Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN help please

SOLVED
Go to solution
stevefar
Occasional Advisor

VLAN help please

Hi all, I have some questions

We have a HP Procurve 4208vl switch at the core of the network that connects to other HP Procurve switches (at the moment 10 switches with around 24 clients on each) in various locations around the site.

I would like to segregate several switches (rooms of computers) from others on the network and I was thinking of using VLANS to do so, all the computers need to connect back to the main servers just not talk to each other.

Having a quick look at the manuals I think the following steps are correct!!

Create 10 VLANs, each VLAN would connect to a remote switch (I’m pretty sure this is easy to do)

I would need to turn on DHCP relay on the Procurve 4208 switch so that the VLANS could forward DHCP request from clients to server

Each VLAN would I need to have a default gateway and IP address for example
VLAN20-gateway = 192.168.1.1 ip =192.168.1.2, clients could use ip addresses given via DHCP (192.168.1.3 to 192.168.1.254)

VLAN21- gateway =192.168.2.1 ip =192.168.2.2
VLAN22- gateway =192.168.3.1 ip =192.168.3.2
And so on……

We use Windows 2003 Server (DHCP) at the moment could I create a DHCP scope and have the appropriate ip addresses given to the corresponding VLANS?
i.e. a scope from 192.168.0.100 to 192.168.10.254 ???

I think that’s all I need to do or have I got it all wrong :)

Thanks all the same
8 REPLIES
Matt Hobbs
Honored Contributor
Solution

Re: VLAN help please

You're pretty much spot on there.

1. Enable 'ip routing' on the 4200.
2. Create the VLANs, give them each an IP address which will be the default gateway of the hosts.
3. Set your 'ip helper-address' in the VLANs to point to your DHCP server.
4. Create the scopes.

DHCP relay is already enabled, you just need to set the helper-address.

The 4208vl only need to have the one IP address per VLAN, so for your scope you could use the addresses from 2 through to 254.

VLANs will isolate layer-2 (switched) traffic, the hosts will still be able to communicate with everything via layer-3 (routed). Generally to limit layer-3 connectivity you need support for Access Control lists (from memory the 4208vl does not support this).

An slightly cruder alternative to ACLs would be to use source-port filtering which the 4208vl does support. This feature can prevent hosts on one port, from talking to hosts on another port. You could do this with or without configuring VLANs.
stevefar
Occasional Advisor

Re: VLAN help please

Thanks for that, when its all setup will DHCP allocate addresses based on the IP address given to the VLAN, i.e VLAN20 has IP address 192.168.1.2 so only the IP addresses in the range of 192.168.2.XXX will go to that VLAN and the clients connected to that VLAN will have that range?

thanks again

steve
Matt Hobbs
Honored Contributor

Re: VLAN help please

Yes, the 'ip helper-address' inserts a field into the DHCP packet when forwarding it to the DHCP server so it knows which VLAN it is from and which address range it should assign.
stevefar
Occasional Advisor

Re: VLAN help please

Hi i set up the vlan,gave it an ip address and enabled routing,on the procurve 4208 how do i set up ip helper address (or is that the ip address given to the vlan)??

thanks

steve
Mohieddin Kharnoub
Honored Contributor

Re: VLAN help please

Hi

The IP Helper has to be entered in the Vlan:

Switch(config)#vlan 2
Switch(Vlan-2)#ip helper-address a.b.c.d

And this has to be done on the routing switch, which on your case the 4200


Good Luck !!!
Science for Everyone
stevefar
Occasional Advisor

Re: VLAN help please

Hi all, still having some problems, these are the steps I have done.

Windows 2003 server (DHCP, IP address 192.168.0.12 mask 255.255.252.0) with 2 DHCP scopes
Scipe1-192.168.0.100-192.168.2.100 subnet mask 255.255.252.0 (for default VLAN)
Scope2-192.168.7.10-192.168.7.250 subnet mask 255.255.255.0 (for VLAN20)

Setup a VLAN as VLAN20 on ports B14 to B16 on procurve 4208vl with IP address 192.168.7.1 mask 255.255.255.0 set the ip helper-address as 192.168.0.12 (DHCP server)

I left default VLAN 1 on the procurve with IP address 192.168.0.110 mask 255.255.252.0 (so I donâ t lose connection to other switches/computers on the network)

Now I thought when I plugged a computer in to a port on VLAN20 (B14 to B16) I would get an IP address from the DHCP server in the range of 192.168.7.X mask 255.255.255.0, but i dont get anything....

The only thing that I think might be messing things up is the LAN card on the DHCP server, do I need to add an IP address/subnet mask in the 192.168.7.x range (in the TCP/IP Advanced setting) so that the VLAN20 (192.168.7.1 mask 255.255.255.0)






Mohieddin Kharnoub
Honored Contributor

Re: VLAN help please

Hi

All what you have done is correct, and you don't have to add a secondary IP for the DHCP server.

If you check that your DHCP server is connected to untagged port to Vlan1
And you have added the Helper address in Vlan20, then

I need you to check 2 things:

1- In your DHCP scopes, in Scope1, you should add a router parameter: 192.168.0.110
and in Scope2, router parameter: 192.168.7.1

2- Try to assign a static IP for a PC plugged in untagged port to Vlan20 (B14 to B16):
IP 192.168.7.10
Mask: 255.255.255.0
Gateway: 192.168.7.1

And from the PC try to ping your gateway, then Vlan1 IP: 192.168.0.110, then the DHCP server and you should be able to otherwise you have to investigate why.

Good Luck !!!
Science for Everyone
stevefar
Occasional Advisor

Re: VLAN help please

still no luck, have setup a computer with static ip address 192.168.7.10 255.255.255.0 and can ping 192.168.7.1 and 192.168.0.110 (default vlan ip address), looks like DHCP is not geting to the VLAN and data from the VLAN only gets as far as VLAN 1 and is not allowed any further, with VLAN 1 being the default VLAN for the switch should i need to turn on routing for that?(DHCP works fine on this VLAN)

thanks

Steve