Switches, Hubs, and Modems
1748246 Members
3336 Online
108760 Solutions
New Discussion юеВ

5412zl VLAN Tagging - Need Configuration Verification

 
WW334733
New Member

5412zl VLAN Tagging - Need Configuration Verification


I have an HP 5412zl(J8698A) connected to a Cisco 2811. I currently have VLAN 1 in range 192.198.23.X between the HP and Cisco device. I am needing to add support for 4 VLANs in new 10.203.X.X address space and ultimately remove 192.168.23.X. I would like to have both ranges up during 10.203.X.X initial implementation.

Questions: 1. What VLANs should be Tagged or Untagged on new port going to Fa0/1 of 2811? I know I need at least one untagged VLAN.

2. Anything to be aware of? VLAN1 cannot be untagged on new port, as that would create a routing loop, yes? Theoretically spanning-tree would fix that, but I am not familiar with what HP does.

Cisco 2811:

interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip address 10.203.0.1 255.255.255.0
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.203.1.1 255.255.255.0
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.203.2.1 255.255.255.0
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.203.3.1 255.255.255.0

interface FastEthernet0/0
ip address 192.168.23.1 255.255.255.0
duplex auto
speed auto

HP 5412zl:

vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,H1-H24
ip address 192.168.23.5 255.255.255.0
exit

Vlan 100
name "Servers"
tagged
ip address 10.203.0.2 255.255.255.0
exit

Vlan 101
name "Workstations"
tagged
ip address 10.203.1.2 255.255.255.0
exit

Vlan 102
name "IP Phones"
tagged
ip address 10.203.2.2 255.255.255.0
exit

Vlan 103
name "Future"
tagged
ip address 10.203.3.2 255.255.255.0
exit
4 REPLIES 4
Olaf Borowski
Respected Contributor

Re: 5412zl VLAN Tagging - Need Configuration Verification

Why do you want the poor 2811 do all the routing? In your design, when workstations want to talk to a server (VLAN 101 to VLAN 100), traffic would have to go from the 5400 to the 2811 and back (on a single link).
Why don't you enable routing on the 5400 to route local taffic at line rate and anything that is not local, punt to the 2811? Everything could be untagged in this case and the 54xx would do the heavy lifting for you instead of the 2811. Why do you have IP address on the VLAN interfaces in your design? You only need one for management of the switch.
Shadow13
Respected Contributor

Re: 5412zl VLAN Tagging - Need Configuration Verification

the ip address in the vlan is a must when enabling routing in the switch to be the default gateway for the vlan members, but if you are going with the configuration you posted as the 2811 router will handle the routing, then you don't need to put ip address under every vlan, just under the vlan that you are going to use as a management vlan.


for taggeing, any port that is connected to other switch or router and carry multiple vlans traffic should be tagged in all of the vlans, and the ports that are members of a specific vlan should be untagged under that vlan, that's the it :D

If you need further details or anything else please don't hesitate.

Regards,
Islam Hassan
WW334733
New Member

Re: 5412zl VLAN Tagging - Need Configuration Verification

Thank you for your response, Islam.

We have chosen interface G4 on the HP switch to connect to the Cisco router.

So on port G4 on the switch, I will make VLAN 100 untagged and the remaining 101, 102, and 103 they will be tagged.

I think I will need to make VLAN 100 native on the Cisco 2800 to match the native untagged VLAN on port G4 on the HP switch, seen here:

interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1.100
encapsulation dot1Q 100 native
ip address 10.203.0.1 255.255.255.0
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.203.1.1 255.255.255.0
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.203.2.1 255.255.255.0
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.203.3.1 255.255.255.0


Eventually we want to remove the 192.168.23.X addresses, so I would imagine I would need to make one of the new VLANs the management VLAN. Currently there is a default-gateway on the switch, pointing to the 192.168.23.1 address of the router. At some point, I will need to remove that.

Thanks for your help, please advise anything else you see.
Shadow13
Respected Contributor

Re: 5412zl VLAN Tagging - Need Configuration Verification

You can leave the native vlan as it is vlan 1 and untagged on the port connected to the cisco 2811 and it will work with no problems.

But what you did is right in everything so no worries.

You can still use vlan 1 as management vlan and with the routing available you can have access from any ip address. and for the default-gateway , this is used to access the switch so use the gateway of the management vlan that you will define.


and remember the tagging, untagged is the same as access in cisco switches, and tagged is the same as trunk command
so all the ports that will be associated with a specific vlan will be untagged member of that vlan, and the uplink port will be tagged in all vlans that you want this port to carry.


also you have to notice that when you enable routing between vlans, all vlans can have access to each other so you need to create access lists to deny access if you want, and i'm sure you already know that.


I hope my info are correct and will not cuase any problems :D if you want you can check the manual for HP 5412zl to see the correct information :D


Regards,
Islam Hassan