HP PROCURVE 2524 / VLANS possible without 802.11Q compliant devices ?

I've got a Procurve 2524 & a 2324 & another old switch (brand X :-)

Port 1 of HP2524 has the internet connection to a router.

I want all the ports of all my switches to have internet access.

I'm uplinking port 24 of the HP2324 on port 2 of HP 2524.
I'm uplinking port 16 of my old switch of another brand on port 3 of Procurve 2524.

I'm using port 4 to 7 of HP2524 to connect directly WWW servers.

Some machines (GROUP2 below) must access the WWW servers (GROUP3).

I want to make 4 VLANS:
VLAN1 : INTERNET (PORT 1 of 2524)
VLAN2 : GROUP1 (PORT 2 of 2524 = ALL PORTS of HP2324)
VLAN4 : GROUP3 (PORTS 4 TO 7 of HP2524).

I've understood that I should normally tag some ports BUT for the five next years some of the NICS cards from GROUP1 and GROUP2 and GROUP3 are not and won't be 802.11Q COMPLIANT for technical and financial reasons (old machines still good to work but not for upgrading)...

SO I think, I can ONLY DO the Following port assignments on my HP2524:

---- + -------- ------- = -------- = -----
1 | Untagged Untagged Untagged Untagged
2 | Untagged No Untagged No
3 | Untagged Untagged No Untagged
4 | Untagged No Untagged Untagged

A) IS this correct to match my needs above and separate broadcast traffics beetween (GROUP1 and GROUP2) + (GROUP1 and GROUP3) ?
B) No risk of storm loops here with 2 switches uplinked on ports 2 and 3 of HP2524 and other ports of 2524 with servers?
C) What will I loose because I can't have all NICS 802.11Q compliant ?
D) Will activation of STA help me here ? and if yes how?

I hope I've exposed clearly my case to help you help me :-)

Thanks in advance for your response

Ron Kinner
A. It will separate broadcast traffic but it will not allow access to the internet. A 2524 is not layer 3 aware so any interVLAN switching would have to be done by the router at the IP level. If the router is not 802.1q aware then it won't work. If it is 802.1q aware then you will have to drop the idea of putting the Internet port in VLAN1 and you will have to have tagging on at least two of the VLANs on the port connecting to the router and the router will have to be set up with 3 different IP subnets (on a Cisco, 2 of these are secondary addresses) on the interface. Hosts in each subnet would have to use the IP address on the router associated with their VLAN as the default gateway.

B. I don't see a loop problem with your setup unless someone connects the other two switches together.

C. The only thing that really needs to be 801.2Q compliant is your router. If it's not then you lose Internet connectivity.

D. STA will prevent loops. Otherwise it will not help.

I'm not in the office today so I don't have access to all of my usual info nor my high speed internet connection but if I remember right some of HP's switches have another type of isolation which might help. Something - I forget exactly what they are called - Groups. What version of software are you running on the 2524? Seems like it was added recently so you would need F.05.17. Look in the release notes for F.05.17 on

and see if there is not a way to separate ports into groups of some kind.

Ron Kinner
OK. I'm in the office now and was able to download the 2524 F.05.17 release notes. The feature you need to look at is called Isolated Port Groups which is found on page 6 of the release notes.


You can put your port 1 connection to the router in the Uplink group then ports 2 and 3 can be in the Private group and 4-7 in Group 1. Now all ports in the Private group can get to the Internet but can not talk to anyone else on the 2524. Ports in Group 1 can talk to the Internet and to each other.

I've posted my reply in error somewhere else in this forum yesterday ... but not my big points to you that are a little way to say thank you very much for your help, indeed !!!

Have a nice day