Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ProCurve Switch 2650 + Routing Vlan

SOLVED
Go to solution

ProCurve Switch 2650 + Routing Vlan

Hi,
I wuold like to ask you just a question.
I planning to buy four ProCurve Switch 2650.
I'll got this scenario:
About 80 hosts have been connected trought the switch.
There is a Single-End-Server 802.1q compliant
and a single Router of our ISP (to be access to Internet).

I wuold like to do 5 Vlan Configured on each Switch as well as 5 different IP classes.
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24

-SERVER 192.168.1.100
-ISP router go a Public address as 82.192.xxx.xxx

The ProCurve Switch 2650 is able to drive packets from each class of the VLANs to the class of the ISP router 82.192.xxx.xxx.?

Hope to read you a soon as possible.

Thanks in advance to every body will answered.

18 REPLIES

Re: ProCurve Switch 2650 + Routing Vlan

Hi Manuel
First of all, is your network will consist of only these four 2650 intelligent edge switches, or you have distributor layer or core layer above that edge switches, and where are the router and the SERVER will be connected?

Regards

Re: ProCurve Switch 2650 + Routing Vlan

The network will consist in just that 4 switches.
The Switches will be connected by the 1GB/S uplink port as well as the two server.
A router of our ISP will be connected on a normal 100Mb/s port of one of this router.

Re: ProCurve Switch 2650 + Routing Vlan

I'll try to explain it better.
I got 80 hosts that are in the Same DOMAIN. So they have to login in the DOMAIN Server.
Just a part of this host, about (30) have to work with another Server for a CAD Applications.
All of them have to go to Internet.
I tought that ProCurve Switch 2650, is the best solution. But before to buy i wuold like to know if is it possible connected the Momdem/router ADSL to onw port of the swith and set it as default gateway for all the subnets.

Regards
Les Ligetfalvy
Esteemed Contributor

Re: ProCurve Switch 2650 + Routing Vlan

Why do you need 5 VLANs for just 80 users? Do you think it wise to route between the VLANs with the router connected to the ISP?

Re: ProCurve Switch 2650 + Routing Vlan

I need 5 VLANS, because there are 5 little-company in the same building. So I would like to create a minimun security among each company. Anyway each company have even to work with the same two Server.

You are right, I'll connect the modem/router ADSL of the ISP to a FireWALL (IPCOP) and then the Firewall will be connected to a port of the swith.

Anyway i wuold like to know if this Switch are Layer 3 or better if them are able to route all the packtes, among the vlan to the server and to the gateway for internet.

Thanks in advance.
Les Ligetfalvy
Esteemed Contributor

Re: ProCurve Switch 2650 + Routing Vlan

I am trying to read between the lines in order to grasp how or if you intend to route between VLANs. You say there is one domain/one server, so I assume SBS which you say is 802.q compliant. Does that mean that you hope to have the server be a member of all 5 VLANs? Have you verified that the server can participate in all 5 VLANs?

Does there need to be routing between VLANs for any other purpose? If so, how do you plan to differentiate the inter-VLAN routing from the ISP routing if you set the DG to it?

I presume your firewall does not support 802.1q, so there might not be any security between the 5 companies that share the network depending on how the routes are setup.

From what I read on http://www.hp.com/rnd/products/switches/switch2600series/overview.htm HP says the 2650 is routing capable.

Sorry, I have more questions than answers.
Antoniov.
Honored Contributor

Re: ProCurve Switch 2650 + Routing Vlan

Hi Manuel,
I guess you want to manage using PCM+ (ProCurve Manager) software.
I don't know it; I think it's possible but I don't know how you can do it.

Antonio Vigliotti

P.S. Piccolo consiglio, se posso permettermi. Dai qualche punto alle risposte, questo ti aiutera' molto a trovare soluzioni.
Ciao dall'Italia.
Antonio Maria Vigliotti

Re: ProCurve Switch 2650 + Routing Vlan

Actually it doesn't matter in which way i'll set/manage them up even by CMI it's fine. Anyway after seven answers I did not understand if is it really possibile with the ProCurve Switch 2650 sharing a internet gateway for 5 differents Sub-NetLAN.

I want:
- 5 differents subnets (5 VLAN).
- All the subnets have to share 2 Servers 802.1q compliant.
- All the subnets have to use a single ADSL connection. (So will be a firewall or a normal modem/router) The firewall it's not 802.1q compliant.

Which kind of Switch i need? I thought a L3 switch was fine, is it correct? Or i need a real router? Otherwise wich kind of router can you tell me a model?

best regards

p.s:Grazie per la info. Speriamo di risolvere.. devo comprarli a breve.:)

Re: ProCurve Switch 2650 + Routing Vlan

The subnets will be:
192.168.1.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0

The firewall/gateway will be:
192.168.0.1 255.255.0.0

The Switch have just to deliver the packets from each SubNet of each VLan to a untagged segments where there will be the Firewall/gateway connected that will do NAT.

Antoniov.
Honored Contributor

Re: ProCurve Switch 2650 + Routing Vlan

Hi Manuel,
1) Five different VLANs: you can also manually so I think you can with PCM+.
2) All VLAN have 2 server. It's not clear how you wanto to access to server and in what subnet they live. If you want they are in 6th subnet you have to build a local bridge. Read carefully documentatation about bridging, I saw something about this.
3)ADSL connection. If you have a unique ADSL connection there is no problem, you can declare it as default gateway. I thing your ADSL can't support 80 PCs. You can't use a modem, you must use a router.

