HPE Community
HPE Aruba Networking & ProVision-based
1824170 Members
2664 Online
109669 Solutions
New Discussion

Need VLAN architecture help - very straightforward if you're experienced with this

 
kahnman7
Occasional Visitor

‎08-20-2012 07:51 AM

‎08-20-2012 07:51 AM

Need VLAN architecture help - very straightforward if you're experienced with this

Hi All,

 

I recently took over a network admin role where the previous person did nothing to manage his HP Procurve environment. I have multiple ProCurves -- 1400-24G, 2610-48G, 2610-48, 2810-48G... 3 buildings, fibre connecting the switches in each building.

 

Everything is on a single VLAN (the default VLAN). 

 

Present IP Address scheme:

172.16.x.x (class B)

255.255.0.0. mask

 

The former admin put servers and infrastructure stuff on 172.16.1.x, desktops on 172.16.2.x, mobile devices on 172.16.3.x, etc... but with a class B mask, this was all just one network, on the one VLAN.

 

I intend to change the mask to a class C, 255.255.255.0, so that the devices are truly on their own networks. Next, I want to set up VLANs for each of them and have the ProCurves route traffic across the VLANs.

 

Step 2 will be getting into bandwidth allocation as one of the VLANs will have BYOD wi-fi stuff, but for now, I want to make this change without taking existing users offline by bringing up the new networks (have a new server standing by ready to install).

 

1. If I create new VLANs for my "next generation" network, can I just create VLANs 2-6, set up routing between them, and then just build this new network of servers and desktops? Then, once I've tested that it works, I can spend a weekend migrating all the users from the old VLAN to the new one simply by changing their subnet mask. 

 

2. Do you forsee any problems doing this? I want to get the new VLAN structure in place before I build the new server.

 

Thanks so much! 

 

Scott

 

0 Kudos
4 REPLIES 4
paulgear
Esteemed Contributor

‎08-20-2012 03:03 PM - edited ‎08-20-2012 03:03 PM

‎08-20-2012 03:03 PM - edited ‎08-20-2012 03:03 PM

Re: Need VLAN architecture help - very straightforward if you're experienced with this

Hi Scott,

 

That makes good sense to me.  What you'll have to watch out for is any hard-coded default gateways.

You also won't be able to migrate it over an extended period without downtime unless you change to a different address range (e.g. 172.17.0.0/16), because all of the devices on the old range will think that they are on the same subnet, and routing between them won't work.  Unless it's quite a small network, changing subnet masks on a wide range of statically-configured devices is a recipe for going crazy.

On which device do you plan to do the routing?  I don't believe any of the models you listed support routing.

Regards,
Paul
0 Kudos
kahnman7
Occasional Visitor

‎08-20-2012 07:44 PM

‎08-20-2012 07:44 PM

Re: Need VLAN architecture help - very straightforward if you're experienced with this

Thanks Paul.

 

You know... I've been reading the documentation and couldn't really find anything that clearly explained the whole routing situation. I thought that with ProCurve switches you can define rules that would route from one VLAN to another pretty easily. Maybe only on more advanced models than these?

 

Perhaps my best option is to use my SonicWall firewall as the router. It has four Ethernet ports that it can route between... but now I'm entering more confusing territory... would I need to connect four Ethernet cables from the nearest switch, with each one assigned to an IP address on each VLAN?

 

Thanks,

Scott

 

 

0 Kudos
paulgear
Esteemed Contributor

‎08-20-2012 08:03 PM

‎08-20-2012 08:03 PM

Re: Need VLAN architecture help - very straightforward if you're experienced with this

Search Google for ProCurve Software Features Matrix, and you should find a PDF which covers which models support routing and which ones don't.

Using the SonicWall should work.  I'm not sure exactly what features they support, but if they're anything like other firewalls i've worked with, it should be possible to trunk all of the VLANs across a single link, without requiring any additional cabling.

Regards,
Paul
0 Kudos
kahnman7
Occasional Visitor

‎08-21-2012 07:18 AM

‎08-21-2012 07:18 AM

Re: Need VLAN architecture help - very straightforward if you're experienced with this

Thanks again, Paul. Just got that document -- VERY useful indeed.

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.