HPE GreenLake Administration
- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- vlans sharing broadband connection
Comware Based
1826616
Members
3237
Online
109695
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2009 03:51 PM
09-18-2009 03:51 PM
vlans sharing broadband connection
we have a problem configuring vlans on baseline switch 3CBLSG16 (2916-SFP Plus). We want to define 2 vlans that can share an internet conenction but separated eachother. that means that both departments should share internet but should not share any other information. we tried to do that creating 2 vlans with a common port for the internet router. One of the vlans with tagged ports and the other with untagged ports. this do not work. can you help us.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2009 02:47 PM
09-21-2009 02:47 PM
Re: vlans sharing broadband connection
For this to work the Broadband device you are connecting the Baseline swith to needs to be configurable by you (not owned by service provider) and also support VLAN's and understand tagging.
So the answer is the following. If you are sending 2 VLAN's over the same port to your Broadaband device. The Baseline switch is adding bytes with an ID number in it based that VLAN's ID number. The Broadband device is probably going to drop those packets since it does not know what to do with them. When the broadband device sends packets to the Baseline they are more than likely being sent without those extra bytes which the baseline switch will then send out on the "Default" VLAN
To understand more read on
The VLAN that comes on the switch from factory is usually called the "Default" VLAN. Then as you add new VLAN's each one gets an ID number so only when the switch sends a packet down a link with 2 or more VLAN's on it. The switch will add bytes to the packets with that number in them.
On any given port you can have 1 and only 1 VLAN that the switch does not add the extra bytes to. Thats called the "un tagged" vlan for that port. All the other VLAN's on the same physical port must have bytes added to each packet with an ID number. These are the "Taggged" VLAN's for that port.
Here is where it gets ticky. Switches and Ports obviously both send and receive packets.
So first lets talk about what happens when a Switch receives (ingress) a "Tagged" packet on a particular port. It first looks to see if the packet has extra bytes in it. If it does then it looks at the ID number in those bytes. It does a lookup to see if it matches the ID number of a VLAN ID number it was configured for lets call it VLAN Green. If there is a match, it then looks up the list of ports the have that Green VLAN on them and then sends the packet out (egress). This also holds true for a packet it received without these extra bytes.
Now lets look at what happens when a switch now needs to sends a packet it received. The switch already decided what VLAN the packet belonged to. Now it does a look up of the list of ports configured by the admin of the switch for that Green VLAN. If the port the packet needs to go out is a "Tagged" port for that Green VLAN. The switch adds those extra bytes to it with that ID number in them and sends it out. If the port the packet needs to go out is "Untagged" for that VLAN. It does NOT add those extra bytes and sends it out.
Lastly lets talk about what happens in the worst case scanario and that is when a Switch receives a packet on a port with extra bytes and a VLAN ID number the switch itself was not configured for. For security reasons most low end switches or devices that don't or are not configured for VLAN will simply drop that packet. On more expensive switches and devices that do understand and can be cofnugred for VLAN. There are additional configurations that can me more selective before dropping packets.
So the answer is the following. If you are sending 2 VLAN's over the same port to your Broadaband device. The Baseline switch is adding bytes with an ID number in it based that VLAN's ID number. The Broadband device is probably going to drop those packets since it does not know what to do with them. When the broadband device sends packets to the Baseline they are more than likely being sent without those extra bytes which the baseline switch will then send out on the "Default" VLAN
To understand more read on
The VLAN that comes on the switch from factory is usually called the "Default" VLAN. Then as you add new VLAN's each one gets an ID number so only when the switch sends a packet down a link with 2 or more VLAN's on it. The switch will add bytes to the packets with that number in them.
On any given port you can have 1 and only 1 VLAN that the switch does not add the extra bytes to. Thats called the "un tagged" vlan for that port. All the other VLAN's on the same physical port must have bytes added to each packet with an ID number. These are the "Taggged" VLAN's for that port.
Here is where it gets ticky. Switches and Ports obviously both send and receive packets.
So first lets talk about what happens when a Switch receives (ingress) a "Tagged" packet on a particular port. It first looks to see if the packet has extra bytes in it. If it does then it looks at the ID number in those bytes. It does a lookup to see if it matches the ID number of a VLAN ID number it was configured for lets call it VLAN Green. If there is a match, it then looks up the list of ports the have that Green VLAN on them and then sends the packet out (egress). This also holds true for a packet it received without these extra bytes.
Now lets look at what happens when a switch now needs to sends a packet it received. The switch already decided what VLAN the packet belonged to. Now it does a look up of the list of ports configured by the admin of the switch for that Green VLAN. If the port the packet needs to go out is a "Tagged" port for that Green VLAN. The switch adds those extra bytes to it with that ID number in them and sends it out. If the port the packet needs to go out is "Untagged" for that VLAN. It does NOT add those extra bytes and sends it out.
Lastly lets talk about what happens in the worst case scanario and that is when a Switch receives a packet on a port with extra bytes and a VLAN ID number the switch itself was not configured for. For security reasons most low end switches or devices that don't or are not configured for VLAN will simply drop that packet. On more expensive switches and devices that do understand and can be cofnugred for VLAN. There are additional configurations that can me more selective before dropping packets.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2009 09:22 PM
09-22-2009 09:22 PM
Re: vlans sharing broadband connection
as i know, base line only support 1 interface vlan that is default (vlan 1 interface)
if u have 2 another vlan of user eg vlan 2 and vlan 3,
u need 1 firewall that can support tagg port.
than can create interface vlan 2 and vlan 3 at the firewall. After configure address using the interface under firewall rules , allow the ip range that allow to internet
if u have 2 another vlan of user eg vlan 2 and vlan 3,
u need 1 firewall that can support tagg port.
than can create interface vlan 2 and vlan 3 at the firewall. After configure address using the interface under firewall rules , allow the ip range that allow to internet
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP