- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: VLANs on ProCurve 2848
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-18-2005 01:24 AM
тАО10-18-2005 01:24 AM
VLANs on ProCurve 2848
After reading the documentation on VLANs on the 2848, I want to know if I am correct in assumptions.
Can I take each port of off the default_vlan (i.e. set each port to 'no' in the webmanager)
Put each relevant LAN port on to my LAN_VLAN (i.e. marking each with 'tagged' in the webmanager)
Put each relevant DMZ port on to my DMZ_VLAN (i.e. marking each with 'tagged' in the webmanager)
Where the 506e connects to the switch have both VLANS 'tagged' on that port (i.e. LAN_VLAN and DMZ_VLAN)
Some additional questions I have are:
Does there need to be a untagged VLAN on a port in order for the port to function?
My PIX will have to be setup to support VLANs, does the PIX need to be setup with appropriate VLAN settings prior to this working?
(i.e. should I setup the switch first or second?) (i'd like to get the switch working using VLANs prior to changing the PIX config, is this posible?)
Thanks in advance for your help
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2005 01:28 PM
тАО10-19-2005 01:28 PM
Re: VLANs on ProCurve 2848
ProCurve switches do not require a port to be a member of an untagged VLAN.
Just make sure to add the tagged VLANs before removing the default vlan, otherwise the operation will fail (port orphaned, not member of any VLAN).
You can set the switch up first if you want, as long as you don't expect to be able to talk to the PIX via the switch.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2005 10:07 PM
тАО10-19-2005 10:07 PM
Re: VLANs on ProCurve 2848
The PIX inside interface is the default gateway for all network traffic, so does that mean I do need to have the PIX setup on that VLAN too?
As an experiment I tried setting up 2 PCs (with each other as default gateways), put them both on the same VLAN on the switch (tagged) and then took them off the DEFAULT_VLAN..... and they could not communicate, THEN, i made the VLAN tagged on both ports, and they communicated OK.
I don't understand why they needed to be tagged, then again, I don't suppose it matters too much as long as then are communicating on the same VLAN, what do you think folks?
Thanks in advance
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-23-2005 04:13 PM
тАО10-23-2005 04:13 PM
Re: VLANs on ProCurve 2848
the rules are as follow:-
1) if a port is a member of only 1 vlan, the port can be tagged or untagged
2) if the port is a member of multiple vlans, then the port can be untagged only on 1 vlan.
consider these valid configurations:-
1) port1 - tagged on vlan1
2) port2 - untagged on vlan1
3) port3 - tagged on vlan1 and vlan2
4) port4 - tagged on vlan1 but untagged on vlan2
the switch will reject your configuration if you attempt to put a port untagged on more than 1 vlan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-23-2005 04:18 PM
тАО10-23-2005 04:18 PM
Re: VLANs on ProCurve 2848
i don't work with PIXes but cisco language is different from HP. it sounds like to me that you're trying to trunk the "inside interface" of the 506e and make it carry 2 vlans.
on the cisco side, remember to use dot1q and define a native vlan. the native vlan will be untagged, the other will be tagged.
make sure that your procurve (which supports only dot1q) is configured identical.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-23-2005 10:10 PM
тАО10-23-2005 10:10 PM
Re: VLANs on ProCurve 2848
You are right in your assumption that I am creating a trunk on the inside interface of the Cisco PIX 506e, and make it carry 2 VLANs.
One thing I am still not sure of is,
do I need to have a native vlan set on the PIX? and do I need a native vlan on the ProCurve 2848.
I was planning to have both VLANs tagged on the port the PIX connects to,
then have all the LAN-VLAN (ID=2)ports as 'untagged'
and, have all the DMZ-VLAN (ID=3) ports as 'untagged' aswell.
Would this still be okay?
As a seperate question, I also want traffic to be able to flow from the DMZ-VLAN and the LAN-VLAN. I have heard the PIX does not make a brilliant router, and it may be possible to do some routing on the Procurve 2848, do you know if this is possible? a good idea?
Many thanks!
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-24-2005 07:44 AM
тАО10-24-2005 07:44 AM
Re: VLANs on ProCurve 2848
on the procurve side, having a port untagged on 2 vlans is unacceptable configuration. the switch will reject that configuration.
if you use your procurve as the vlan router, then the traffic wouldn't be inspected by the pix. is that what you want?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-24-2005 09:32 PM
тАО10-24-2005 09:32 PM
Re: VLANs on ProCurve 2848
port 1-4 VLAN3 'untagged' (this is the DMZ)
port 5 VLAN2 'tagged' and VLAN3 'tagged' (this is the trunk connection to the PIX 506e)
port 6-48 VLAN2 'untagged' (this is the LAN)
Would this work ? (assuming the PIX is setup with 2 VLANS with ID 2 & 3 on it's inside interface)
Do I need to stipulate a native VLAN on the PIX?
As for routing the traffic between VLAN's I am just investigating my options. How much control do you have on routing between VLANs when using the switch?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2005 04:49 AM
тАО10-25-2005 04:49 AM
Re: VLANs on ProCurve 2848
i'm not sure if the cisco side requires a native to be defined but if it does, you can say vlan 1 is native and then both vlan 2 and vlan 3 will get tagged.
for your servers in the dmz, you'll need to point to your pix as your router because you want to enforce policies for sessions originating from your dmz going into your lan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-31-2005 03:56 AM
тАО10-31-2005 03:56 AM
Re: VLANs on ProCurve 2848
When you say
'on the cisco side make sure that neither vlan 2 or vlan 3 is native'
what do you mean by native?
thanks again
John