- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- VLAN config problem on HP25xx switches
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2004 01:06 AM
тАО11-01-2004 01:06 AM
VLAN config problem on HP25xx switches
I was browsing some threads about multiple VLANs on the 25xx family and read something discouraging about the swtich not being able to handle level 3 traffic. I'm no network engineer, so I hope someone here can help me out.
At our school, we're running Novell with IPX enabled for all the PC's in the administrative offices and the student dorms. On the same switches and architecture we're running several large MAC OS X non-appletalk labs. we also have HP4050 printers, with ethertalk off.
A friend recently told us we're running a flat network which to the best of my understanding everything can arp, ping, and broadcast to each other on our 255.0.0.0 subnet. All machines are either DHCP or static IP in the 10.x.x.x range, including our II400 Nortel gateway, which goes out to our Cisco, and then to the T1.
The main problem we're seeing is very slow network speeds everywhere, especially on the MAC network which uses Workgroup Manager to send user prefs over the network whenever someone logs on in a lab across campus.
I tried to set up a couple Vlans on the test bench, but as someone mentioned in another thread the new vlan, could not get to the internet (in my case, our novell server), while the ports on DEFAULT_VLAN for the MAC OS X network worked fine. I made sure the uplink port (we used 24) was set for both VLANs one tagged one untagged, and the same settings on the other 25xx switch we had set up on the table to simulate a small version of our live network which uses 25's, 4000's and an 8000M.
If in fact we cannot set up VLANs to seperate the Novell IPX and the Mac OS X server chatter, what can we do as far as ABC control, or setting individual port broadcast limits?
right now most ports are set to 0, which as I read allows 100% of that ports bandwith to handle broadcasts. I tried to set that to 30%, but the performance didnt get better.
one thing I noticed which seemed to help is dropping some building to building links to 10baseHalf, but its a shame to do that since we have CAT-6 wiring, which should handle 100FullD, and I just hate to reduce my pipe to 10base. from the mac and novell server to the dorms and labs we have a 1000 fiber backbone from a 8000m to a 4000m.
I hope this is enough detail for you guys to help me make the most of these switches, and to help manage or reduce all that packet traffic on our network.
Thanks!
Walter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2004 12:03 PM
тАО11-01-2004 12:03 PM
Re: VLAN config problem on HP25xx switches
This has absolutely nothing to do with port tagging, which is a different concept.
With port tagging you can use one physical port (be it switch port or router port) to handle multiple VLANs at once. Tagging adds a label to the packets, label which van be then used to identify the VLAN to which each packet belongs. Do not connect a tagged port to an untagged port, this configuration in general will not work, since on one side of the connection you will have tagged packets, while on the other side you are expecting untagged packets.
So, what you should do is:
step 1:
- group computers in VLANs and assign an ID to each VLAN
- create the same VLANs on all interconnected switches (a switch will not pass unkown tags)
- set the cross connect ports to tagged
With this simple setup you should be able to pass packets from VLAN1 on switch A to VLAN1 on switch B and back.
step 2:
make sure that there exists a machine (a router) which can handle the traffic from all the computers. Connect it to one of the switches and make it default gateway for ALL computers.( Beware that if all computers are in the same class, they will always try to communicate directly, not through the gateway, so you will have to do some segmentation and/or add some special routes.)
Having a router should allow you to communicate among VLANs.
Once you have completed step 2, instruct the router to send all trafic not meant for the local computers to the main gateway.. and you are done.
All that remains to do is to give me some points for the answer :)
As a sidenote: linux can handle tagged frames, so a linux router can be connected to a tagged port of the switch. Actually I am using this very configuration for 4 years.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2004 01:50 AM
тАО11-03-2004 01:50 AM
Re: VLAN config problem on HP25xx switches
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2004 11:18 AM
тАО11-03-2004 11:18 AM
Re: VLAN config problem on HP25xx switches
How many hosts are we talking about?
If you buy a router you will probably need one that can handle all three protocols (IP, IPX, Appletalk). I think Cisco calls this Enterprise code and it's not cheap. It must have 100 Full Ethernet ports if it is to do trunking.
As far as VLANs go the switch is not going to magically separate the three protocols into separate VLANS. You would have to do it one port at a time (unless HP has some new tricks since I last browsed their manuals). Not too practical on a Campus environment unless you can have different jacks for each protocol. They do have a neat feature called isolated port groups which might help but I don't remember if your switches support it. It did need the latest firmware.
You might try leaving your trunks at 100 Full and setting the individual ports to 10 half.
I expect a lot of your traffic is caused by worms and spyware. Every student's computer I've ever looked at was crawling with the things. The fact that reducing the broadcast % didn't help much is a sign that it's not broadcast traffic that is causing the problem. An easy way to see what is going on is to simply put Zone Alarm on a computer (http://www.zonelabs.com - there is a free version you can download) and watch what hits the firewall (Alerts and Logs tab). Then you track the culprit back to his home switch by pinging the IP address in Zone Alarm's log and then arp -a to see the MAC that corresponds to the IP address. Run CWShredder and HijackThis on the offending computer and see what is causing the problem.
http://cwshredder.net/bin/CWSInstall.exe
http://209.133.47.12/~merijn/files/HijackThis.exe
Another method is to monitor your traffic at each switch using something like MRTG.
http://mrtg.hdl.com/mrtg.html
I think you also get a free program like TopTools with your switches which will also do something similar but I've never used it.
Snort at http://www.snort.org is another nice program that can be used to analyze your traffic but you will either need to stick in a hub somewhere or use the port monitor featue of the switch.
Your Cisco has a cute feature on it. Say your T1 is S0/0
Conf t
int s0/0
ip acco out
exit
wr me
let it run for a while and then
sh ip acco
will give you a list of source and destination IPs with the number of packets/bytes sent.
If you see one source that is sending out a few packets to a large number of addresses then that source IP is probably infected. sh arp will give you its MAC.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-04-2004 12:33 AM
тАО11-04-2004 12:33 AM
Re: VLAN config problem on HP25xx switches
Regards,
Walter