HPE Community
Aruba & ProVision-based
1752568 Members
5617 Online
108788 Solutions
New Discussion

Re: VLANs

 
StuartHawkins
Occasional Contributor

‎09-30-2015 07:48 AM

‎09-30-2015 07:48 AM

VLANs

I have a 5412zl server in my server room, and directly connected to that I have another 5412zl and two 2920-48G switches. The Internet router (Juniper) is currently the default gateway and is plugged in to the server room switch. The HP stuff has all been put in within the last month and at the moment there are no VLANS or anything setup.

 

I want to have two VLANs, VLAN 1 and VLAN 2 across all my switches, both of which will talk to the same DHCP server but require completely different IP ranges. Can anyone recommend a document which will take me through (what I thought would be) this relatively simple setup please? All the ones I find seem to cover massively complicated setups, or just use one switch and don't mention ip helpers for the DHCP side of things.

 

Also, would it be wise to make the switch in the server room the default gateway?

 

Thank you

 

Stuart

0 Kudos
7 REPLIES 7
johnk3r
Respected Contributor

‎09-30-2015 08:58 AM

‎09-30-2015 08:58 AM

Re: VLANs

I understand.

The gateway of VLANs must be the switch or Juniper? There are several ways to meet your need ...

**************************************
ATP FLEXNETWORK V3 | ACSA
0 Kudos
Vince-Whirlwind
Honored Contributor

‎10-11-2015 07:16 PM

‎10-11-2015 07:16 PM

Re: VLANs

You need to worry about the design before you think about configuration steps.

 

It sounds like you will have 2 client VLANs, so you probably want 4 VLANs total.

VLAN10 Clients1

VLAN20 Clients2

VLAN50 Edge

VLAN99 MGMT

 

It sounds like the 5412 in your server room is your "core".

 

So you need to enable IP routing on the "core" and disable it on the 2nd 5400 and the 2920s.

You need to create all 4 VLANs on your core, and give each one the IP address that will be used a the router for that subnet, eg, 

VLAN10 Clients1 - 10.1.10.1/24

VLAN20 Clients2 -  10.1.20.1/24

VLAN50 Edge        - 10.1.50.1/24

VLAN99 MGMT     - 10.1.99.1/24

 

Now, you need to address the Juniper router with 10.1.50.2 on its "internal" interface.

You need to ad the following routes to the Juniper router:

10.1.10.0/24 --> 10.1.50.1

10.1.20.0/24 --> 10.1.50.1

And you need to put a default route on your core:
0.0.0.0/0 --> 10.1.50.2

 

Now, your DHCP server will be either on one of your client VLANs, or on your MGMT VLAN. All other VLANs that require DHCP will need an IP helper configured on thei rIP interface on the "core", pointing at the DHCP server IP address.

 

Now you need to span your MGMT VLAN out to each of the other switches, so on the "core" switchports that the other switches are patched to, add VLAN99 as a "tagged" VLAN. At the remote end of each of those links, the other switch will need VLAN99 created an added as a "tagged" VLAN to the connecting switchports, also assign each switch with a 10.1.99.x ip address so you can manage them via ssh/telnet/web/IMC/SNMP/etc....

 

Depending on where you need VLAN10 & VLAN20, span them out in the same way.

 

Vince-Whirlwind
Honored Contributor

‎10-11-2015 07:18 PM

‎10-11-2015 07:18 PM

Re: VLANs

Oops, left this out:

Patch the Juniper router into your "core" switch and assign that switchport as "untagged" in VLAN50.

0 Kudos
StuartHawkins
Occasional Contributor

‎10-12-2015 02:08 AM - edited ‎10-12-2015 02:20 AM

‎10-12-2015 02:08 AM - edited ‎10-12-2015 02:20 AM

Re: VLANs

That's a very good looking reply, there is however one small problem which I probably should have mentioned in my original post. The Juniper is owned by the local authority and I cannot get in to it to configure it at all, and the LA won't either.

 

Just to add to the confusion, I've now found out that for one of my IP ranges; let's say 10.163.2.0/23 (giving me 10.163.3.0 too) has to go through port 6 on the Juniper to get to the Internet and the other; let's say 10.167.65.0/24 (which we have never used before and I've only recently found out is available to us) has to go through port 7 on the Juniper to get to the Internet.

 

My DHCP server will be a Windows server in 10.163.2.0.

 

Stuart

0 Kudos
Vince-Whirlwind
Honored Contributor

‎10-12-2015 03:12 PM

‎10-12-2015 03:12 PM

Re: VLANs

Well, that doesn't sound ideal.

 

What I would do, if I was keen on managing my own network properly, is I would

 - use 10.163.2.0/23 as a point-to-point network from my network to this LA Juniper

 - create my own networks on my infrastructure

 - NAT everything on the 10.163.2.x switch interface that faces the Juniper.

StuartHawkins
Occasional Contributor

‎10-13-2015 12:18 AM

‎10-13-2015 12:18 AM

Re: VLANs

That may well be the way to go, and thank you, but I'm still after this elusive document or guide which will simply tell me how to get three or four VLANs around my edge switches in to my core switch where all the servers are. All the ones I can find assume either you've got one switch (too simple), or servers on all the switches (too complicated). Presumably I can set it up as the default gateway, and make it forward all Internet traffic on to the Juniper?

 

Thank you

 

Stuart

0 Kudos
forgeddit
Established Member

‎10-13-2015 03:28 PM

‎10-13-2015 03:28 PM

Re: VLANs

Sure, but if they won't change the config on the LA Juniper, then nothing will route back from the Juniper to any subnet other than the one they have given you. And if you configure any routing within any of the subnets they have given you you will end up with asymmetric routing as the Juniper interface will always send frames directly to the destination host regardless of how you route packets in the opposite direction.

 

If you want to use both subnets they have given you, then you need to patch each of the Juniper interfaces into your switch. Configure one of the ports as VLAN10, and the other as VLAN20. (Presumably untagged).

Then, on the switchports where you have a link to another switch, just add VLAN10 & VLAN20 as tagged VLANs. Then do the same thing at the other end of the link on the remote switch.

Then, on any switch where you patch in a host, configure its switchport as untagged in VLAN10 or 20, depending on which subnet the host belongs to.

The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.