?
Solved

Procurve, 28xx simple vlans.

Posted on 2007-04-10
19
Medium Priority
?
829 Views
Last Modified: 2008-01-09
VLAN HP Procurve Switches: 2824 &  2810-48G
I have two switches and I need 2 vlans: default_vlan (already got that) and Storage (got that on 1 switch).
The second switch, the 48 port switch also has two vlans on it, the default and Storage.  The second switch uplinks to the first just fine.  Now I just need the two Storage VLANS to be one logical network.

Vlan 2, Storage on Switch 1 is connected to Vlan 2, Storage on Switch 2 with a cable.  
Vlan 1, Default_vlan on Switch 1 is connected to Vlan 1, Default_vlan on Switch 2 with a cable.

Any device on the default_lan can ping any other device but the devices on the storage vlan cannot ping devices in the storage vlan on the other switch.

I thought I had to set up a trunk between the two Storage VLans and that would get it going.  However, the results were a disaster: everybody lost a connection and the clustered servers on the default vlan actually abended.  

Is trunking necessary if the vlans forbid traffic from each other?  Any suggestions?  If I'm no being clear, please let me know.
0
Comment
Question by:MMDCisco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9
19 Comments
 
LVL 17

Expert Comment

by:jburgaard
ID: 18884733
Without trunk a config could be something like:
-that is if plan to you connect the 2 sw.with ONE cable
between port 24 on 2824 and port 48 on  2810-48G.

on 2824:
vlan 1
   name "DEFAULT_VLAN"
   tagged 24
   untagged 1-12
   no untagged 13-23
exit
vlan 2
   name "Storage"
   tagged 24
   untagged 13-23
exit

on 2810-48G:
vlan 1
   name "DEFAULT_VLAN"
   tagged 48
   untagged 1-24
   no untagged 25-47
exit
vlan 2
   name "Storage"
   tagged 48
   untagged 25-47
exit

Tagged ports between sw.'s
and
accessports untagged with relevant vlans.

If bandwith is a problem and/or you feel more secure with redundant parrallel links, then turn to Trunking (in the HP sense)

0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18884850
When does Forbid come into play?
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18884889
I plan on connecting the two switches with 2 cables.  One for the Storage and the other for the Default_Lan.  I don't want the Storage lan to ever see the production traffic or Internet traffic.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 17

Expert Comment

by:jburgaard
ID: 18885162
I do not think there is any diff. between having 2 vlans existing on one switch and having the same 2 vlans distributed over 2 switches by means of tagged ports as in the ex. above.
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885247
thanks for the patience let me take a stab:
Default Lan is connected from Switch 1 Port 24 to Switch 2 Port 48
Storage Lan is connected from Switch 1 port 23 to Switch 2 Port 23

on 2824:
vlan 1
   name "DEFAULT_VLAN"
   tagged 24
   untagged 1-12
   no untagged 13-23
exit

vlan 2
   name "Storage"
   tagged 23
   untagged 13-22
   no untagged 1-12
exit

on 2810-48G:
vlan 1
   name "DEFAULT_VLAN"
   tagged 48
   untagged 1-22
   no untagged 23-47
exit

vlan 2
   name "Storage"
   tagged 23
   untagged 25-47
   no untagged 1-22
exit

Sound right?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885397
As far as I know, it is not  considered good practice.
One reason : if you at some point would enable the spanning tree protocol, then one of the links would block.
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885578
So there is only one cable that connects to the two switches, it runs the traffic for both vlans, right?

One of those vlans is an ISCSI installation and bandwidth would be an issue.  That's why I wanted to set it up the way I did.

Options?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885733
Then the best solution is making a trunk.
In this aggregated link both vlans are contained by means of tagging.

on 2824:
trunk 23,24 Trk1 Trunk
vlan 1
   name "DEFAULT_VLAN"
   tagged Trk1
   untagged 1-12
   no untagged 13-22
exit

vlan 2
   name "Storage"
   tagged Trk1
   untagged 13-22
exit

on 2810-48G:
trunk 23,48 Trk1 Trunk
vlan 1
   name "DEFAULT_VLAN"
   tagged Trk1
   untagged 1-22
   no untagged 24-47
exit

vlan 2
   name "Storage"
   tagged Trk1
   untagged 24-47
exit

There is an important thing to remember, that is what to do first and last so not to make a network loop. I have an idea, but just to be sure .. I better check!
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18885852
So that implies that both vlan's traffic will be traveling on both ports 1,24 and 23,48.  Will the switch be smart enough to know that Switch 2 port 23 is to only speak to the group on Switch 1 port 23?  I'm not certain that the storage traffic will remain on the storage network, etc.

Almost there...
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18885893
-googled and found at top of page 10 in ftp://ftp.hp.com/pub/networking/software/Mgmt-Oct2005-59906023-Chap12.pdf

So  the important thing to remember:
First configure the trunks
and then afterwards
connect the links (Cables in / enable ports)
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18886030
All untagged ports (accessports) belonging to "Storage" will 'play' with other "Storage"-ports -whether on one or the other sw.
And same story in vlan1 .

If these 2 vlans (existing on 1 or 2 sw.'s ) were to 'speek' with eah other, then there should be asigned IP-adress to the 2 vlans and  some routing taking place.

Perhaps you would at some point think about not using the default_vlan1 so much if security is important.


0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18886059
I can't lose default lan, it's the production lan and on switch 1 and 2.  storage lan, right now, is simply a subset of the ports on switch 1 and I just want to make storage a subset of ports on switch 1 and on switch 2.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18901503
As long as you do not assign an IP to storage-vlan and have no routing taking place, the storage traffic will remain on the storage network .
When you have a small window of opportunity please remember to 'break' before 'make', that is the existing links between the sw's untagged vlan-ports must be disconnected / ports disabled BEFORE the tagged ports are connected / enabled.
Otherwise a network loop will show some flashing ligths  -or perhaps even steady ;-)
Any ?'s  left?
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18901655
Just to make sure: your advice is:
1. Remove any cables connecting the two switches.
2. Configured the devices with trunking as described above.
3. Ensure there is no routing devices in place (is a gateway involved at all?)
4. Put the cables back in place.

Correct?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18901680
yes
0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18901729
About the gateway questions:
1. None of the NICS are to have a gateway defined, correct?  
2. The Storage VLAN is not to have a default gateway defined, correct?

I'm trying the solution tomorrow night, when everybody is gone this time.
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 2000 total points
ID: 18901995
This is my guess of your setup:
A) Talking Storage VLAN :
Sw's do no have IP asigned to this vlan.
 Servers/PC's share a network with common netmask, all communication taking place in this network, no need for def. gw.

B) On default_vlan1 you probably have a mix of production-activity and switch-management-activity.
But in the perspective of not mixing vlan1<->vlan2
it does not matter whether you have asigned a management IP-adress to the sw's and given the PC's def. gw.'s.



0
 
LVL 2

Author Comment

by:MMDCisco
ID: 18902182
I've selected the last answer as the answer to take care of the points.  In the event something goes wrong, I'll open up another.  The reason for just selecting the final answer is there is only one contributor and selecting the last answer tags the entire discussion so future queries can use the rest of the discussion as a reference.

Thanks!
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18902409
Glad to help!
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question