HPE Community
Switches, Hubs, and Modems
1752777 Members
6312 Online
108789 Solutions
New Discussion юеВ

VLAN Routing with ProCurve 2626

 
SOLVED
Go to solution
Ed Posch
Occasional Advisor

тАО03-27-2006 06:31 PM

тАО03-27-2006 06:31 PM

VLAN Routing with ProCurve 2626

I already read a big part of the networking forum here, but still don't get everything.

I have a testing system with a HP ProCurve 2626 switch where I have 3 VLANs. I want to establish VLAN Routing so that VLAN 2 and VLAN 1 can talk with each other and VLAn 3 and VLAN 1 are connected, but VLAN 2 and VLAN 3 shouldn't be able to talk. This is because there are some ressources that both vlans should have access to, but they shouldn't be able to talk to each other. In the first VLAN there are ressources like a RADIUS Server, a DHCP Server,...
Another question I couldn't figure out yet is if it's possible to use just one DHCP Server for these two VLANs that are in different subnets. How can I manage that each subnet/VLAN Computers receive the correct IP-Address?

Hope anyone can help me. I'm desperate.

Ed
0 Kudos
10 REPLIES 10
Matt Hobbs
Honored Contributor

тАО03-27-2006 08:54 PM

тАО03-27-2006 08:54 PM

Re: VLAN Routing with ProCurve 2626

Hi Ed,

There are two options here, you can keep everything in the same VLAN and use the source-port filtering feature of the switch, or you can use multiple VLANs with IP routing enabled BUT you won't be able to prevent VLAN 2 & 3 talking to each other.

To prevent them talking to each other it's best to use Access Control Lists which the 3400/5300 support.

You can also use a combination of source-port filters + VLANs on the 2800, but not the 2600 series unfortunately.

It is possible to use just the one DHCP server for many VLANs. If using Windows DHCP server, create the additional scopes, and on the switch you use the 'ip helper-address' command in each VLAN and point towards the DHCP server.

Matt
Ed Posch
Occasional Advisor

тАО03-27-2006 10:29 PM

тАО03-27-2006 10:29 PM

Re: VLAN Routing with ProCurve 2626

Thanks a lot for your quick answer. Now I know exactly what switches we won't buy for the actual network ;) It's good to have a testing environment first, and now I know that I wasn't too stupid to configure it ;)

Thanks!
Ed
0 Kudos
Manuel Wolfshant
Trusted Contributor

тАО03-28-2006 08:25 PM

тАО03-28-2006 08:25 PM

Re: VLAN Routing with ProCurve 2626

You might wish to perform the routing part on a dedicated computer. I, for one, have a linux box with several NICs, one of which goes to a 2650 (trunk mode). A firewall on the linux box takes care of all allows/dontallows among the VLANs (> 10 of them..). This way I get VLAN-s + routing for less then 600$.

It depends on your needs/requirements.
0 Kudos
Ed Posch
Occasional Advisor

тАО03-29-2006 04:23 PM

тАО03-29-2006 04:23 PM

Re: VLAN Routing with ProCurve 2626

Thanks for your help!

I already thought of something like that, but without trunking so that it would create a bottleneck. Thanks for that idea. How are the ports configured? Which VLAN are they in? I'm using 802.1X for authentication and via the radius server the user is placed on the specific VLAN. Until now I just configured one gateway with 2 nics, one in the first and the other one in the second vlan, and all other machines have to use this gateway. I just can't exactly picture how I can configure it with more vlans and trunked ports.

Thanks for your help!
Ed
0 Kudos
Sergej Gurenko
Trusted Contributor

тАО03-30-2006 04:05 AM

тАО03-30-2006 04:05 AM

Re: VLAN Routing with ProCurve 2626

You can also connect you gateway with only one NIC. Use VLANS (all current server cards support this feature)
0 Kudos
Ed Posch
Occasional Advisor

тАО03-30-2006 06:12 PM

тАО03-30-2006 06:12 PM

Re: VLAN Routing with ProCurve 2626

I just have a stupid workstation with stupid NICs, because it's just a testing system and I don't get any better hardware.

I use a windows system, installed a software firewall and tried to configure the communication of the VLANs, but it seems that the firewall is too stupid to do that correctly. Is it just possible with a linux/unix system or is there any way to make this work on windows? (I know that it would be faster and better on linux, but if I change, I have to set up the whole system again)

Thanks for your help!
Ed
0 Kudos
Manuel Wolfshant
Trusted Contributor

тАО04-08-2006 03:30 PM

тАО04-08-2006 03:30 PM

Re: VLAN Routing with ProCurve 2626

Linux knows about VLANs for years. In Dec 2000 I have installed RedHat 6.2 (+ a patched kernel (at the time support for 802.1q was not a standard option in Linux, it was added a bit later)) on an old HP K6/350 MHz system, with 2 RTL8139 added by me. It worked flawlessly for years; I have replaced it only because I needed to assign more tasks to that box and the disk I/O was veeeeeery slow.

So, just drop in any machine you can spare for tests, install any {modern) linux distro you are familiar with (or you might even start with a liveCD, such as Knoppix) and give it a try. Just remember to activate VLAN capabilities (on RH at least they are included but have to be manually enabled)
0 Kudos
Ed Posch
Occasional Advisor

тАО04-09-2006 09:44 PM

тАО04-09-2006 09:44 PM

Re: VLAN Routing with ProCurve 2626

Thanks for your help!

I now have a machine where I use knoppix just to try it first. it's not the newest version, but the kernel version is 2.6.12, so i figured it's okay to use it ;)
I couldn't find a way to activate VLAN capabilities. I did some research and found out about vconfig, but my system doesn't know this command. How is it possible to activate VLAN when using knoppix?

Thanks again a lot for your help!
Ed
0 Kudos
Manuel Wolfshant
Trusted Contributor

тАО04-09-2006 10:40 PM

тАО04-09-2006 10:40 PM

Solution

Re: VLAN Routing with ProCurve 2626

It seems you are out of luck. Knoppix does not seem to include support for VLANs by default. I have just tested the latest release.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.