Ramblings o' Techie wrote: Taking advantage of VLANs to subnet a network utilizing a managed HP ProCurve switch is pretty easy. Here's a diagram of an example:
In this example, there are two VLANs (VLAN 1 and VLAN 2). VLAN 2 is setup just for workstations and must connect to VLAN 1 for DHCP, DNS and internet access.
On the switch, ports 1 - 24 are being designated as part of VLAN 1 and ports 25 - 48 are part of VLAN 2. VLAN 1 is on the
192.168.10.0/24subnet and VLAN 2 is on the
On the primary and secondary DHCP/DNS servers, setup a DHCP scope for the primary network (VLAN 1) and another scope for VLAN 2. In the DHCP options for both, set the primary DNS server to
192.168.10.10and the secondary DNS server to
192.168.10.11. For VLAN 1, set the router to
192.168.10.1, however on VLAN 2 set the router to
192.168.20.254(the default gateway needs to be within the same subnet).
To set ths up, telnet into the ProCurve switch.
enable- enable admin access
conf t- enter configuration mode using the terminal
ip routing- enable IP-based routing, which is required to allow the two VLANs to communicate
vlan 1- enter the configuration mode for VLAN 1, which should exist by default on the switch
untag 1-24- untag ports 1-24 on the switch to indicate they're restricted to VLAN 1
ip address 192.168.10.254/24- assign the IP address of 192.168.10.254 to the VLAN 1 interface
vlan 2- create VLAN 2 if it doesn't already exist, then enter configuration mode for it
untag 25-48- untag ports 25-48 on the switch to indicate they're restricted to VLAN 2
ip address 192.168.20.254/24- assign the IP address of 192.168.20.254 to the VLAN 2 interface
ip helper-address 192.168.10.10- set VLAN 2 to send DHCP packets to the primary DHCP server
ip helper-address 192.168.10.11- set VLAN 2 to send DHCP packets to the secondary DHCP server
ip route 0.0.0.0 0.0.0.0 192.168.10.1- set the default route to the default gateway in VLAN 1
write mem- commit the changes made to the configuration stored in memory on the switch
end- exit configuration mode
exit- exit enable mode
exit- logoff from the telnet session
The one issue that may appear is having
ip default-gateway 192.168.10.1set on the switch for VLAN 2 to get to the internet. However, that is only effective when ip routing is disabled and for the VLANs to communicate, ip routing needs to be enabled. That requires a static route or using
ip default-network(if it's an available option). For more information, see this link. It's from Cisco, however the same applies to the ProCurve devices. That link explains the differences between the default gateway options and what routing protocols are affected by each.
Another issue not addressed above is setting actual routing to be able to reach VLAN 2. This will require deciding what is best because it depends on network and routing devices and protocols in use. In the above example, setup a route in VLAN 1 that would send traffic for 192.168.20.0/24 to 192.168.10.254 (the switch's IP on VLAN 1). If the network has OSPF configured and the router participates, there is likely nothing to do.
How to connect, setup and secure network connections.
READ: Project-W rules
READ: Project-W rules
1 post • Page 1 of 1