Antonio Vigliotti

Antonio Maria Vigliotti

Re: ProCurve Switch 2650 + Routing Vlan

Thanks Antonio,

but I don't know how, my question, seems to be so complicated, really! anyway:

I can collapse all the questions in only one.

The Swith procurve 2650 is able to let route the packets from a vlan to another one? (remember that each vlan is even a subnet)

Manuel

P.s:seems to be strange that we are spoken in a different language from our native one. Cmq questo switch fa fare routing tra le vlan?
Les Ligetfalvy
Esteemed Contributor

Re: ProCurve Switch 2650 + Routing Vlan

Obviously a routing switch can route between VLANs. Where things get complicated, is when you want the DG to be the ISP router and not the routing switch. How do you plan to route VLANs if the DG is the ISP router? Do you plan to assign static routes on all devices?

Also, you talk about the server being 802.1q compliant, so that leaves one to assume that you expect it to participate in multiple VLANs without any routing. You have not made that clear.

You also talk about VLANs for reasons of security, but if the switch routes and the firewall does not, where is there any security? Now, if you used an external firewall/router like ISA server that supports gigabit 802.1q, you could make it the DG and write rules about where on the LAN or the internet who can go.

Sorry, I just cannot see how you plan to pull this together with what you have said thus far. If I am just annoying you with more questions, tell me to leave and I will.

Re: ProCurve Switch 2650 + Routing Vlan

First of all thanks al lot for your help. And I'm not annoyed at all. I really appreciate you effort and I'glad to accept your advices.

I'have studied theory about Vlans, but i never realized a network like that with these kind of switch. If you will think that there will be a best solution, please let me know.

>Obviously a routing switch can route
>between VLANs.

Unfortunately, It has been not so obviously because in the Manual of this Switch product is not written anywhere.

>Where things get complicated, is when you
>want the DG to be the ISP router and not
>the routing switch.

The ISP Router have to do NAT through the Subnet to Internet. Is just for this reason that i wuold like to set it as Gateway.

> How do you plan to route VLANs if the DG >is the ISP router?

I'll put a firewall with two Ethernet Card. One with a Public Address direct connected to the modem/router of the ISP and another one with a Private Address 192.168.0.1 255.255.0.0 connected to the Switch.

The subnet of the network instead will got a mask 255.255.255.0. So the firewall with its mask is reachable from anybody.

>Do you plan to assign static routes on all devices?

i don't understand this question. Which kind of devices?
I'll try to set a static router on the switch, so the packets that have to reach internet there will drive on 192.168.0.1.


>Also, you talk about the server being
>802.1q compliant, so that leaves one to
>assume that you expect it to participate in
>multiple VLANs without any routing. You
>have not made that clear.

I happened that if i'll use a Intel PRO card 802.1q i can set "on the same" ethernet card of the server 5 differents IP, (one for eache subnets)
192.168.1.100
192.168.2.100
192.168.3.100
192.168.4.100
192.168.5.100
should be work.
I don't want routing from a subnet class to another by the server.
If i'm in wrong please tell me.

>You also talk about VLANs for reasons of
>security, but if the switch routes and the
>firewall does not, where is there any
>security?
No all the subnet have to speek eachother,
just few of them.

The firewall have to do just NAT to share internet by all.

So Is it correct?
Can i set 5 vlans and 5 subnets?
Can Two of them speak togheter?
All of them have to go to internet trought the firewall, is it possible?

thanks a lot for your help



OLARU Dan
Trusted Contributor
Solution

Re: ProCurve Switch 2650 + Routing Vlan

Manuel,
If you can issue the command "ip routing" on your switch CLI, and if you can set static routes with "ip route" command, and if you can assign IP addresses to VLAN interfaces, then your switch is a routing switch. Make one of your 2650s the router of your network. Attach the firewall to it, using a sixth IP subnet (192.168.10.0/24, if you like). On all clients put DG the IP address of ther respective VLAN interface. Put a default route in the router to indicate your firewall (192.168.10.10/24). All traffic for Internet will go to the firewall bacause of the default route setting on the router.

Re: ProCurve Switch 2650 + Routing Vlan

Thanks a lot for your help. You got 9 points. :-)
Can I ask you a more question?

Is it for you the 2650 swith a good solution, for my case or I have to think to buy something more robust?

I have seen even a Zyxel ES-4024a L3+, what do you think about it?
thanks in advance.
Olaf Borowski
Respected Contributor

Re: ProCurve Switch 2650 + Routing Vlan

Manuel,

ProCurve has a real nice router with ADSL support that will solve your problem (Internet access). It also has a built in firewall and optionally, you have IPSec support (VPN). The 26xx can do the inter-vlan routing and the 7000 the routing to the internet.

http://www.hp.com/rnd/products/routers/ProCurve_Secure_Router_7000dl/overview.htm

Olaf

Re: ProCurve Switch 2650 + Routing Vlan

perfect i'll take care about it.
Thanks to all.

Re: ProCurve Switch 2650 + Routing Vlan

I have more clear than before the situation and the hardware features.
Thank you.