HPE Community
Switches, Hubs, and Modems
1753845 Members
7736 Online
108806 Solutions
New Discussion

VLAN security and routing scenario on 1810G-24

 
StefanVH
New Member

‎05-25-2012 04:01 AM

‎05-25-2012 04:01 AM

VLAN security and routing scenario on 1810G-24

Hi,

 

I'm considering using the HP ProCurve 1810G-24 for my network. However, I have a need to create a separation between two groups of computers attached to this switch.

 

A router/modem with DHCP is attached and handle the traffic in/out of the office.

 

If I understand the documentation for the switch correctly, I must create two VLANs, e.g VLAN 2 and VLAN 3. I plug the router/modem into port 1 on the router, and set up port 1 on VLAN 1.

 

Then I setup port 2-9 on VLAN 2, and select Exclude All on all other ports except port 1 for this VLAN. Correct?

Similarly I setup port 10-24 on VLAN 3, and select Exclude All on all other ports except port 1 for this VLAN. Correct?

 

Since the DHCP server is responsible for giving out IP addresses, all computers connected to the switch will get an IP address in the same subnet, e.g. 192.168.1.x. Will computers in one VLAN be able to communicate with computers on a different VLAN? If i understand the setup correctly, traffic going OUT from VLAN 2, will be tagged with this VLAN id, and when reaching the port to the other VLAN, it will be stopped (excluded) since this was the setup in VLAN 2. This will also happen if the traffic is routed through VLAN 1 (the router)?

 

I hope I made myself understood. I wish to create two networks using one switch, where there is no access between the networks but they share a broadband connection.

0 Kudos
1 REPLY 1
Arimo
Respected Contributor

‎05-25-2012 07:46 AM

‎05-25-2012 07:46 AM

Re: VLAN security and routing scenario on 1810G-24

Hi

 

I'm not sure if this is going to work. It depends largely on your router/modem.

 

First of all, check the specifications. If specs do not mention IEEE 802.1Q, you can forget it. This is the spec for VLANs, so if your router doesn't support it there's nothing you can do. You have to be able to create 2 VLANs on the router as well, and configure IP addresses to both.

 

VLANs should be on different subnets. So you'd also need a DHCP server that can have 2 scopes. If your router is also the DHCP server, I doubt that's going to happen.

 

Assuming you have a router that does support VLANs and can arrange for 2 DHCP scopes, you'd do the following:

 

1. Connect the modem to port 1 (I'm old-fashioned... usually uplinks in high ports :-)

2. Create VLAN 2 (you already have VLAN 1)

3. Configure IP addresses for both VLANs, one in each subnet - these you will configure as default gateways of your PCs

4. Configure ports 2-9 as untagged memebers of VLAN 1

5. configure ports 10-24 as untagged members of VLAN 2

6. Configure port 1 as tagged member of both VLANs

 

At this point you should have connectivity. However now we've introduced routing into the picture, so now the router will be routing traffic between the subnet. So as the last step you need to configure Access Control List, which prevens traffic between VLANs 1 and 2.

 


HTH,

Arimo
HPE Networking Engineer
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.