Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Switch 2626 vlan trouble

Monfort_1
Occasional Visitor

Switch 2626 vlan trouble

Hi,

I try to set up a 2626 procurve switch and set vlan.

I want to create 5 fully separated networks on it.

I configured my vlan as this :

1 DEFAULT untagged all
2 VLAN1 4-6 auto, forbid all others
3 VLAN2 7-8 auto, forbid all others
4 VLAN4 11-14 auto, forbid all others
5 VLAN5 15-20 auto, forbid all others
6 VLAN6 23-24 auto, forbid all others

And it doesn't works ! I can ping others PC from any vlan.

is someone able to explain me what's wrong ?
What is the différence between tagged, untagged, no, auto and forbid ?

Someone can correct my table ? please, I need your help.

Alan
6 REPLIES
André Beck
Honored Contributor

Re: Switch 2626 vlan trouble

Hi,

what you actually want is to set these ports to untagged in their respective VLAN. It does exactly what it says: Let frames from the specified VLAN egress the port without a tag and assign frames without a tag entering that port to the specified VLAN. Result will be a switch partitioned into five independend broadcast domains based on ports. Or almost independend, there is still single STP if you have that active, but that's another story.

BTW, you can stay with "forbid" if you ever plan to use GVRP, but you don't need it and probably don't want it. Using "no" is sufficient then. "Forbid" is just "no" with an additional "not even with GVRP" spelled out.

Just to explain the last remaining option: Imagine you want to connect another 2626 to your existing one, with just *one* link, but it should have the same five VLANs available, distributed in a similar fashion on its ports, and with hosts in VLAN x on switch 1 "seeing" hosts in VLAN x on switch 2. That's what you need "tagged" for: Apply the default VLAN untagged and all other VLANs tagged on that interswitch link and voila, switch spanning VLANs but still separated broadcast domains. They are tagged according to their VLAN on egressing one switch, so the other can identify the correct VLAN they belong to when they ingress there, stripping the tag.

HTH,
Andre.
Monfort_1
Occasional Visitor

Re: Switch 2626 vlan trouble

Thanks André.

So let's see if, whith my approimative english, I understood everything.

In order to make my vlans working and independants form each others, I have to switch my "auto" to "tagged" ?

Is it all ? unfortunately, it doesn't work better !

it is always as easier as possible to ping machines form one vlan to another.

Same thing with changing "forbid" ports to "no".

what else can miss ?

Thanks André, for your answer, I think I'm going mad with this swith.

Alain

Re: Switch 2626 vlan trouble

Unfortunately I'm not the person that can help you with this problem.
It's my second day as a member of this Forum. But in the first one I understood that better to assign some points to the people that had answered to you.
hope you will find a solution. I'm waiting to, to understand better how the vlans worked.
André Beck
Honored Contributor

Re: Switch 2626 vlan trouble

Re Alan,

> So let's see if, whith my approimative
> english, I understood everything.

Hmm.

> In order to make my vlans working and
> independants form each others, I have to
> switch my "auto" to "tagged" ?

No, to "untagged". Normal hosts usually expect plain vanilla EthernetII frames on their NICs and transmit these as well. They will happily ignore frames with an 802.1Q tag, so it is clear that changing to "tagged" on the access ports doesn't give you anything. The "tagged" mode is for interswitch links or links to routers or servers that should bear frames belonging to multiple VLANs at once, still allowing to differentiate them.

> Is it all ? unfortunately, it doesn't
> work better !

As said, "untagged" would.

> it is always as easier as possible to
> ping machines form one vlan to another.

You can still ping after changing all the ports to tagged? That is interesting, as it is close to impossible except you left the default VLAN untagged on every of them, effectively merging them into one broadcast domain this way.

> Same thing with changing "forbid" ports
> to "no".

Doesn't make a difference if GVRP is not in use.

> what else can miss ?

The little "un" before tagged ;)

> I think I'm going mad with this swith.

Weird hard- and software is absolutely no reason to pull your hair out. Just learn and you will get control over it, or when that fails, you still have the power of doing interesting gravity acceleration tests on it ;)

HTH,
Andre.
André Beck
Honored Contributor

Re: Switch 2626 vlan trouble

Re,

silly me, I'm overreading things as well. You wrote

> 1 DEFAULT untagged all

and that is the reason all your hosts can talk to each other. What you want to do is get rid of this "untagged" in VID1 on every port that is to dwell in another VLAN, change it to "no". You can have only one VLAN untagged on a port, all others should be "no", just choose the right one like: Make ports 4-6 untagged in VL1 (VID2), 7-8 untagged in VL2 (VID3) etc. I'd post a table but the forum is going to break it...

HTH,
Andre.
Monfort_1
Occasional Visitor

Re: Switch 2626 vlan trouble

Andre, you are my Angel !

It works perfectly !

After setting the default vlan to untagged all, I set up the other vlan with untagged on the appropriate ports.

Better, the web interface of the 2626 automatically set the correct settings on auto to the default vlan.

And it works fine. Thanks a lot.

Alain