Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2006
    Location
    Western Europe
    Posts
    217

    HP Procurve VLAN - help needed

    Hello all,

    I need some help to implement VLAN on a HP Procurve switch 5412zl (which is managed).

    Switch is loaded like :

    ---
    A-B (2 x 24 ports 10/100/1000)
    C-D (2 x 24 ports 10/100/1000)
    E-F (2 x 24 ports 10/100/1000)
    G-H (2 x 24 ports 10/100/1000)
    I1 & I2 (2 x 10 GigE port)
    ---

    I must separate all networks from others (they must NOT be able to communicate directly), as they MUST pass thru the firewall.

    A1-A24 is the slot for “Internet” and the port A1 will be the uplink going to the firewall (let’s admit that the internet IP are 172.16.1.0/23, but it is not this one)

    B1-B24, C1-C24, D1-D24, F1-F24, I1 and I2 will be for the “LAN” the port B1 will the uplink to the firewall (so that the firewall is the filter from LAN to Internet and vice-versa, let’s admit that the LAN IP are10.40.0.0/16)

    And finally E1-E24 will be the DMZ slot which will have the port E1 configured to be the uplink to the firewall (let’s admit that the DMZ is within 10.41.1.0/24)

    Note: I1 and I2 are connected to 2 other switches (same brand but lower models) which extend the LAN for the building.

    ---

    This being said, I get my first questions:

    - Will the VLAN change anything for the computers and servers located on the LAN and talking together thru the switch?

    - Will I have to make any changes on the computers of the LAN?

    - How do I configure 3 VLAN like I need with CLI?

    - How do I set the VLAN ‘LAN’ to be the default for all ports not member of another VLAN?

    - I need a basic setup of VLAN, is there a need to configure / enable anything else than VLAN to make this works, such as RIP or whatever?

    - How do I paste / send / drop a configuration I have made on my desktop to the switch and make the switch use it as default configuration (as I hate to use the little web interface) ?

    - Is is right that I will be having 1 cable going from each VLAN to the firewall as an uplink cable?


    Big thanks in advance thanks for all people that will be helping me !!

  2. #2
    Join Date
    Oct 2007
    Location
    Deschutes, OR, USA
    Posts
    163
    Will the VLAN change anything for the computers and servers located on the LAN and talking together thru the switch?
    That depends on how you define the VLANs, but likely no.

    Will I have to make any changes on the computers of the LAN?
    That depends on how you define the VLANs, but likely no. Since you want inter-VLAN traffic to pass through the firewall then the firewall's ports (or a router on the other side of the firewall) must be defined as the default router IP for the individual hosts on that network segment. If not, then the hosts on the various VLANs will be able to "see" each other if the routing interface is local to the switch.

    How do I configure 3 VLAN like I need with CLI?
    What rev of the HP switch software is running?

    IIRC you ssh/telnet into the switch, and run through the menus. The config UI on the CLI on Procurve gear is pretty straightforward. The documentation should walk you through it quite well.

    How do I set the VLAN ‘LAN’ to be the default for all ports not member of another VLAN?
    There is a default VLAN for that. Again, RTM.

    I need a basic setup of VLAN, is there a need to configure / enable anything else than VLAN to make this works, such as RIP or whatever?
    No, not really.

    How do I paste / send / drop a configuration I have made on my desktop to the switch and make the switch use it as default configuration (as I hate to use the little web interface) ?
    The easiest way is to use the CLI straight on the box, but the alternative for loading configs in network gear is TFTP. I have a TFTP server app on my laptop just for this purpose.

    Is is right that I will be having 1 cable going from each VLAN to the firewall as an uplink cable?
    Yes, BUT you MUST define the default route as I stated above.
    --chuck goolsbee, Prineville, Oregon, USA
    Please note: I no longer work for digital.forest in Seattle, WA, as I left them in early 2010 to pursue an amazing opportunity at an amazing datacenter project elsewhere... I do not speak for digital.forest here. However I still know they provide the best colocation in the Pacific Northwest.

  3. #3
    Join Date
    Aug 2006
    Location
    Western Europe
    Posts
    217
    Big thanks for your reply.

    In the meanwhile I have checked and as I understood, as far as I DON'T "tag" the ports, I don't have to change anything on existing networks (as they already know all what is the gateway for them network and the firewall is able to interconnect them).

    I don't know exactely what is the rev of the switches (I don't have it under my eyes), but it is the default shipped with. They are 10 months old.

    What I exactely I'd like to do is the following :

    1. Create a VLAN with ID 10 called "WAN" attached to network 172.16.1.0/23 (with IP 172.16.1.1)
    2. Create a VLAN with ID 20 called "LAN" attached to network 10.40.0.0/16 (with IP 10.40.2.11)
    3. Create a VLAN with ID 30 called "DMZ" attached to network 10.42.1.0/23 (with IP 10.42.1.2)
    4. Set VLAN with ID 20 ("LAN") as default to replace the ID 1 (the one called "DEFAULT_VLAN", already configured)

    WAN includes A1-A24
    LAN includes B1-B24,C1-C24,D1-D24,F1-F24,I1-2
    DMZ includes E1-E24

    I feeling really new to this, so I will give the detail I believe I should use, let me know if I am going right or not please. I also miss the part where I can attached the ports to my VLAN ? Should I attached them as "not tagged" and if yes how ?

    Enter configuration context

    ProCurve Switch # configure
    Create the 3 VLAN

    ProCurve Switch (config)# vlan 10 name WAN
    ProCurve Switch (config)# vlan 20 name LAN
    ProCurve Switch (config)# vlan 30 name DMZ
    Set the VLAN with ID 20 as default

    ProCurve Switch (config)# primary-vlan 20
    Configure the IP addresses

    ProCurve Switch (config)# vlan 10 ip address 172.16.1.1 255.255.254.0
    ProCurve Switch (config)# vlan 20 ip address 10.40.2.11 255.255.0.0
    ProCurve Switch (config)# vlan 30 ip address 10.42.1.2 255.255.254.0
    Write the configuration on the flash

    If happy with the configuration...

    ProCurve Switch (config)# write memory
    Can anybody comment my configuration idea and help with about how to attach the ports to the VLAN's ?
    Last edited by Dualism; 05-10-2008 at 02:58 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •