HPE Community
Switches, Hubs, and Modems
1752815 Members
5988 Online
108789 Solutions
New Discussion юеВ

Re: VLAN Assistance

 
cenk sasmaztin
Honored Contributor

тАО06-27-2008 08:40 AM

тАО06-27-2008 08:40 AM

Re: VLAN Assistance

ok

Ican work in night for your case and make new config for you

se you tomorrow
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-27-2008 03:58 PM

тАО06-27-2008 03:58 PM

Re: VLAN Assistance

hi john I create new config for you
please be carefully check config and my layout
you can write my config
for the frist time all switch startup config backup

good luck..

**********ALL SWITCH CONFIG*****************

********************************************
Switch 1 (5308)
ip routing
vlan 1 xnotexxxnotexxxnotexxx this vlan only managemet for security vlan 1 default vlan
name "managemet"
untag A1-A24,B21-24,C1-C24,D1-D24,E1-E24,F1-F24xxxnotexxx for example untagged port ,any vlan not member ports
default vlan 1 member.xxx important:A3 and F3 must be vlan 1 untag port
no untag B1-B20
ip address 10.0.0.1 255.255.255.0
exit

vlan 41
name "DO_Admin"
untagged B1-B10
tagged A3,F3
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.35.25.60
exit

vlan 60
name "Tech_Office"
untagged B11-B20
tagged A3,F3
ip address 10.37.25.1 255.255.255.0
exit

vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.29.1

**********************************************
Switch 2 (5308)
vlan 1
name "managemet"
untag A1,A21-A24,B1-B24........
no untagged A2-A20
ip address 10.0.0.2 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged A2-A10
tagged A1
exit
vlan 60
name "Tech_Office"
untagged A11-A20
tagged A1
***********************************************

***********************************************
Switch 3 (2824)

vlan 1
name "managemet"
untag 21-24
no untag 1-20
ip address 10.0.0.3 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged 1-15
tagged 24
exit
vlan 60
name "Tech_Office"
untagged 16-20
tagged 24
*************************************************


***INTERNET ROUTER/SW├Д┬░TCH IP ROUT├Д┬░NG CONF├Д┬░G******
you can write internet switch (cisco)ip routing command

#ip route 10.37.64.0 255.255.252.0 10.37.29.254
#ip route 10.37.25.0 255.255.255.0 10.37.29.254


************DHCP SERVER CONFIG For microsoft******************
dhcp server nic address
ip address 10.37.25.60
subnet mask 255.255.255.0
default gateway 10.37.25.1

****scobe config
scobe 1
scobe name vlan41
ip pool 10.37.64.20.....10.37.68.250(for example)
subnet mask 255.255.255.0
default gateway 10.37.64.1

scobe 2
scobe name vlan60
ip pool 10.37.25.5----10.37.25.55
subnet mask 255.255.255.0
default gateway 10.37.25.1
cenk

0 Kudos
Bear_2
Advisor

тАО06-28-2008 06:00 AM

тАО06-28-2008 06:00 AM

Re: VLAN Assistance

Must I use the Default VLAN (VLAN 1) for the ports that connect the three switches, or do they just need to be untagged members of the same VLAN?
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-28-2008 08:03 AM

тАО06-28-2008 08:03 AM

Re: VLAN Assistance

ok no problem
vlan 1 must be untag member all uplink port

cenk
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-28-2008 08:15 AM

тАО06-28-2008 08:15 AM

Re: VLAN Assistance

in this way very strong vlan design for your network and one router running on network other all edge switch possible only running L2 switching operation
seperate broadcast domain between users group
central managemet on network core
easy config edge switch
more security for device managemet with managemet vlan

please test and say me result

cenk
cenk

0 Kudos
Bear_2
Advisor

тАО06-28-2008 08:23 AM

тАО06-28-2008 08:23 AM

Re: VLAN Assistance

I don't want only one switch doing the routing, I have 1500 computers on the network. I want each building's layer 3 to route traffic for the vlans contained on the switch. As I stated before, the configurations are only partials. The only VLAN that need to exist in more than one physical location is the DO_ADMIN domain. I will move the ports that connect to each other into the VLAN 1 if that will make a difference, currently the host connect to a DO_Admin port on server 3 is still unable to ping anything.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-28-2008 08:50 AM

