Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Re: Port trunking, default VLAN and switch IP addressing

Go to solution
Occasional Contributor

Port trunking, default VLAN and switch IP addressing

We will be moving to a new building and will be migrating our network currently running on Nortel and bay stack switches to HP Procurve switches. All of the current switches are running in a one gigantic broadcast domain and are currently IP addressed on a single subnet.

We will be moving off of the old switch gear and on to an 8212zl acting as a core switch and the following edge switches; 3 5400zl, 4 3500yl and 2 Gbe2c.

I need to verify the following parts of my design to make sure that everything will migrate properly and that the trunk ports and default VLAN configuration is correct.

Here are some of the details about my installation. I have attached a diagram to this post.
* The 8212zl will act as the core switch
* Each 5400zl chassis will have 8 ports trunked back to the core
* Each 3500yl switch will have 2 ports trunked back to the core
* Each Gbe2c switch will have 4 ports (each) trunked back to the core
* I have the following subnets to configure
**, All workstations, servers, printers
* All switches are HP Procurve and will be running LACP compatible trunks
* GVRP will be enabled to advertise VLANs
* MSTP will be enabled on all switches

Here are my questions:

1. Can the switches management IP address be on even if I plan to create a VLAN for just traffic?

2. Should I configure all switches with IP addresses on a totally different LAN, and keep VLAN 1 for just switch management & trunk operations?

3. How is the Default VLAN affected by port trunking & inter-VLAN routing, any gotchaâ s or configuration issues I need to address upfront?

4. Should I use Dynamic or Static LACP trunks?

I am almost sure I am missing something, so give me your best shot. If you had all of this gear and it was all HP Procurve, how would you connect everything together?

Frequent Advisor

Re: Port trunking, default VLAN and switch IP addressing

The following are not answers, just my opinions. ;-)

1) Yes. By default, any IP address can be used to manage the switch.

2) I would probably create a distinct VLAN just for switch management IP addresses.

3) Don't use VLAN 1 for anything. I like the idea that if someone plugs into a port with a default, they can't do anything (from an IP perspective).

4) No opinion on this one.

Since you only have a few VLANs and switches, I would statically define all the VLANs. Just my opinion.

I would create new 3 VLANs, VOICE, DATA, and ADMIN on all the switches. All three VLANs would be tagged on the trunks between the switches. By default, VLAN 1 will be untagged on the trunks. I would probably leave it, but it can be removed. Each edge switch only gets an IP address on the ADMIN VLAN. The core switch is the only switch that routes between VLANs. If you need to restrict access to the ADMIN network, you can use ACLs on the core switch.

I would configure all the edge ports with bpdufilter and admin-edge-port and rely on loop-protect to prevent loops.

How many computers are on your broadcast domain? Do you have broadcast storms?


Occasional Contributor

Re: Port trunking, default VLAN and switch IP addressing

We have about 500 workstations and 100 servers. I have not seen any brodcast storms, but the one thigs I do we is a bunch of NETBIOS traffic. When users login, they cause NETBIOS elections for the master browser and I want to seperate this traffic eventually.

Thanks for the reply.