- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- HPE 1920 vlan configuration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2017 07:48 AM
тАО07-11-2017 07:48 AM
HPE 1920 vlan configuration
Hello, Thank you for your help. I am needing help programming my HPE switch to allow traffic from separate SSIDs to to exit my firewall on assigned ports so that I can keep the SSIDs separated on the network. For instance, I have assigned:
SSID1 to VLAN10
SSID2 to VLAN20
SSID3 to VLAN30
Only VLAN10 will have access to network resources such as printers.
All VLANs need access to the Internet via separate ports on the firewall so that appropriate filtering can take place. The APs have been configured to assign separate VLANs depending on the SSID they connect to.
In my scenario, how do I program the switch to enable a connection to SSID1 to access the network and the Internet through port 1 on the switch, while SSID2 only has access to the Internet through port 2 on the switch, and SSID3 to access the Internet through port 3?
At this point I have the switch configured as follows:
Port 1 - PVID 1, VLAN10 to Firewall port 1 (192.168.0.x)
Port 2 - PVID 1, VLAN20 to Firewall port 2 (192.168.2.x)
Port 3 - PVID 1, VLAN30 to Firewall port 3 (192.168.4.x)
Ports 4 - 16 - VLAN10
Ports 17-14 VLAN10, VLAN20, and VLAN30
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2017 08:22 AM - edited тАО07-11-2017 08:24 AM
тАО07-11-2017 08:22 AM - edited тАО07-11-2017 08:24 AM
Re: HPE 1920 vlan configuration
Sounds fairly simple to me.
Do you really need three pjhysically separate connecitons to the firewall?
If not, just make port 1 on the switch a trunk and allow VLANs 10,20 and 30.
Make the firewall the gateway for each VLAN (e.g. 192.168.0.1, 192.168.2.1, 192.168.4.1)
If you need three physically separate uplinks from the swtch, then put switchport 1 in VLAN 10, 2 in 20 and 3 in VLAN 30.
Use ACL's on the router to control what can access what (there maybe a setting depending on your firewall that you have to enable to force the ACL's to be apied to inter-VLAN or LAN-LAN traffic).
Ports 4-16 will be access ports in VLAN 10.
On switch ports 17-24(I assume u meant 24, not 14), make these trunks for the AP's permitting VLANs 10, 20 and 30.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2017 09:07 AM
тАО07-11-2017 09:07 AM
Re: HPE 1920 vlan configuration
Thanks for your reply! Yes, we want three separate connections to the firewall so that we can apply Internet filtering to staff vs kids and guests. I'll check the firewall for any inter-vlan settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2017 09:44 AM
тАО07-11-2017 09:44 AM
Re: HPE 1920 vlan configuration
They dont need to be physically separate, i would be inclined to trunk VLANs 10 and 20 on port 1 and keep VLAN 30 (guests) separate. What can see what you will control on the firewall so you would normally block everything between VLAN 30 and other VLANs.
btw, On the guest SSID I would implement station isolation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2017 08:22 AM
тАО07-12-2017 08:22 AM
Re: HPE 1920 vlan configuration
How do I force each VLAN to pick up its respective DHCP server?
I have set ports as follows:
Port 1 on the firewall to DHCP addresses 192.168.0.x
Port 2 on the firewall to DHCP addresses 192.168.2.x
Port 3 on the firewall to DHCP addresses 192.168.4.x
Currently when I configure any VLAN on the ports, the connections cannot reach the DHCP server. Of course, when I remove the VLAN there are 3 DHCP servers on the switch so you get a random network address from one of the three dhcp servers.
I have the VLANs on the ports set to tagged, should I set it up differently?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-18-2017 01:18 AM - edited тАО07-18-2017 01:19 AM
тАО07-18-2017 01:18 AM - edited тАО07-18-2017 01:19 AM
Re: HPE 1920 vlan configuration
Apologies for not replying sooner but have been out of the office since last week.
You only need to tag traffic on trunk ports, i.e. if you are sending more thatn 1 VLAN over the port, which in your case it looks as though you are not, hence they should be access ports in the relevant VLANs.
The ports that have clients/servers attached should be configured as access ports in the required vlan.
Are you using three separate DHCP servers connected to the switch? If so, then provided the clients and the server switch ports are all configured as access ports in the correct VLAN then it will work correctly.
If however, you only have one DHCP server with scopes for each VLAN, then you will need to configure DHCP Relay and point to the DHCP servers Ip address. I found the easiest way to configure DHCP server when you have lots of VLANs was to configure it for each scope on the firewall.