- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: VLAN - Routing/ACL Query
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2010 12:30 PM
тАО12-05-2010 12:30 PM
Re: VLAN - Routing/ACL Query
"You'll see that by having the two 2910's connected to the existing LAN I'll have an L2 network loop that I'm assuming stp/rstp on the Procurve's will sort out?
We already run RSTP on our core Procurve's on our main LAN though I'm by no means an expert on it."
RSTP is the default level of STP that the 2910's should come up to...depends on version of code, they may have upgraded to MSTP, but if you don't configure MSTP, then it operates as simple RSTP.
HOWEVER, spanning tree is NOT generally enabled by default, you must do a 'span' to enable it on each switch.
The other primary thing to do is define which switch is the root and which is the backup root. (Jeff's best practice)
Decide which switch you want to be the Layer2 root (generally the router or close to it) and do a 'span pri 0', and then decide which switch should be the backup root and do 'span pri 1'.
The default priority setting in ProVision is 8 (actually 8*4k, so its 32768, which is the standard).
Refer to the CLI guide ch 18.
Can't remember if I mentioned the CLI Ref Guide, get it, makes things a bit easier if you just want to config things.
Get this CLI ref guide, it shows how to configure HP ProVision, HP Comware5 and Cisco switches for lots of different functions, in a side-by-side comparison, so if you know one CLI, you see how to do it in a different CLI:
http://h10144.www1.hp.com/docs/training/HP-Networking-and-Cisco-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf
hth...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2010 12:44 PM
тАО12-05-2010 12:44 PM
Re: VLAN - Routing/ACL Query
I know we're running RSTP/STP on the two core 5406zl's that we have as well as on some other old Baystack's and assorted switches - right now our root bridge appears to be an old Baystack that I think is only root by virtue of having the lowest MAC, it certainly isn't by design and my intention is that when I have a window I want to make the gateway 5406 the root bridge, and the second 5406 the backup.
The LAN isn't supposed to be my responsibility but I seem to keep noticing these things and it gets a little awkward trying to cajole those who should be doing it, into doing it so I seem to end up learning little by little and doing it myself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2010 01:33 PM
тАО12-05-2010 01:33 PM
Re: VLAN - Routing/ACL Query
I kinda figured the CLI Guide may not be the big help, it is sometimes a bit easier to do stuff without having to slog through the big manuals :-)
A note, the 5400 by default comes up to MSTP when spanning tree is enabled. Of course it can be "rev'd" back to RSTP, and it's ok to do (I suspect that's probably what was done to be fully compatible with those Baystacks.)
Cheers...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2010 01:39 PM
тАО12-05-2010 01:39 PM
Re: VLAN - Routing/ACL Query
I think "Plan A" is to walk before I run and just get the VLAN's setup and test they work within the switches, then link them and tag the link, and then make sure the VLAN's work over the link, and then uplink each switch to the main LAN and check I still have a network :-)
I'm hoping that as with most things it's all in the planning, and if I've got that right the implementation should be much more pleasant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2010 02:44 PM
тАО12-05-2010 02:44 PM
Re: VLAN - Routing/ACL Query
"I'm hoping that as with most things it's all in the planning, and if I've got that right the implementation should be much more pleasant."
Aw come on now, plan ahead, isn't that like reading the manuals before turning it on - hahahahahaha!
I have been accused for years of ready-fire-aim...
Regardless, don't tell folks how easy this all is or everyone will want to do it, and then the "guru status" gets lost.
I hope it goes well for you, sounds like you are VERY close to it!!!!
Bangers and Mash on me mate!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2010 09:58 AM
тАО12-06-2010 09:58 AM
Re: VLAN - Routing/ACL Query
The switch management is on VLAN1 (not ideal but as I said we don't use VLAN's on the main LAN right now).
One thing I noticed is that VLAN1 "DEFAULT_VLAN" seems to be the default untagged VLAN on all ports.
On the ports that I *only* want to use in tagged mode, is there any disadvantage to simply using the "forbid" option to stop them being members of VLAN1 for untagged?
It seems daft putting them in a bogus VLAN for untagged traffic?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2010 12:07 PM
тАО12-06-2010 12:07 PM
Re: VLAN - Routing/ACL Query
"It seems daft putting them in a bogus VLAN for untagged traffic?"
My best practice is to NEVER use VLAN1 for ANYTHING.
Next to that, then I create a "no-use" VLAN and put all ports untagged into there, then move them to using VLANs when I need them.
Either way, I believe it is the better way to control the use of ports.
Cheers...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2010 12:37 PM
тАО12-06-2010 12:37 PM
Re: VLAN - Routing/ACL Query
A "no-use" VLAN sounds sensible tbh - the main thing is I don't want the default VLAN spanning those two switches via the 10gbps trunk.
Thanks,
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2010 01:02 PM
тАО12-06-2010 01:02 PM
Re: VLAN - Routing/ACL Query
btw2, as long as you don't assign the 10G ports tagged or untagged into VLAN1 on both sides, VLAN1 is isolated across that link.
btw3, a port has to have a home, whether it is untagged into a VLAN or tagged into a VLAN, it just has to have a home.
hth...Jeff
- « Previous
-
- 1
- 2
- Next »