HPE Community
LAN Routing
1753846 Members
7573 Online
108807 Solutions
New Discussion юеВ

VLAN Multi-tagging

 
renzdelupio
Frequent Visitor

тАО11-22-2016 07:10 PM

тАО11-22-2016 07:10 PM

VLAN Multi-tagging

Hello guys can someone help me with my configuration I want to setup our ISP onto multi-tagging so that all on the VLAN can connect to the internet but they are not going to see each networks. Here's my config below:

hostname "HP-2920-24G"
module 1 type j9726a
timesync sntp
sntp broadcast
ip authorized-managers 192.168.2.15 255.255.255.0 access manager
ip default-gateway 192.168.10.1
ip routing
interface 1
   name "Reserved"
   exit
interface 2
   name "Cable Link"
   exit
interface 5
   name "Servers"
   exit
interface 6
   name "Ldelupio"
   exit
interface 13
   name "Test Port"
   exit
interface 24
   name "CCTV"
   exit
snmp-server community "public" unrestricted
snmp-server contact " "
oobm
   no ip address
   exit
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-24,A1-A2,B1-B2
   ip address 192.168.2.30 255.255.255.0
   ipv6 enable
   ipv6 address autoconfig
   exit
vlan 10
   name "Admin"
   tagged 1-2
   no ip address
   exit
vlan 20
   name "Tech"
   tagged 1-2,6
   ip address 192.168.20.1 255.255.255.0
   ipv6 enable
   ipv6 address autoconfig
   exit
vlan 30
   name "Opn"
   tagged 1
   no ip address
   exit
vlan 40
   name "Lic"
   tagged 1
   no ip address
   exit
vlan 50
   name "CCTV"
   ip address 192.168.0.10 255.255.255.0
   ip address 192.168.10.10 255.255.255.0
   ipv6 enable
   ipv6 address autoconfig
   forbid 1-2
   exit
vlan 60
   name "Alert"
   tagged 2
   no ip address
   exit
vlan 100
   name "Cablelink"
   no ip address
   exit
primary-vlan 20
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
 
 
Using this site means you accept its terms
┬й 2010-2011 Hewlett-Packard Development Company, L.P.

 

0 Kudos
2 REPLIES 2
Vince-Whirlwind
Honored Contributor

тАО11-24-2016 03:21 PM

тАО11-24-2016 03:21 PM

Re: VLAN Multi-tagging

I am guessing that by "VLAN multitagging", what you mean is you want to trunk all your VLANs to your ISP.

If you want to do that, then you will have to remove all the VLAN interface IP addresses so your ISP can set them up as the router addresses for their respective VLANs.

All things considered, this is pretty much the opposite of my philosophy for network management (I want to control the Layer-3 interface for all my subnets and make my own routing decisions).
Also, I would be very surprised if your ISP agreed to do this for you.

If you don't want hosts in one VLAN accessing resources in another, you should use authentication and authorisation (ever since WindowsNT was released in 1993), not weird network topologies.
If you're really desperate, put some ACLs on the "core" switch, but ACLs don't really provide very good security.

renzdelupio
Frequent Visitor

тАО11-30-2016 10:34 PM

тАО11-30-2016 10:34 PM

Re: VLAN Multi-tagging

Yeah, just like your philosophy in network. I want to control my layer 3 to do the routing decision but they also need to have internet. Is my switch capable of DHCP function? I dont want them to locate my router. Can you help me with this configuration? Thanks.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.