Solved

Procurve, 28xx simple vlans.

Posted on 2007-04-10
19
800 Views
Last Modified: 2008-01-09
VLAN HP Procurve Switches: 2824 &  2810-48G
I have two switches and I need 2 vlans: default_vlan (already got that) and Storage (got that on 1 switch).
The second switch, the 48 port switch also has two vlans on it, the default and Storage.  The second switch uplinks to the first just fine.  Now I just need the two Storage VLANS to be one logical network.

Vlan 2, Storage on Switch 1 is connected to Vlan 2, Storage on Switch 2 with a cable.  
Vlan 1, Default_vlan on Switch 1 is connected to Vlan 1, Default_vlan on Switch 2 with a cable.

Any device on the default_lan can ping any other device but the devices on the storage vlan cannot ping devices in the storage vlan on the other switch.

I thought I had to set up a trunk between the two Storage VLans and that would get it going.  However, the results were a disaster: everybody lost a connection and the clustered servers on the default vlan actually abended.  

Is trunking necessary if the vlans forbid traffic from each other?  Any suggestions?  If I'm no being clear, please let me know.
0
Comment
Question by:MMDCisco
  • 10
  • 9
19 Comments
 
LVL 17

Expert Comment

by:jburgaard
ID: 18884733
Without trunk a config could be something like:
-that is if plan to you connect the 2 sw.with ONE cable
between port 24 on 2824 and port 48 on  2810-48G.

on 2824:
vlan 1
   name "DEFAULT_VLAN"
   tagged 24
   untagged 1-12
   no untagged 13-23
exit
vlan 2
   name "Storage"
   tagged 24
   untagged 13-23
exit

on 2810-48G:
vlan 1
   name "DEFAULT_VLAN"
   tagged 48
   untagged 1-24
   no untagged 25-47
exit
vlan 2
   name "Storage"
   tagged 48
   untagged 25-47
exit

Tagged ports between sw.'s
and
accessports untagged with relevant vlans.

If bandwith is a problem and/or you feel more secure with redundant parrallel links, then turn to Trunking (in the HP sense)

0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18884850
When does Forbid come into play?
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18884889
I plan on connecting the two switches with 2 cables.  One for the Storage and the other for the Default_Lan.  I don't want the Storage lan to ever see the production traffic or Internet traffic.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885162
I do not think there is any diff. between having 2 vlans existing on one switch and having the same 2 vlans distributed over 2 switches by means of tagged ports as in the ex. above.
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885247
thanks for the patience let me take a stab:
Default Lan is connected from Switch 1 Port 24 to Switch 2 Port 48
Storage Lan is connected from Switch 1 port 23 to Switch 2 Port 23

on 2824:
vlan 1
   name "DEFAULT_VLAN"
   tagged 24
   untagged 1-12
   no untagged 13-23
exit

vlan 2
   name "Storage"
   tagged 23
   untagged 13-22
   no untagged 1-12
exit

on 2810-48G:
vlan 1
   name "DEFAULT_VLAN"
   tagged 48
   untagged 1-22
   no untagged 23-47
exit

vlan 2
   name "Storage"
   tagged 23
   untagged 25-47
   no untagged 1-22
exit

Sound right?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885397
As far as I know, it is not  considered good practice.
One reason : if you at some point would enable the spanning tree protocol, then one of the links would block.
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885578
So there is only one cable that connects to the two switches, it runs the traffic for both vlans, right?

One of those vlans is an ISCSI installation and bandwidth would be an issue.  That's why I wanted to set it up the way I did.

Options?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885733
Then the best solution is making a trunk.
In this aggregated link both vlans are contained by means of tagging.

on 2824:
trunk 23,24 Trk1 Trunk
vlan 1
   name "DEFAULT_VLAN"
   tagged Trk1
   untagged 1-12
   no untagged 13-22
exit

vlan 2
   name "Storage"
   tagged Trk1
   untagged 13-22
exit

on 2810-48G:
trunk 23,48 Trk1 Trunk
vlan 1
   name "DEFAULT_VLAN"
   tagged Trk1
   untagged 1-22
   no untagged 24-47
exit

vlan 2
   name "Storage"
   tagged Trk1
   untagged 24-47
exit

There is an important thing to remember, that is what to do first and last so not to make a network loop. I have an idea, but just to be sure .. I better check!
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885852
So that implies that both vlan's traffic will be traveling on both ports 1,24 and 23,48.  Will the switch be smart enough to know that Switch 2 port 23 is to only speak to the group on Switch 1 port 23?  I'm not certain that the storage traffic will remain on the storage network, etc.

Almost there...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Expert Comment

by:jburgaard
ID: 18885893
-googled and found at top of page 10 in ftp://ftp.hp.com/pub/networking/software/Mgmt-Oct2005-59906023-Chap12.pdf

So  the important thing to remember:
First configure the trunks
and then afterwards
connect the links (Cables in / enable ports)
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18886030
All untagged ports (accessports) belonging to "Storage" will 'play' with other "Storage"-ports -whether on one or the other sw.
And same story in vlan1 .

If these 2 vlans (existing on 1 or 2 sw.'s ) were to 'speek' with eah other, then there should be asigned IP-adress to the 2 vlans and  some routing taking place.

Perhaps you would at some point think about not using the default_vlan1 so much if security is important.


0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18886059
I can't lose default lan, it's the production lan and on switch 1 and 2.  storage lan, right now, is simply a subset of the ports on switch 1 and I just want to make storage a subset of ports on switch 1 and on switch 2.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18901503
As long as you do not assign an IP to storage-vlan and have no routing taking place, the storage traffic will remain on the storage network .
When you have a small window of opportunity please remember to 'break' before 'make', that is the existing links between the sw's untagged vlan-ports must be disconnected / ports disabled BEFORE the tagged ports are connected / enabled.
Otherwise a network loop will show some flashing ligths  -or perhaps even steady ;-)
Any ?'s  left?
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18901655
Just to make sure: your advice is:
1. Remove any cables connecting the two switches.
2. Configured the devices with trunking as described above.
3. Ensure there is no routing devices in place (is a gateway involved at all?)
4. Put the cables back in place.

Correct?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18901680
yes
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18901729
About the gateway questions:
1. None of the NICS are to have a gateway defined, correct?  
2. The Storage VLAN is not to have a default gateway defined, correct?

I'm trying the solution tomorrow night, when everybody is gone this time.
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 500 total points
ID: 18901995
This is my guess of your setup:
A) Talking Storage VLAN :
Sw's do no have IP asigned to this vlan.
 Servers/PC's share a network with common netmask, all communication taking place in this network, no need for def. gw.

B) On default_vlan1 you probably have a mix of production-activity and switch-management-activity.
But in the perspective of not mixing vlan1<->vlan2
it does not matter whether you have asigned a management IP-adress to the sw's and given the PC's def. gw.'s.



0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18902182
I've selected the last answer as the answer to take care of the points.  In the event something goes wrong, I'll open up another.  The reason for just selecting the final answer is there is only one contributor and selecting the last answer tags the entire discussion so future queries can use the rest of the discussion as a reference.

Thanks!
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18902409
Glad to help!
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now