HPE Community
Web and Unmanaged
1751866 Members
5447 Online
108782 Solutions
New Discussion

Re: Switches, VLANs and Configuration

 
Playmobit
Frequent Visitor

‎07-02-2018 04:39 AM - edited ‎07-03-2018 05:06 AM

‎07-02-2018 04:39 AM - edited ‎07-03-2018 05:06 AM

Switches, VLANs and Configuration

Dear all,
I would like your suggestions on a network setup as I am fairly new to networking, we are about to upgrade the setup and I am going to take a deep dive into networks.
The new equipment includes HPE 3810 core switches and HPE 1950 48Port PoE+ as access switches. We are also planning to go to IP Phone solution so trunking is necessary for the ports that we be for workstations and ip phones.
The problem here is that users need to have access to Database/SQL servers via RDC so enabling IP routing for vlans communication without ACL (in the beginning) is, in my opinion, the only way to make the transition a bit smoother.

We currently have a 192.168.x.x/24 network and the new network will be something like:
IT: vlan2 - 10.10.2.0/22
Workstations: vlan10 - 10.10.10.0/22
Machines (industrial-engineering company): vlan20 - 10.10.20.0/22
WiFi: vlan30 - 10.10.30.0/22
Voice: vlan40 - 10.10.40.0/22

The configuration that a partner suggested for the HPE 1910 switches is:

Port 1 untagged vlan 2
port 2-48 untagged vlan 1 (Vlan1 configured with loopback address – no access)
port Trk1 untagged vlan 2, tagged 10,20,30,40
port 49-52 Trk1 LACP

Having every unused port disabled isn’t much better than leaving it active with no access?
I also don’t get why vlan2 (IT Mgmt) need to be untagged at port Trk1, having every vlan tagged isn’t best practice? So the port Trk1 can be set with all the vlans tagged?
Layer 2 switches will be used, at least 1 or 2 so I think tagging every vlan is essential, am I right?
I would like to have your opinion on all that and which configuration would you suggest for the vlans and the switches?


Thank you!

0 Kudos
9 REPLIES 9
HP-Browniee
Respected Contributor

‎07-03-2018 01:26 AM

‎07-03-2018 01:26 AM

Re: Switches, VLANs and Configuration

Hello

You can choose how you configure the vlans on your uplink. If you prefer tagging all the vlans you can do that, just make sure you configure it the same way on both sides of the uplink.

The reason for an untgged vlan on an uplink is to have a default vlan on that port. If the uplink port receives untagged packets he will put them in the untagged vlan (pvid). If the untagged vlan is not configured, the uplink port will just drop the packets and they will be lost.

The most important thing is, that the configuration on both ports of the uplink are the same.

Note: You are working with 2 different switch types. The 3810 is an procurve/aruba device and the 1910 is an comware device.  So you will have a different software, CLI, WebGUI,...

 

 

0 Kudos
Playmobit
Frequent Visitor

‎07-03-2018 05:06 AM - edited ‎07-03-2018 05:07 AM

‎07-03-2018 05:06 AM - edited ‎07-03-2018 05:07 AM

Re: Switches, VLANs and Configuration

I made a mistake, the access switches are HPE 1950 48p PoE+.

The reason for an untgged vlan on an uplink is to have a default vlan on that port. If the uplink port receives untagged packets he will put them in the untagged vlan (pvid). If the untagged vlan is not configured, the uplink port will just drop the packets and they will be lost.

From which devices could the uplink receive untagged packets?

What would you recommend and what is the best practice? The vlan2 to be untagged as the switches belongs to vlan2 (IT Mgmt)?

In case of using some Layer 2 switches apart from vlanc communication which is not possible will I face any problem if vlan2 is untagged?

Both sides on the uplink will have the same configuration for sure.

 

Thank you for the answer!

0 Kudos
HP-Browniee
Respected Contributor

‎07-03-2018 05:28 AM

‎07-03-2018 05:28 AM

Re: Switches, VLANs and Configuration

If you connect a switch that does not support tagging to an uplink port without an untagged vlan(pvid) for example. You will not be able to communicate.

But if you keep that in mind, and as you said you always configure your ports the same way on both sides, you will never have a problem.

