HPE Community
Switches, Hubs, and Modems
1752808 Members
5995 Online
108789 Solutions
New Discussion юеВ

VLAN Help (2626)

 
Tony Barrett_2
Frequent Advisor

тАО11-17-2005 11:12 PM

тАО11-17-2005 11:12 PM

VLAN Help (2626)

This is probably simple, but I need to get it clear in my head.

I have an HP2626 that uplinks to the core switch (5308xl) on port 25 (Gb).

I want to create VLAN's on the 2626 so;

ports 1-12 can all talk to each other (but not to ports 13-24) and out to the main network on port 25.

ports 13-24 can all talk to each other (but not to ports 1-12) and out to the main network on port 25.

It is important that both ports 1-12 and ports 13-24 can connect as normal over port 25.

There are no other VLAN's in use on the network.

I've tried various tagging settings, but it's not working as it should.

Can someone give me an example of how this should work?

TIA
0 Kudos
5 REPLIES 5
MIBA NSD
Advisor

тАО11-18-2005 09:44 AM

тАО11-18-2005 09:44 AM

Re: VLAN Help (2626)

hi tony
do u have the 2 vlans in your network or do u only want to use it on the 2626?
and u have to specify address ranges for the 2 vlans!
is routing turned on on the 5308?
on what port on the core switch is the 2626 connected?

regards peter
0 Kudos
Bruce Campbell_3
Valued Contributor

тАО11-19-2005 11:46 AM

тАО11-19-2005 11:46 AM

Re: VLAN Help (2626)


If I understand what you want to do, you'll need to:

- create 2 vlans on the 2626
- put ports 1-12 untagged on one vlan
- put ports 12-24 untagged on the other vlan
- put port 25 tagged on both vlans
- create same 2 vlans on the 5308, and give each an ip address/mask
- put both vlans tagged on the link to the
2626
- enable routing on the 5308
- apply acls on the 5308 to prevent the
two subnets from talking to each other
- put your clients on ports 1-12 on
one subnet
- put your clients on ports 12-24 on
the other subnet

Now the clients on ports 1-12 can use
the internet etc, and likewise for
ports 12-24, but they cannot talk to
each other, because of the acls on the 5308.

Bruce Campbell
Director, Network Services
Information Systems and Technology
MC 1018
(519)888-4567 x38323
University of Waterloo, Waterloo, ON
0 Kudos
Tony Barrett_2
Frequent Advisor

тАО11-20-2005 08:35 PM

тАО11-20-2005 08:35 PM

Re: VLAN Help (2626)

Cheers for the responses. I only have the DEFAULT_VLAN on the 5308, and don't route internally on that switch. I was really hoping just to be able to create a port-based VLAN on the 2626, and restrict access from there. I didn't really want to have to configure the switch as a basic router as I didn't think it would be necessary.

I guess the solution wasn't as wasy as I hoped it was going to be. I'd already tried setting 1-12 as untagged, 13-24 as untagged and 25 tagged across all. Didn't work at all.

I'll try a few other things and see what I can get working.

Thanks again
0 Kudos
Kell van Daal
Respected Contributor

тАО11-21-2005 10:22 AM

тАО11-21-2005 10:22 AM

Re: VLAN Help (2626)

Hi Tony,

VLAN's aren't meant for that, but luckily the 2600 series support a feature that does just what you want: Source-port filters.
Read all about it in the manual:
ftp://ftp.hp.com/pub/networking/software/59906024-1004-Security-ch10-Traf-Security-Filts.pdf

In short, you have to make filter with the following commands:

2626(config)#filter source-port 1 drop 13-24
2626(config)#filter source-port 2 drop 13-24
.
.
.
2626(config)#filter source-port 12 drop 13-24

and

2626(config)#filter source-port 13 drop 1-12
2626(config)#filter source-port 14 drop 1-12
.
.
.
2626(config)#filter source-port 24 drop 1-12

Hope this helps,

Kell
0 Kudos
Kell van Daal
Respected Contributor

тАО11-21-2005 10:23 AM

тАО11-21-2005 10:23 AM

Re: VLAN Help (2626)

ohh, I forgot.
Make sure all ports are in the same VLAN, en forward that VLAN untagged over port 25 to the 5300xl (assuming default VLAN config on the 5300xl).

Else you will have troubles getting all clients to the 5300xl, where you probably have your server etc.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.