- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Configuring VLANs with HP Procurve 5412zl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2009 12:10 AM
тАО02-23-2009 12:10 AM
I was assigned to to create two VLANs for our wireless network. The other is for our company employees and the other for guests. The guest vlan is on DMZ. We have altogether 3 WLAN access points that are connected to ports A12-A14. The Firewall's DMZ port is connected to port A2 on the switch.
I have created two SSIDs and two VLANs and assigned internal SSID to VLAN20 and guest SSID to VLAN30. I've also tagged ports A2 and A12-A14 to VLAN30.
The ports A12-A14 are also togged to VLAN2100, which I believe was created upon installation of the wireless module.
This is pretty much where my knowledge ends. I can see the guest wlan and I can connect on it but that's it. There's no accessibility anywhere.
The internal WLAN is for now connected to DEFAULT_VLAN (VLANID1) and it's working with no problems.
Can anyone give me suggestions how to proceede from here?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2009 09:48 PM
тАО02-23-2009 09:48 PM
Re: Configuring VLANs with HP Procurve 5412zl
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2009 05:15 AM
тАО02-24-2009 05:15 AM
Re: Configuring VLANs with HP Procurve 5412zl
It sounds like that is all left to do if you are connected to a dmz port on your firewall. It will need to be configured to all access from the dmz to the gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2009 10:46 PM
тАО02-24-2009 10:46 PM
Re: Configuring VLANs with HP Procurve 5412zl
We have J9051A WESM module installed and total of 3 Radioport 220's. The firewall is WatchGuard Firebox x500. The firewall actually has configurations made for DMZ as we used to have a couple of smaller switces before moving into 5412zl, and one of these switces was connected directly to DMZ configured port of the firewall.
I've also defined the VLAN30 (the guest VLAN) to use subdomain 10.10.30.x (s/m 255.255.255.0) and assigned IP address 10.10.30.2 for the VLAN.
I also found out that the WESM has a DHCP server and from it's web management interface I created new network pool called GUEST with IP 10.10.30.0/24 and assigned to interface VLAN30. The IP range is 10.10.30.100 - 10.10.30.199
Wrapping it up, I think my main questions for now are:
1) How do I direct the traffic from guest VLAN to 5412zl's port A2 (which is connected to firewall's DMZ port)
2) What else do I need to do to get the DHCP working for the VLAN30?
3) Do I need to tag the access point ports A12-A14 for VLAN30 or is tagging A2 enough?
The attached Visio document contains the sketch of the layout.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2009 02:17 AM
тАО02-25-2009 02:17 AM
Re: Configuring VLANs with HP Procurve 5412zl
After researching the topology better (I'm still rather green in the house), it seems that the connection from from 5412zl is making a little detour through ProCurve 1400-24G switch which in turn is connected to ethernet port of the firewall. This is because the cabling transfer work from old switches to 5412zl is still unfinished and some of the users are still connected to old switches. The access point ports are still connected to 5412zl and from there to the firewall. Please see the attached updated topology.
I got the DHCP working. I can connect to the GUEST WLAN and I get assigned an IP address, but I cannot access Internet nor the internal network (which of course I shouldn't be able to do anyway). When I tried to connect to the WLAN with my mobile phone and started browsing, I got the error Gateway not reachable. I've got the feeling that I'm getting close to the solution, but there's a little glitch somewhere in the configuration that's preventing me to get my victory trophy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2009 04:27 PM
тАО02-26-2009 04:27 PM
SolutionAs this is the case then you need to understand how traffic flows in that sort of environment.
The WESM module in the switch has 2 onboard 10Gb ethernet connections. 1 designated as an Uplink and the other as a Downlink port. You will see them listed in the switch config as xUP & xDP (where x = the letter of the module slot the WESM is plugged in to).
The WESM talks to the RPs via the Downlink port. It tunnels any of the VLANS you have linked to your SSIDs inside VLAN2100 to the RPs.
The xDP port should be a tagged member of VLAN 2100. It is over this port that all traffic between the RPs and the WESM travels. The xUP port is the port that communicates with your wired network.
In your case xUP should be tagged in both VLAN20 & 30. A2 should be untagged in VLAN30. The ports that your Radio Ports plug into should be untagged in VLAN2100 and should NOT be tagged in any other VLANs (though the auto-provisioning function should have taken care of the radio port links for you).
In the WESM management interface you configure your SSIDs and associate them with the correct VLANs. As you will have tagged VLAN 20 & 30 on to xUP, these VLANs should appear in the list of networks availabe to the WESM. You will have to give the WESM an IP address in VLAN30 if you want to use it for DHCP to clients on that network. In the DHCP scope you would then set the "router" as the IP address you have configured the DMZ port on the Watchguard.
As long as you do NOT have routing enabled in either the 5412zl or the WESM then VLAN20 & 30 should not be able to talk to each other.
If you have routing enabled on the 5412zl then make sure you do not have an IP address assigned to VLAN30 in the 5412zl config.
If you have routing enabled on the WESM then double check if you really need it (unfortunately I don't have a WESM to check with but I think there may be an option to exclude a particular VLAN from routing).
Sounds like you might have gotten most of what I said above going. Probably the only thing left is to make sure that the "Default Gateway" for the VLAN30 DHCP scope is set to the DMZ port on the Watchguard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-10-2009 12:56 AM
тАО03-10-2009 12:56 AM
Re: Configuring VLANs with HP Procurve 5412zl
Anyway, your answer helped me to get on the track, thank you :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-10-2009 12:57 AM
тАО03-10-2009 12:57 AM