Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

HP Vlan setup help

stevefar
Occasional Advisor

HP Vlan setup help

Hi all can anyone help me achieve the following.
i have had limited success with vlans but these are new to me.

I would like to achieve the following:
A server vlan that just contains servers(vlan_100)

2 vlans for work stations (these will need to be routed to the server vlan- vlan_200 and vlab_300)

1 vlan for wireless(need to be routed to the server vlan- vlan_400)

Our main core switch is a HP Procurve 4208vl this connects to around 15-20 HP Procurve 2510-24 or HP Procurve 1800 switches.

Does anyone have a step by step guide on how i would set this up for example do i need to log on to every switch and create the vlans, i started to read about GVRP and understand that i can dynamically create vlans on all switches that have GVRP enabled but how does a switch then belong to a particular vlan on the core switch (do i tag the port on the core switch for a vlan?) and if i need a switch to have 12 ports on 1 vlan and 12 ports on another vlan how would i do this

thanks for any help
5 REPLIES
Marco Wessel
Valued Contributor

Re: HP Vlan setup help

Using GVRP you can automatically make all the VLANs known on all switches that support it, and getting the frames to the appropriate switches will be figured out for you.

Unfortunately, 1800s do not support GVRP so while you could use GVRP for the 2510s, you'd still have to manually create the VLANS on the 1800s.

That said, GVRP is mostly simply a way to get VLANs to all your switches-- if you want specific ports to be in specific VLANs you still have to log in to the switches and configure this. On your core, you would configure the ports linking to your other switches as belonging to all VLANs. The 2510s will then, using GVRP, learn about these VLANs automatically after enabling GVRP.

The GVRP protocol is meant mostly to get VLANs distributed in larger situations with separate core, distribution and access layers. From your post I gather you leave out the distribution part.

Given the above and the fact you have only four VLANs it is likely not very useful in your situation to use GVRP: you must log into every switch to enable gvrp and convert dynamic vlans to static vlans so you can assign ports, so it's less work to simply configure the VLANs statically in the first place.

As for the routing-- simply assign an IP address on the 4208vl in each of the VLANs and enable ip routing. Use the assigned address as the default gateway on the connected hosts and the packets will be routed between VLANs.

Note the 4208vl does not support ACLs, therefore you will only be able to enable routing between all connected VLANs (with an IP assigned) or none at all, with the exception of the management VLAN, which will not have traffic routed into our out of it while still allowing an IP assignment.
stevef1
Occasional Advisor

Re: HP Vlan setup help

Thanks for that so to clarify

on the HP 4208vl i set up my 4 vlans
and turn off GVRP on all the switches
On the core HP 4208:
Ports a1-a4 belong to vlan_100(servers)
Ports b1-b16 belong to vlan_200 (workstation)
Ports c1-c16 belong to vlan_200(workstation)
Ports d1-d16 belong to vlan_400(wireless)

I then assign an ip address and enable routing on each vlan on the core switch
On the HP 4208 would i tag or un-tag the ports to each vlan for example would ports a1-a4 be tagged or un-tagged in to vlan_100 and would this be the same for all the vlans on th HP 4208

After the HP 4208 is setup i then log on to the HP 2510â s and create the appropriate vlans for example:
HP 2510 is to be a member of vlan_100 so i connect port 24 to any port between a1-a4, log on to the HP 2510 create vlan_100 and thatâ s it? Do i tag or un-tag all the ports to the vlan

I have a HP 2510 switch that will need to have ports 1-6 as member of vlan_100 and 7-20 as members of vlan_400 how would i do this, i think i create the 2 vlans on the switch and tag them to the vlans that they belong to i.e on the HP 2510 ports 1-6 tagged to vlan_100 and ports 7-20 tagged to vlan_400 how do i handle the uplink on port 24 to the core switch as i will have 2 vlans on one switch the uplink port on the core switch would need to be a member of 2 vlans, would i tag this port to be a member of both vlans? What do i need to do to the uplink port on the HP 2510 do i tag that to 2 vlans as well?

Gulp i just realised that this could get complex :)

Thanks for the help so far

steve



Marco Wessel
Valued Contributor

Re: HP Vlan setup help

Well, there's more than one way to get to Rome. What's best depends on what you want.

You could, indeed, assign VLANs on the 4208vl. In that case you wouldn't necessarily even need to tag them, you could just connect the 2510s and 1800s directly without using management features. This requires no logging into the edge switches at all.

However, that only works if you're not going to mix VLANs on a single switch. You want to do that (and I recommend going this way anyway for just the option of doing it), so you should set up the ports on the 4208vl that connect to other switches to have all VLANs on them tagged. On the other end (the 2510/1800s) you would do the same for the port(s) that you use to connect to the 4208vl. Then, you set the ports that computers connect to to be untagged members of a certain VLAN.

So basically:
- set links between switches to be tagged members of all VLANs
- set links between switch and computer (or server, etc.) to be untagged members of exactly one VLAN each.
- On 4208vl, assign IPs to each vlan and enable IP routing.

You don't mention what kind of access points you use. Simple ones don't do VLANs so simply assign those ports as untagged members of your wifi vlan. More advanced ones can handle multiple SSIDs and put clients connected to different SSIDs in different VLANs (e.g., HP 420, HP 530). In that case, treat the APs as switches and tag those ports too.
Kanan Simpson
Occasional Visitor

Re: HP Vlan setup help

Stevefar,

If you have routing enabled, all traffic on any VLAN with a IP address associated with it will be routed. If you dont want it routed, disable the IP thatassociated with that vlan.

If you want any ports on a particular vlan, you will need to untag those ports and tagged the uplink port.

ex. router(config)# vlan_200

untagged 1-6
tagged 26 (or your uplink port)
exit

That will put ports 1-6 on the vlan_200 untagged. Uplink ports has to be tagged in order to get out of the switch. If the port wasn't tagged, the switch wouldn't know where to send the traffic.

I hope this make a little sense.
stevefar
Occasional Advisor

Re: HP Vlan setup help

sorry for the delay not had time to try the help suggested gona finally start in the morning will let you all know how i get on

stevef