HPE Community
Switches, Hubs, and Modems
1752325 Members
6025 Online
108786 Solutions
New Discussion юеВ

Re: 2510-24

 
SOLVED
Go to solution
Alessandro_78
Regular Advisor

тАО05-15-2008 08:54 AM

тАО05-15-2008 08:54 AM

2510-24

Hi all.
I have a 2510-24 and I need to configure it this way:

port1 vlan1 + vlan2
port2 vlan1 + vlan2
port3 vlan1 + vlan2

port10 vlan2

port 25 vlan1
port 26 vlan1


port25 and port25 are uplink to another switch and Internet.

I need to connect one database server (port10) without Internet access, so without vlan1, and three servers with Internet access and with database access, so with vlan 1 and vlan2

How can I do this?

Actually I've done it in this way:

port1 vlan1 tagged vlan2 tagged
port2 vlan1 tagged vlan2 tagged
port3 vlan1 tagged vlan2 tagged

port10 vlan1 NO, vlan2 tagged

port25 vlan1 tagged, vlan2 NO
port26 vlan1 tagged, vlan2 NO

But it doesn't work.
I can't access the switch at all.

Any idea?
0 Kudos
15 REPLIES 15
cenk sasmaztin
Honored Contributor

тАО05-15-2008 09:44 AM

тАО05-15-2008 09:44 AM

Re: 2510-24

hi Alessandro

this configuration not working very normal...

you can make learn vlan config and tag ,untag port status.

1-very important vlan rule;one port only one vlan member :never one port happen two vlan member.

you config port 1 vlan 1 tag and vlan 2 tag
this port not member any vlan only vlan 1 and 2 carry information
you one port make member one vlan this port
for this vlan untag member

so please you think
untag state for vlan member
tag state cary vlan information

one port have state also vlan 1 untag also vlan 2 tag

your switch 2510 full L2 proparites switch not routing skill there for I think your network design.
I hope we not use vlan skill your system

you request:
I need to connect one database server (port10) without Internet access, so without vlan1, and three servers with Internet access and with database access, so with vlan 1 and vlan2

okeyyy please listen to me

2510 swith on very successfull working one protocol (source port filtering )

this protocol whit one or more ports between other ports trafic permit and deny

for example :

sw(config)# filter source-port 1,2,3 drop 10-20 forward 5-7

this command make port 1.2.3.with 10.11.12...20 not connection but port 5.6.7 connection

I hope understand ;)
good luck



cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-15-2008 10:02 AM

тАО05-15-2008 10:02 AM

Solution

Re: 2510-24

hi Alessandro
SORRY...
not working on 2510 source port filtering

its instead you make port protected port
please you read

Protected Ports: To provide internet access to users but prevent them from accessing each
other, use the protected-ports command. The command applies per-port and filters the
outbound traffic from the port. See ├в Configuring Protected Ports├в in the ├в Configuring and
Monitoring Port Security├в chapter of the Access Security Guide for more information.
cenk

Alessandro_78
Regular Advisor

тАО05-15-2008 11:42 AM

тАО05-15-2008 11:42 AM

Re: 2510-24

Hi, I don't understand you very well.
Can you post me an example configuration for doing what I'm trying to do?

I'll repeat:

I need to make two vlan inside a switch.

VLAN 1 with Internet connected servers
VLAN 2 with Database server.

How can I connect servers and database without connect database to internet?
0 Kudos
Alessandro_78
Regular Advisor

тАО05-15-2008 12:12 PM

тАО05-15-2008 12:12 PM

Re: 2510-24

Can I do the following:

port1 default_vlan untag, vlan2 tag
port2 default_vlan untag, vlan2 tag
port3 default_vlan untag, vlan2 tag
port4 default_vlan untag, vlan2 tag

port 10 default_vlan untag, vlan2 NO

port 25 default_vlan NO, vlan2 untag


If vlan2 is connected to internet (via port25) and if port 10 is connected to the database server, doing so I can connect port1,port2,port3,port4 to internet and to database server, database server only to default_vlan and NOT to the internet, and port 25 to the Internet and not to the database.

Is true?

After that, i must assign an IP to default_vlan to access the switch.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-15-2008 12:27 PM

тАО05-15-2008 12:27 PM

Re: 2510-24

no Alessandro not rue

tag port only carry vlan information not possible working your config
I again say one port only one vlan member

not working your config

I hope for server connection port-protect command
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-15-2008 12:33 PM

тАО05-15-2008 12:33 PM

Re: 2510-24

1.2.3.4 ports vlan 1 member port how goto internet (vlan2 tag command only for vlan 2 carry information )pc nic default vlan 1 untag member soo nic contain 802.1q protocol in this case you want select whic vlan member vlan this pc because only one vlan

good luck
cenk

0 Kudos
Alessandro_78
Regular Advisor

тАО05-15-2008 12:36 PM

тАО05-15-2008 12:36 PM

Re: 2510-24

I've read in the handbook that one port can belong to multiple vlan.

There is also an example very smiliar to mine that say that!
0 Kudos
Matt Hobbs
Honored Contributor

тАО05-15-2008 03:17 PM

тАО05-15-2008 03:17 PM

Re: 2510-24

You can do what you would like to do by configuring the port to be members of multiple VLANs, but you will need to configure those other 3 servers to also be VLAN aware and to set the correct VLAN ID in the NIC driver.

To make things easier though, I would do as Cenk suggests and to use the Protected Port feature instead. This will simply stop the database server from going out the uplink port. All devices will remain in the one VLAN which will keep things simple.
0 Kudos
Alessandro_78
Regular Advisor

тАО05-15-2008 11:31 PM

тАО05-15-2008 11:31 PM

Re: 2510-24

Could you post an example configuration?
I'm not an expert and with a configuration I'll understand much better.

In short: you are saying to protect the port connected to database server and NON protect all other ports?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.