First VLAN setup. Have I got it right?

Posted on 2009-02-16
Last Modified: 2012-05-06
Ok please bare with me on this as this is pretty new.

First od all our local lan is all on the default VLAN 1 setup.

I have just replaced our external HP unmanaged switch (sits outside of internal lan) with a new HP 1800G ProCurve managed switch which is not connected to lan. Basically our ISP's router and external port on our Cisco ASA5510 firewall plus a couple of other devices sit on this switch. But I want to be able to manage this from the interanl lan.
I have given the new HP 1800G ProCurve switch a local IP (

Do I just need to create a VLAN 2 on this switch place all device ports on this VLAN apart from one port (8) leave it in the default VLAN 1 and then plug that into a switch on our lan? Will this enable me to then manage it without physically plugging into this switch?

I hope that makes sense.

Basic setup:

Inside port on Cisco 5510>
Outside port on Cisco 5510>
External Switch(HP 1800G ProCurve)> ISP Router + other devices i.e. Video Conference device>

And would I be able to make these changes on the fly? Or would it take down anything by creating VLAN's and assigning ports.

Thanks in advance,
Question by:Vai777
    LVL 9

    Expert Comment

    You should create a seperate VLAN (vlan 2) to hold the internal network and give the that VLAN an IP address in the internal IP addressing scheme, then you´d be able to manage it from the LAN.

    Also any changes on the switch is done on the fly except creating vlans to a certain point when using HP, then you have to enable the software for more VLANs (think default is 5 vlans).

    So it would be like this: LAN-SWITCH->HP-SWITCH-VLAN2->Inside ASA5510->OutsideASA5510->HP_SWITCH-VLAN1.


    Author Comment

    But we've got 6 switches on our internal lan all setup on the default VLAN 1.
    So wouldn't it be easier to set the external switch on VLAN 2 i.e. ports 1>7 and leave port 8 on VLAN 1 and then link port number 8 to the rest of the internal switches?

    Wouldn't that enable me to get to it from the internal lan?
    LVL 9

    Accepted Solution

    It will be more simple to it like you suggest but in reality it dosn´t matter as VLAN is only significant locally per switch unless you use VLAN trunk between your switches.

    For instance attaching a switch VLAN 2 to a switch VLAN 1 as access ports still enables them to pass traffic but the setup isn´t really in line with best practices.

    Also you need to ports in VLAN 1 for internal LAN 1 for the rest of the internal LAN switches and 1 for the ASA5510 inside interface.

    So in your case it would look like this.


    Author Comment

    We don't use any trunks. This is the first VLAN setup I've ever done.

    How would you suggest I manage the external switch instead? I need to be able to manage it from the internal lan rather than having to physically plug into the switch.

    And your last topology example is exactly how it looks now.

    Thanks for all you help and advice so far. It's much appreciated.
    LVL 9

    Expert Comment

    If its like that then you should just give the HP switch an LAN IP address on VLAN 1 and no IP address on VLAN 2 and you should be in business.

    Author Comment

    Already done!

    Great stuff. I'm no longer a VLAN virgin.

    Thanks again. Your a star!

    Points will be given.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (…
    I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now