тАО06-28-2008 08:50 AM

Re: VLAN Assistance

ok I understand plesae test this config

Switch 1 (5308)

vlan 8
name "DHS_To_DSE"
untagged A3
ip address 10.37.28.1 255.255.255.0
exit
vlan 4
name "DHS_to_Tech"
untagged F3
ip address 10.37.24.1 255.255.255.0
exit
vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged A2
ip address 10.37.64.2 255.255.252.0
ip helper-address 10.37.81.15
exit
ip route 10.37.64.0 255.255.252.0 10.37.24.2
ip route 10.37.64.0 255.255.252.0 10.37.28.2
ip route 10.37.25.0 255.255.255.0 10.37.24.2
ip route 0.0.0.0 0.0.0.0 10.37.29.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 2 (5308)

vlan 41
name "DO_Admin"
untagged A2
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.37.81.15
exit
vlan 8
name "DHS_to_DSE"
untagged A1
ip address 10.37.28.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.28.1
router ospf
area backbone
redistribute connected
exit
vlan 8
ip ospf area backbone
exit

Switch 3 (2824)

vlan 4
name "DHS_to_Tech"
untagged 24
ip address 10.37.24.2 255.255.255.0
exit
vlan 60
name "Tech_Office"
untagged 1-22
ip address 10.37.25.1 255.255.255.0
ip helper-address 10.37.25.60
exit
vlan 41
name "DO_Admin"
untagged 23
ip address 10.37.64.3 255.255.252.0
ip helper-address 10.37.81.15
exit
ip route 0.0.0.0 0.0.0.0 10.37.24.1
cenk

0 Kudos
Bear_2
Advisor

тАО06-28-2008 09:28 AM

тАО06-28-2008 09:28 AM

Re: VLAN Assistance

I don't believe you can have two static routes for the same subnet:

ip route 10.37.64.0 255.255.252.0 10.37.24.2
ip route 10.37.64.0 255.255.252.0 10.37.28.2

as you have listed in the switch 1 config
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-28-2008 09:39 AM

тАО06-28-2008 09:39 AM

Re: VLAN Assistance

yess not running
I can test now my last config and not running
because become same network range different area not running routing operation

you can must be change ip address vlan41 on each switch (assign different network address)for running routing operation
but this process not vlans seperate network
your network architecture very mixed with routing operation it's not true

I make many network on word
I not recommendatory this network

you can not trust one router on network (you right)you can purchase second switch beside switch1 and use vrrp
must be each edge switch connect two core switch diffrent uplink line


I can recomendation network design for your network below config

good luck...
**********ALL SWITCH CONFIG*****************

********************************************
Switch 1 (5308)
ip routing
vlan 1 xnotexxxnotexxxnotexxx this vlan only managemet for security vlan 1 default vlan
name "managemet"
untag A1-A24,B21-24,C1-C24,D1-D24,E1-E24,F1-F24xxxnotexxx for example untagged port ,any vlan not member ports
default vlan 1 member.xxx important:A3 and F3 must be vlan 1 untag port
no untag B1-B20
ip address 10.0.0.1 255.255.255.0
exit

vlan 41
name "DO_Admin"
untagged B1-B10
tagged A3,F3
ip address 10.37.64.1 255.255.252.0
ip helper-address 10.35.25.60
exit

vlan 60
name "Tech_Office"
untagged B11-B20
tagged A3,F3
ip address 10.37.25.1 255.255.255.0
exit

vlan 837
name "Comcast"
untagged E4
ip address 10.37.29.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.37.29.1

**********************************************
Switch 2 (5308)
vlan 1
name "managemet"
untag A1,A21-A24,B1-B24........
no untagged A2-A20
ip address 10.0.0.2 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged A2-A10
tagged A1
exit
vlan 60
name "Tech_Office"
untagged A11-A20
tagged A1
***********************************************

***********************************************
Switch 3 (2824)

vlan 1
name "managemet"
untag 21-24
no untag 1-20
ip address 10.0.0.3 255.255.255.0
exit
vlan 41
name "DO_Admin"
untagged 1-15
tagged 24
exit
vlan 60
name "Tech_Office"
untagged 16-20
tagged 24
*************************************************


***INTERNET ROUTER/SW├Г ├В┬░TCH IP ROUT├Г ├В┬░NG CONF├Г ├В┬░G******
you can write internet switch (cisco)ip routing command

#ip route 10.37.64.0 255.255.252.0 10.37.29.254
#ip route 10.37.25.0 255.255.255.0 10.37.29.254


************DHCP SERVER CONFIG For microsoft******************
dhcp server nic address
ip address 10.37.25.60
subnet mask 255.255.255.0
default gateway 10.37.25.1

****scobe config
scobe 1
scobe name vlan41
ip pool 10.37.64.20.....10.37.68.250(for example)
subnet mask 255.255.255.0
default gateway 10.37.64.1

scobe 2
scobe name vlan60
ip pool 10.37.25.5----10.37.25.55
subnet mask 255.255.255.0
default gateway 10.37.25.1
cenk

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.