Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 5406 VLAN's

Zeek_123
Occasional Contributor

Procurve 5406 VLAN's

Hi,

I'm new to procurve networking. I have a procurve 5406 as a core switch. I connect a firewall, a pbx, a file server, a dhcp server, and an nvr for cctv to it directly. I have been tasked with creating 10 voice vlans to limit the broadcast domain, and 10 data vlans.

How do I make 10 voice vlans attach to port A5 for example?

How do I make 10 voice vlans appear on several ports?

How do I combine 10 voice vlans and 10 data vlans on port A1?

I've set up 20 scopes for each of these vlans on the dhcp server also.

Does anything else have to be done on it? Like add routes to each vlan or anything?

The Vlans are setup as following

vlan 10 - voice - 10.3.10.x/24
vlan 11 - voice - 10.3.11.x/24
etc..

Any guidance would be great.

I currently have set the following

In the following example i want vlan 10 and vlan 20 to appear on ports 1,9,11,13,15,17

My dhcp server is 10.3.100.15

ip routing
vlan 10
ip helper-address 10.3.100.15
ip address 10.3.10.10 255.255.255.0
tagged A1,A9,A11,A13,A15,A17
exit

vlan 20
ip helper-address 10.3.100.15
ip address 10.3.20.10 255.255.255.0
tagged A1,A9,A11,A13,A15,A17
exit

I'm struggling on what to do, or how to fix this?
9 REPLIES
hiskia
Occasional Advisor

Re: Procurve 5406 VLAN's

Hi.

Your config looks good. Your switch is running as router. But you have to add at least one more vlan to attach your dhcp server.
Something like:

vlan 30
ip address 10.3.100.10 255.255.255.0
untagged A24
exit

So you can plug in your dhcp server on port A24.

To add more vlans (10 voice, 10 data) go on as you started.

What is connected to the ports A1,A9,A11... Other switches?
Zeek_123
Occasional Contributor

Re: Procurve 5406 VLAN's

Thanks for the prompt response.

I have other devices to attach also to every port once I am assured my other setup is Ok, then I can proceed to attach those with relative ease.

A1 - firewall - I've assigned all vlans tagged to it

A2-A6- Servers including dhcp - I've assigned all data/management vlans tagged to them.

A9,A11,A13,A15,A17 - OLTM fiber modules

A10,A12,A14 - PBX, Voice Mail, Call Accounting

A15 - NVR

A21 - Uplink to 2610

A18,A20,A22,A24 - Fiber (IPTV) Media converter, reserver for future use

I have mixed results looking for any answers in regards to tagging vs untagging. Am i required to have any untagged ports at all? What if I want the pc's to be able to plug into the phones?

Thanks for your response.

Cheers!
hiskia
Occasional Advisor

Re: Procurve 5406 VLAN's

Hi.

It's not necessary to bring all your vlans to the dhcp server. The ip helper-address will forward any request from the vlan you put this statment in to your server.

If all your attached devices can handle tagged vlans you don't need untagged ports at all. Your phones need to have a switch which can handle vlans so you can plug in your pc (untagged).

I wouldn't use "normal" pcs to handle tagged vlans even if networkcard and os are able to but plug them into untagged ports.

What about this devices? (A10,A12,A14 - PBX, Voice Mail, Call Accounting) Do they need more than one vlan? If not: Switch the necessary vlan for the port to untagged.

There is nothing bad about untagged ports :-)
Zeek_123
Occasional Contributor

Re: Procurve 5406 VLAN's

Thanks Again.

I'm putting in 10 voice vlans based on a requirement from our operator.

Can I setup my connection like the following?

5406zl(tag vlan 10-20, port a9) -> 2610 (tag vlan 10-20, port A1) -> 2610 (untag vlan 10, tag vlan 20, port A2) ?

Basically connecting from my core router to a remote 2610 which the phone hangs off of on port A2.

I know my connecting port vlans need to match tagged or untagged, but each 2610 will only have 1 voice and 1 data vlan, so presumably I can tag all in my core and do the untagging on my 2610's?
Shadow13
Respected Contributor

Re: Procurve 5406 VLAN's

Just one thing,


The uplink ports between the switches need to be tagged in all The VLANS that are going to be forwarded between the switches.
For the devices to be members of a specific VLAN you need to untag the device on the required VLAN. This is the role for tagging and untagging.

Regards
Zeek_123
Occasional Contributor

Re: Procurve 5406 VLAN's

Thanks Again.

I am able to get different subnets assigned via vlans with relative ease now. One item remains that is trumping me.

Ip Vlan 2 - 10.3.100.11 <<<< Client #1, OK
IP Vlan 3 - 10.3.110.11 <<<< Client #2
DNS / DHCP - 10.3.100.3 <<<< Internal Server
Gateway - 10.3.100.1 <<<< Gateway

Client #1 is on same subnet as gateway, works great.

Client #2 is on different subnet and has no internet access. Cannot ping gateway either.
It can ping the dns/dhcp server 10.3.100.3 however.
hiskia
Occasional Advisor

Re: Procurve 5406 VLAN's

If Client #2 can ping dhcp-server but not the gateway (which is in the same subnet as dhcp-server) it looks like your gateway has some kind of routing problem. Can you add a route like 10.3.110.0/24 gateway 10.3.100.10 (or whatever is the ip of the 5406 in this subnet)?
Zeek_123
Occasional Contributor

Re: Procurve 5406 VLAN's

Thanks. I did find it was a routing issue. I needed the route back.

it was done using 10.3.110.0/24 10.3.100.1

I can ping the gateway now, I am just unable to browse the Internet.

My traceroute dies at the gateway.

Am I missing another route?
hiskia
Occasional Advisor

Re: Procurve 5406 VLAN's

Hm, your gateway (Draytek) has to be the default gateway for your router (5406) and the default router of your gateway is somewhere in the internet. Should work.

Can you ping the client from your gateway?