Comware Based
1748159 Members
4076 Online
108758 Solutions
New Discussion

Re: creating vlans on a 5700 switch

 
SOLVED
Go to solution
EAPH
Occasional Contributor

creating vlans on a 5700 switch

not a switch expert here. I would like some clarifications on the procedure to create vlans on a single HP switch 5700.

Our 3 linux servers have two NICs. each nic is 10GBe. and run virtualization software.

at the linux OS level We created one interface on each server with 10.10.10.2 / 10.10.10.3 / 10.10.10.4 and this is for NFS traffic only. No DNS and no gateway. the interface has VLAN ID of 100 (enp3s0f0.100) this vlan will only exist on this switch.

We used the remaining interface on each server to create a 192..168.0.2 / .3 / .4 with .1 as gateway this is for virtual machines traffic.. The interface has vlan ID of 200 (enp3s0f01.200)

the virtual machines will have virtual interfaces belonging to different subnets (250,260,270,etc)

Reading the documentation (http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/5700/5998-5587r_l2-lan_cg/content/index.htm)

It seems I need to create a trunk port. but since the examples always assume that the computer attached to the port is NOT tagging with a vlan....well...it makes difficult to understand.

If on the linux side we are tagging with multiple VLANS on multiple virtual interfaces assigned to same physical interface, then that physical interface connected to the 5700 should be trunk or hybrid?

it will be 3 ports on vlan 200 and 3 ports on vlan 100 initially.

Thanks in advance for any configuration example.

6 REPLIES 6
parnassus
Honored Contributor
Solution

Re: creating vlans on a 5700 switch

Cheers, to understand various VLAN port types on Comware based (A-Series in the old HP jargon) switches have a look at this support document.

Supposing you don't need any Untagged VLAN (Default Port VLAN Id is 1) between each of your Servers' port and you Switch's ports (because you are going to carry only tagged traffic between you Switch and your three Servers, VLAN 100 and VLAN 200 are tagged Server logical ports side so egress traffic is going to be sent tagged, respectively, on VLAN 100 or VLAN 200) then you just need a port running in VLAN mode of type trunk [*] (that's the A-Series jargon to say a port that carries multiple tagged VLANs and one Native Untagged VLAN)...supposing, for one server, you are going to use the Ten Gigabit Interface 1/0/1 (or whatever else you need):

 

interface ten-gigabit 1/0/1
port link-type trunk
port trunk pvid vlan 999 <--- Defines the new Native VLAN for the port: we use the VLAN 999 in our scenario because it is unused (YMMV).
undo port trunk permit vlan 1 <-- We remove VLAN 1.
port trunk permit 100 200

 

Use display vlan to see results.

[*] Note about A-Series Trunk Port mode:

Trunk ports:
• Carry multiple VLANs on a single physical link
• VLANs are 802.1Q tagged
• The native VLAN is untagged

 


I'm not an HPE Employee
Kudos and Accepted Solution banner
EAPH
Occasional Contributor

Re: creating vlans on a 5700 switch

@parnassus thanks for the tip. good article and helped to understand more the concept of hybrid ports.

I read a bit more and ended up with this config:

interface Ten-GigabitEthernet1/0/3 (and /4 and /5)
port link-type access
port link-type trunk
port trunk permit vlan 1 100 150
port trunk pvid vlan 100
quit

interface Ten-GigabitEthernet1/0/6 (and /7 and /8)
port link-type access
port link-type trunk
port trunk permit vlan 1 200 250 260 270 280
port trunk pvid vlan 200
quit

Questions:

Do I need to include the vlan 1 in my "port trunk permit vlan" definition? I think I should not since I am not doing any thing with the default vlan.

Since it was such a mess to predefine the virtual interfaces in linux and it was taking too much time, i did  "port trunk pvid vlan 100" so I dont need to tag my interfaces at the host, but at the same time did the "permit vlan 100" so my traffic wont be blocked (Am I right on this?)

At the end, the physical interfaces are NOT tagged, servers communicate with each other and the other vlans work as expected.

thanks again for your help.

parnassus
Honored Contributor

Re: creating vlans on a 5700 switch

Hi,

but these two commands:

port link-type access
port link-type trunk

are conflicting each other...and the latter (port link-type trunk) - if executed/evaluated after the first one (port link-type access) - will win.

If you aren't going to use VLAN 1 you can safely ignore it and you can omit VLAN Id 1 on port trunk permit vlan <vlanids> commands.


I'm not an HPE Employee
Kudos and Accepted Solution banner
EAPH
Occasional Contributor

Re: creating vlans on a 5700 switch

sorry @parnassus didnt meant to cause confusion.

According to the manual, when you change from hybird to trunk or viceversa, you must change to access first.

So, because I was using a script to push the config to the switch, I made sure the port setting will not fail on my script.

but thanks for pointing it out!!!

parnassus
Honored Contributor

Re: creating vlans on a 5700 switch

Oh...better if you post your Switch running configuration than your script commands!


I'm not an HPE Employee
Kudos and Accepted Solution banner
VoIP-Buddy
HPE Pro

Re: creating vlans on a 5700 switch

The other thing that is really important is that for ports that are connected to PC's, Printers, VoIP phones, etc. that can go up and down a lot to set them as Edged Ports in Spanning-Tree. 

When you are defining port characteristics, stp edged-port enable.  That will make sure that Spanning Treee doesn't send out an update every time the port goes down and up again.  When that happens, the switch needs to remove all entries in the MAC and ARP tables as the entries for the port are now invalid.  They then must be re-learned when the port comes up again.

Regards, David

I work for HPE in Aruba Technical Support