HPE Community
Switches, Hubs, and Modems
1753782 Members
7345 Online
108799 Solutions
New Discussion юеВ

Appropriate use of VLAN tagging vs. untagging when uplinking

 
Ben02
Occasional Advisor

тАО11-24-2009 09:18 AM

тАО11-24-2009 09:18 AM

Appropriate use of VLAN tagging vs. untagging when uplinking

Hi,

I have four switches: 1 x HP 5412, 2 x HP 2810's, and 1 x 5406. The 5412 and 2810's are located at Site#1. Each 2810 is uplinked to the 5412 using a single GBIC port. The 5406 is located at Site#2. Site#1 is connected to Site#2 using a 10GB fiber connection utilizing port F1 on the 5412 and port C1 on the 5406.

I have four vlans: Data, SAN, Voice, and Access. All four vlans are configured on the 5412 and 5406; however, the 2810's are only configured with the SAN vlan.

I want to segregate the traffic on the vlans. In particular, I don't want anything to see the SAN vlan except members of that vlan. However, this also means that SAN vlan members at Site#1 must be able to communicate with SAN vlan members at Site#2 by going over the 10GB fiber connection.

Right now, every port on the 2810's is "untagged" including the uplink ports to the 5412. On the 5412, the two incoming connections from the 2810's (Ports e13 and e23) are "untagged" on the SAN vlan. Ports A1-A12 are "untagged" for the SAN vlan on the 5406 at Site#2. Port F1 on the 5412 and Port C1 on the 5406 are "tagged" members of the Access vlan.

I have connectivity between the SAN ports at both sites; however, I want to know if my configuration is correct/complete for what I am trying to accomplish? Do I need to setup access groups to prevent the other three vlans from accessing the SAN vlan? If so, what additional commands are necessary?

Some configs and diagram are provided below.

I REALLY APPRECIATE YOUR HELP!

HP 5412 - sh run
vlan 1
name "Data"
untagged A3-A12,B1-B24,C1-C24,D1-D24,E1-E12,E14-E22,E24,F2-F4
ip helper-address 10.2.x.x
ip address 10.2.x.x 255.255.0.0
no untagged A1-A2,A13-A24,E13,E23,F1
exit
vlan 3
name "SAN"
untagged A1-A2,E13,E23
ip address 192.168.2.1 255.255.255.0
jumbo
exit
vlan 26
name "Access"
untagged F1
ip helper-address 10.2.x.x
ip address 10.254.x.x 255.255.255.252
tagged E1-E24
exit
vlan 2
name "Voice"
untagged A13-A24
qos priority 6
ip helper-address 10.2.x.x
ip address 172.16.x.x 255.255.254.0
tagged B1-B24,C1-C24,D1-D24,E1-E24,F1
voice
exit

HP 2810 - sh run
vlan 1
name "DEFAULT_VLAN"
no ip address
no untagged 1-24
exit
vlan 3
name "SAN"
untagged 1-24
ip address 192.168.x.x 255.255.255.0
jumbo
exit

HP 5406 - don't have config available.


0 Kudos
3 REPLIES 3
Ben02
Occasional Advisor

тАО11-24-2009 09:22 AM

тАО11-24-2009 09:22 AM

Re: Appropriate use of VLAN tagging vs. untagging when uplinking

Quick correction to the original thread: **Port F1 on the 5412 and Port C1 on the 5406 are "UNTAGGED" members of the Access vlan. **
0 Kudos
cenk sasmaztin
Honored Contributor

тАО11-25-2009 06:55 AM

тАО11-25-2009 06:55 AM

Re: Appropriate use of VLAN tagging vs. untagging when uplinking

please send me all switch config and don't use x character
cenk

0 Kudos
Ben02
Occasional Advisor

тАО12-11-2009 08:53 AM

тАО12-11-2009 08:53 AM

Re: Appropriate use of VLAN tagging vs. untagging when uplinking

I have resolved this issue.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.