HPE Community
HPE Aruba Networking & ProVision-based
1819694 Members
3459 Online
109605 Solutions
New Discussion

Create New VLAN

 
PaulSlade
New Member

‎02-22-2012 01:45 PM

‎02-22-2012 01:45 PM

Create New VLAN

Hi,

 

I need to setup a VLAN (never done it before!). We are running out of IP addresses at our 2 MPLS connected sites in their Class C ranges and have decided that creating a new VLAN for DHCP devices is the way to go!

 

Both sites run the same setup.

 

We have 2 core switches (6200yl)

 

Edge switches are 2810G switches which all have a connection into each core switch for redundancy.

 

Spanning tree prevents loops.

 

Current VLAN is default VLAN 1

 

VMWare environment uses 2 x 2810G switches for redundancy and these are connected into the core switches as per all of the others.

 

New VLAN needs to be created and all DHCP devices moved onto untagged ports which are part of the new VLAN. 

 

All static devices remain on ports which are untagged on VLAN1.

 

Cisco routers at each site are supplied and managed by the MPLS hosting company.

 

All devices on the network use default gateway IP address of local Cisco router.

 

Inter VLAN routing is required.

 

DHCP IP addresses will be supplied by existing DHCP server on VLAN1

 

IP routing to the Internet and other MPLS sites must continue for devices moved on to new VLAN

 

Considering using multiple instance setup to have all VLAN1 traffic going to Core1 and new VLAN traffic going to Core2 for redundancy and load balancing.

 

Any advice appreciated on best practice setup, e.g:

 

- How are uplinks tagged/untagged for VLAN1 and new VLAN

- IP routing setup

- DHCP setup

- Default gateway setup for switches, PC's etc.

 

Many thanks,

Paul.

0 Kudos
1 REPLY 1
RK_br
Advisor

‎02-23-2012 08:30 AM

‎02-23-2012 08:30 AM

Re: Create New VLAN

Hello Paul,

 

Well, to start off with, I usually don't recommend using VLAN 1 as it is the default for most switches so for securitty it is better to use another VLAN.

 

 

 

Regarding your points, here are some recommendations. For the actual config lines, please see the manuals:

 

- How are uplinks tagged/untagged for VLAN1 and new VLAN

 

Usually untagged for VLAN 1 and tagged for new and other vlans. Since i recommend using a new vlan as your access, you should have untagged vlan 1 and tagged vlan 10 and vlan 20, as an example

 

- IP routing setup

 

Where do you plan to do your routing, in your core (6200) or your WAN router? If it is your core, you need both 6200yl to be configured with VLAN interfaces, example

VLAN 1: 192.168.1.x, VLAN 10: 10.10.10.x, VLAN 20: 10.20.20.x

 

For redundancy, you will need to configure VRRP, which requires a virtual IP address, so you can have your addresses like this. Please note that this is a sample, feel free to use whatever address fit your needs.

 

Core 1 6200yl:

VLAN 1: 192.168.1.1

VLAN 10: 10.10.10.253

VLAN 20: 10.10.10.254

 

Core 2 6200yl:

VLAN 1: 192.168.1.2

VLAN 10: 10.10.10.254

VLAN 20: 10.10.10.253

 

VRRP setup (same on both switches) - This will be your default gateway. It is a virtual IP, which can be the same as the physical. We alternate address because then the primary switch will be a differnt one for each VRRP instance. (vrrp explanation in default gateway area)

 

VLAN 1 IP: 192.168.1.1

VLAN 10: 10.10.10.254

VLAN 20: 10.10.10.254

 

 

- DHCP setup

On your router, you will need to setup a DHCP helper address for every VLAN pointing to your server. Then you need to configure your DHCP server and add the router IPs (ie. 10.10.10.254) as a client and setup a DHCP scope for that range.

 

- Default gateway setup for switches, PC's etc.

 

The default gateway for the PCs should always be the closest router / L3 switch, in this case the IP address for the VRRP. VRRP is a redundancy protocol that establishes a virtual IP address on two routers (needs config for every Layer 3 interface). The virtual IP address will be available in one  L3 switch will be the primary, in case that switch fails, the other switch will respond to that IP. This configuration is necessary so that you don't have to change default gateways when a switch fails.

 

For the switch Layer 3, you need to enable ip routing, and setup default routes (0.0.0.0). You don't need routes to the VLAN 1, 10, and 20 since those are directly connected, so you need just a default route pointing to the IP of your Cisco router.

 

Hope this answers your questions.

 

Best of Luck

-RK

The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.