It is up to you what you want as the untagged vlan, you can use the mgmt vlan if you want. Just now that it will be the default vlan on that interface, so all nontagged packets that the port receives will be put in that vlan.  You can also create a new vlan for this(blackhole)  if you dont want to use an existing vlan. It doesn't matter really.

I don't undersand you last question very well, but you will never have a problem in both cases. untagged or tagged.

 

0 Kudos
Playmobit
Frequent Visitor

‎07-04-2018 06:00 AM - edited ‎07-04-2018 07:14 AM

‎07-04-2018 06:00 AM - edited ‎07-04-2018 07:14 AM

Re: Switches, VLANs and Configuration

In case I connect an unmanaged switch that is unaware of vlans and does not support vlan tagging, like "D-Link DGS-1008P",  will automatically connect to VLAN2 (if I set this vlan as untagged)or it will take an IP from the range of the tagged vlan which is assigned on the port?

Which devices might not support tagging and so they will send untagged packets?

Which vlan will you suggest to set as untagged on the uplink trunk port?

Thank you again!

0 Kudos
HP-Browniee
Respected Contributor

‎07-05-2018 03:34 AM

‎07-05-2018 03:34 AM

Re: Switches, VLANs and Configuration

In case I connect an unmanaged switch that is unaware of vlans and does not support vlan tagging, like "D-Link DGS-1008P",  will automatically connect to VLAN2 (if I set this vlan as untagged)or it will take an IP from the range of the tagged vlan which is assigned on the port?

It will never get an ip because it is unmanageble, and it be be put in vlan 2 ( the untagged vlan)

Which devices might not support tagging and so they will send untagged packets?

an unmanaged switch for example ;)

Which vlan will you suggest to set as untagged on the uplink trunk port?

In many cases it always stays in the default vlan 1. But in more secure environments you can create an other vlan. It really doensn't matter really.

 

0 Kudos
Playmobit
Frequent Visitor

‎07-05-2018 07:07 AM

‎07-05-2018 07:07 AM

Re: Switches, VLANs and Configuration

I have read that the traffic the exits an access port (with a vlan assigned on it) of a managed switches is stripped of vlan tags and becomes regular ethernet traffic. When regular ethernet traffic enters the access port it is getting tagged inside the switch and continues the trip. So, according to this if an unmanaged switch is connected to an access port everything will work just fine. (We are not talking about trunk ports etc!)

Do you think that this is incorrect?

About the untagged vlan what do you think is the best practice?

I am thinking of tagging every vlan but if I haven't set an untagged vlan then the untagged traffic will be lost, right?

like port trk1 tagged vlan2,10,20...

0 Kudos
HP-Browniee
Respected Contributor

‎07-05-2018 07:18 AM

‎07-05-2018 07:18 AM

Re: Switches, VLANs and Configuration

I have read that the traffic the exits an access port (with a vlan assigned on it) of a managed switches is stripped of vlan tags and becomes regular ethernet traffic. When regular ethernet traffic enters the access port it is getting tagged inside the switch and continues the trip. So, according to this if an unmanaged switch is connected to an access port everything will work just fine. (We are not talking about trunk ports etc!)

Yes this is correct.

Like i also said before, you can perfectly configure your trunk ports without an untagged vlan. If you configure them the same way on both sides of the uplink you will never have a problem.  Just know if you don't have a untagged vlan  configured eveything you connect on that port who doesn't support tagging vlans will not be able to connect and all the packets will be dropped.

So if you understand that, you will never have a problem. It is just a matter of not connecting the rong things on the rong ports.

 

 

 

Vince-Whirlwind
Honored Contributor

‎07-11-2018 05:32 PM

‎07-11-2018 05:32 PM

Re: Switches, VLANs and Configuration

Between two managed switches, best practice is to tag all VLANs.

If you have an unmanaged switch, then whichever is the untagged VLAN on the managed switchport you patch it to is the VLAN that unamanaged switch's hosts will all belong to.

Playmobit
Frequent Visitor

‎07-12-2018 12:47 AM

‎07-12-2018 12:47 AM

Re: Switches, VLANs and Configuration

I think that I will leave vlan2 untagged so it can be set as primary/native vlan of the switches.

Yes, correct, I will have the port that the unmanaged switch will be connected to to be untagged to the vlan that I need to have access to.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.