Switches, Hubs, and Modems
1748169 Members
4253 Online
108758 Solutions
New Discussion

spanning tree through 219 vlans

 
SOLVED
Go to solution
Brian Stidsen
Occasional Contributor

spanning tree through 219 vlans

Scenario:
* 219 rooms in a student dorm, each with one inhabitant and her random devices requiring internet access.
* Each room must be identifiable, preferably through ip address. The reason is that legislation here demands logging of packages and these must be traceable.
* 221 vlans in separate subnets and a single dhcp server serving adresses to all vlans. (perhaps see other thread here: http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1291469)
* Dhcp server and internet router is the same machine, 192.168.1.11 (config attached)

Hardware:
1 x 3500yl, located in server room
5 x 2650, one on each floor, ~44 rooms on each floor.

I would like to configure dhcp-snooping and arp-protection (vs rogue dhcp servers and to ensure that residents are unable to set ip's manually), virus throttling (it is a student dorm but not sure about ressource usage) and multiple spanning tree (mstp). I am mainly unsure about the last one but if you spot something wrong or have objections regarding ressource waste or optimization then please don't hesitate to comment.

The multiple spanning tree protocol stipulates that all vlans must must be configured on each switch in the mstp instance. Since only 44 vlans (out of the total 221) are configured on each 2650 should I then make six mstp instances, that is one for each of the switches?

Also considering not bothering with the mstp's and maybe use some loop protection as the network topology is small and somewhat transparent but unsure who is going to maintain the network in the future.

Any and all input and hints on where to look are very welcome! The more detail, the better - I am noobish..
1 REPLY 1
cenk sasmaztin
Honored Contributor
Solution

Re: spanning tree through 219 vlans

hi Brian your dhcp snooping and arp protech config true

dhcp-snooping
dhcp-snooping authorized-server 192.168.1.11
dhcp-snooping vlan 1-221


arp-protect
arp-protect trust 11-24
arp-protect vlan 2-221

for mstp my comment

not need your system mstp config

because in order that need mstp config you can use mutiple path between switch

but you use one uplink path between switches

your need single spanning tree config for prevent loop occur on network

my other advice:

your network for students internet connection

you want make full securtiy and control on network must be use

pcm+ and NIM

http://www.hp.com/rnd/products/management/ProCurve_Manager_Plus/overview.htm

http://www.hp.com/rnd/products/management/ProCurve_Network_Immunity_Manager_1.0/overview.htm

cenk