HPE Community
Switches, Hubs, and Modems
1753863 Members
7765 Online
108809 Solutions
New Discussion юеВ

Re: VLAN configuration

 
SOLVED
Go to solution
Lorenzo Meneguzzi
Advisor

тАО03-09-2004 03:12 AM

тАО03-09-2004 03:12 AM

VLAN configuration

Hi all,
i'm quite new in configuring Switches and I have some "basic" questions about filtering.
If somebody can answer my questions or indicate some good documentation...
My switch is an HP 4104GL and I want to implement some rules on the ports of the switch. For example, a port can communicate with all the other ports except a list of ports, an another port can only communicate with a list of ports...
Is it the purpose of VLANs ?
If yes, what is 802.1 Q VLAN ID ? what is the meaning of port modes (No, Tagged, Untagged, forbid) ?
Thanks for your help.
0 Kudos
3 REPLIES 3
Ron Kinner
Honored Contributor

тАО03-09-2004 06:57 AM

тАО03-09-2004 06:57 AM

Solution

Re: VLAN configuration

Sounds to me like you could use Isolated Port Groups but unfortunately I don't think that feature is offered on your switch.

VLANs will allow ports to only talk to other ports in the same VLAN. Talking between VLANs requires routing (which your 4104 offers with the latest release but which doesn't do any filtering.)

The default VLAN has ID of 1. When you first turn on a switch all ports are in VLAN 1. You can create other VLANs and give them separate ID numbers. ID numbers are just integers from 1 to some limit which I don't remember. Maybe as high as 4096.

After creating a vlan then you assign ports to it and tell it whether they should be tagged or untagged. Unless you are connecting up another switch via a trunk or a VLAN aware server you use untagged and you only put a port in one vlan. Tagged means that you use 802.1Q tagging to add the vlan id to each packet and is used for multiple VLAN traffic. It requires that the other end understands VLANs and is able to sort them out and respond with the correct tags.

vlan 2 name test2
vlan 2 untagged 13-24

(above is for a simple switch. Yours may use a fancier scheme to number the ports. This just creates a VLAN with ID 2 and gives it a name (which is optional) then the second line assigns ports 13 through 24 to VLAN 2)

No just means to remove the command and is used with any command to remove it from the configuration. It is not a mode. Think of it as REMOVE.

Forbid is not something you will need to use until you get into trunking two switches together with GVRP. It just keeps a VLAN from automatically being added to a trunk between two switches.

If you want to do routing between VLANS with your switch then you need to give VLAN1 an IP address. And then you would have to also create a VLAN 2 and assign a second IP address to it. Then you would tell each pc connected on the VLAN1 ports to use the first IP address as its default gateway and the pc's on the VLAN2 ports to use the second IP address as its default gateway. Unfortunately now everyone can talk to everyone again.

Ron




Lorenzo Meneguzzi
Advisor

тАО03-09-2004 09:21 PM

тАО03-09-2004 09:21 PM

Re: VLAN configuration

Thanks Ron for all the useful explanation.
Just a last question : If I create new VLANs, do I need to remove the VLAN 1 or can I modify it ?
Lorenzo.
0 Kudos
Ron Kinner
Honored Contributor

тАО03-10-2004 01:29 AM

тАО03-10-2004 01:29 AM

Re: VLAN configuration

You can modify it. VLAN 1 is normally used for switch maintenance and is also the one VLAN which is not tagged in a trunk.

Ron
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.