only 3 vlans across all the three switches. Or 9 vlans across all three switches.

 

Regarding Guest Wifi, implement ACL to block the communication to local networks

Nick_M
Occasional Visitor

Re: New to ProCurve - VLAN Help

Well about using more than one /24 for the configuration - I gave a base example. 

 

Here's what the topology will really look like.

 

Switch Stack 1 = 3x 2920 48G 

 

Switch Stack 2 = 4x 2920 48G

 

Switch Stack 3 = 4x 2920 48G

 

The first floor will have about 100 client systems ( most with laptops and end users have a habbit of keeping wifi turned on while docked / connected to LAN also, which ends up taking two addresses in the desktop pool).

 

The 2nd floor will have about 100 people on each side (east and west) also with some meeting rooms and training rooms that will see additional clients from time to time. 

 

This is why we're wanting multiple vlan's with separate subnets and routing between them.

Uma_Maheswar
Frequent Advisor

Re: New to ProCurve - VLAN Help

Acknowledged !

 

Then 2nd floor might need a /23 network for Laptops if the condition is similar to first floor (Docking and wireless on all the time)

 

Hope your doubt on trunk is clarified. 

 

Do enable a Voice command inPhones Vlan for Voice Prioritization