- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: new vlan setup questions?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-15-2006 08:32 AM
тАО11-15-2006 08:32 AM
new vlan setup questions?
Our network consists of 1 netscreen25. 3 HP Procurve 2650's, 1 Procurve 2650-PWR, and 1 HP Procurve 4000M. All the switches are stacked, but they also have their own IP as a backup for access. They are all connected in series using ports 49 & 50. The 4000M has 1 gigabit card and it is at the end of the series.
Currently, there is 1 vlan , the default_vlan, setup on all the switches and all the ports are part of it.
Our goal is to have a guest/public vlan separate from our network. In other words, we have a bunch of ports that we want for visitors to be able to plug in and surf the internet, without accessing any resources on our private lan.
I've been trying to do some reading on these forums and other places to get info, but I seem to just end up with more questions.
one of my questions is what would be easier, port based 802.1q vlans or 802.1x using radius (microsoft ias)? The ports that we want on the public vlan are in a conference room and training area, so we will almost never have to change them back to a private vlan.
also, we have a win2k3 dhcp server. In order to hand out ip addresses to the public vlan, if i understand right, i have to use the ip helper-address. do i need routing enabled? what else do i need enabled? does routing have to be enabled on all the switches or just the one with the internet connection? we would like to use 1 internet connection for both vlans if possible.
If anyone can give me some insight on how to go about this and any caveats that i may need to watch out for i would greatly appreciate it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-15-2006 03:47 PM
тАО11-15-2006 03:47 PM
Re: new vlan setup questions?
- For Authentication part, i don;t think the 4000 supports 802.1x protocol, even its a very professional solution.
- For the DHCP, you just need the IP helper-address.
- I suggest routing to be enabled only on the switch that has DHCP server connected and internet.
- From my point, i suggest this solution:
1- Create another Vlan on all switches.
2- Enable routing on the 2600 switch.
3- Add default route to the NetScreen25.
4- Add IP helper-address for this new Vlan after creating a Scope for it.
5- Control Guest traffic by the NetScreen25, by adding a new Policy for their traffic, and control the authentication (you can make it WEB Based and create some local accounts or integrate with the RADIUS in Microsoft IAS).
** Note: you can do the routing on the Netscreen25 as well but i won't recommend that, just keep every busy with what he designed to do.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2006 09:02 AM
тАО11-16-2006 09:02 AM
Re: new vlan setup questions?
We are going to try and set this up this weekend so we'll see how far we get. Unfortunately, we don't have a test/lab to play with so hopefully we won't break too much.
Here is what I├в m understanding so far.
Switch 1 - Vlan 1 (primary)
enable routing - when i do this i will have to change the gateway on to be the switch IP, correct?
Port 1 will be our internet port, that will belong to vlan1 and should it be tagged for vlan2?
does the dhcp server port need to be tagged? Or does the server NIC need to be vlan aware in order to function properly as the helper-address?
when i setup the vlans on each switch, do i need to give them all an IP address?
thanks again for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-20-2006 05:48 AM
тАО11-20-2006 05:48 AM
Re: new vlan setup questions?
ip routing
vlan 1
name "VLAN20"
untagged 1-34,36-50
ip address 192.168.20.37 255.255.255.0
ip helper-address 192.168.20.9
no untagged 35
vlan 2
name "VLAN24"
untagged 35
ip address 192.168.24.37 255.255.254.0
ip helper-address 192.168.20.9
tagged 25,49-50
Here is how we have our main switch configured? I'm having problems getting DHCP to work. haven't gotten to surfing yet?
Port 35 is a client on vlan 2 (guest).
Port 49-50 are the uplinks to other switches.
Routing is enabled but i have not added any routes yet? Not sure what i need to route for DHCP to work? On this switch i have also enabled DHCP-Relay option 82 append. Not sure if this was needed?
On the DHCP server (Win2k3) I have created a Superscope. Our internal scope (192.168.20.0/24) is not part of the superscope, the 192.168.24.0/23 is in the superscope. I have also added an IP for the guest vlan on the DHCP server nic. so now the server has 192.168.20.9 and 192.168.24.9. The server is on port 25 and it is in Vlan1 and tagged on vlan2.
after doing all this, i can't get a client on vlan 2 to pull DHCP. If a client is on vlan 1 it works fine. The vlans appear to be working because i can put other ports on vlan 2 and talk between computers on vlan 2 but vlan 2 can't talk to vlan 1 which is what we wanted.
Any help on getting DHCP working would be greatly appreciated.
Once that is figured out then i can move on to getting VLan2 to surf the internet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-20-2006 02:36 PM
тАО11-20-2006 02:36 PM
Re: new vlan setup questions?
Do the following:
- Remove the tag from port 25 (DHCP server) to port Vlan2, just leave the port untagged to Vlan1.
- Check the scope of Vlan2 ( 192.168.24.0/23) and add router option is your vlan1 IP address, 192.168.20.37.
- Assign a static IP for the client like:
IP 192.168.24.38 , Subnet 255.255.254.0
gateway 192.168.24.37 ,
then test connectivity:
- ping Vlan1 IP, Vlan2 IP and the DHCP server IP address.
Now i don't think you really need the DHCP rely inserted in your configuration, DHCP requests will be sent to the IP helper address that you already configured on both Vlans.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-21-2006 03:15 AM
тАО11-21-2006 03:15 AM
Re: new vlan setup questions?
If I assigned a static ip on the client on vlan 2 with the suggested ip/gateway. I can't ping the vlan1 gateway. If i assign the gateway on the client to be the vlan2 ip (192.168.24.37) then i can ping the Vlan1 gateway but not the DHCP server (192.168.20.9)
I tried configuring vlan1 as the gateway for the dhcp server that didn't help any.
Right now all vlan1 servers are configured for the Firwall gateway (192.168.20.1)
Do i need to configure something after turning Routing on in the switch? I noticed that the optoin for a default gateway in the menu goes away after turning on routing?