ProCurve 2600 Switches and VLAN traffic
I've a need to add a vlan to an existing network, and I'm having some difficulty going at it the "best" way. Allow me to paint a picture of the existing setup.
Firewall to the external world is an ISA 2006 appliance.
Internally at site A we have three switches, the ProCurve 2810-24, and two ProCurve 26-10-48's. Site A also has an MPLS router to connect to Site B. All web traffic goes through Site A.
Site A's internal addressing is 192.168.1.x
Site B's internal addressing is 192.168.2.x
What I hope to accomplish is to create a vlan for our voip phones so that I can build some QoS into the routers.
Here are some of the issues I've run into.
I've found that the ProCurve switches can act as routers. However, I have three of these switches, and the vlan ip configured on each switch should be different, correct?
Example:
ProCurveA
- vlan 1 (main) - ip 192.168.1.3 (since 1.1 is the isa firewall and 1.2 is our mpls router)
- vlan 2 (voip) - ip 192.168.10.1
ProCurveB
- vlan 1 (main) - ip 192.168.1.4
- vlan 2 (voip) - ip 192.168.10.2
ProCurveC
-vlan 1 (main) - ip 192.168.1.5
-vlan 2 (voip) - ip 192.168.10.3
If this is true, how should the routing be configured so that traffic can reach the 10.x network?
Second, since I need to establish some QoS on both the mpls router and the external routers, these two routers also need some routing information to be able to find those networks. So where should the gateway for those networks exist?
I have a feeling that in the course of reading up on what vlan's are and how they're implemented, I may have made the problem more complicated than it needs to be. Hopefully someone can give me some clarity. Also, since I didn't give much detail above, I'm happy to give a little more detail or answer other questions in search of answers.
Firewall to the external world is an ISA 2006 appliance.
Internally at site A we have three switches, the ProCurve 2810-24, and two ProCurve 26-10-48's. Site A also has an MPLS router to connect to Site B. All web traffic goes through Site A.
Site A's internal addressing is 192.168.1.x
Site B's internal addressing is 192.168.2.x
What I hope to accomplish is to create a vlan for our voip phones so that I can build some QoS into the routers.
Here are some of the issues I've run into.
I've found that the ProCurve switches can act as routers. However, I have three of these switches, and the vlan ip configured on each switch should be different, correct?
Example:
ProCurveA
- vlan 1 (main) - ip 192.168.1.3 (since 1.1 is the isa firewall and 1.2 is our mpls router)
- vlan 2 (voip) - ip 192.168.10.1
ProCurveB
- vlan 1 (main) - ip 192.168.1.4
- vlan 2 (voip) - ip 192.168.10.2
ProCurveC
-vlan 1 (main) - ip 192.168.1.5
-vlan 2 (voip) - ip 192.168.10.3
If this is true, how should the routing be configured so that traffic can reach the 10.x network?
Second, since I need to establish some QoS on both the mpls router and the external routers, these two routers also need some routing information to be able to find those networks. So where should the gateway for those networks exist?
I have a feeling that in the course of reading up on what vlan's are and how they're implemented, I may have made the problem more complicated than it needs to be. Hopefully someone can give me some clarity. Also, since I didn't give much detail above, I'm happy to give a little more detail or answer other questions in search of answers.
ASKER
Think I had a typo, the 10.x network was supposed to be written as 192.168.10.x
Our voip phones are all over the place on the switches, and some phones have built-in bridging where computers are plugged in to as well, and it is because of this that I can't simply assign ports to vlans.
So if I'm understanding your comment correctly, I would set up a single trunk port from one switch to the router. This trunk port would have perhaps the ip of 192.168.10.1 (I assume then perhaps that this would be the gateway used for the network?)
What about the other two switches? Would each switch need a trunk directly to the router? The switches are currently chained in such a way such that the router goes directly into our 2800, and each 2600 comes off the 2800 (hopefully that makes sense!)
Our voip phones are all over the place on the switches, and some phones have built-in bridging where computers are plugged in to as well, and it is because of this that I can't simply assign ports to vlans.
So if I'm understanding your comment correctly, I would set up a single trunk port from one switch to the router. This trunk port would have perhaps the ip of 192.168.10.1 (I assume then perhaps that this would be the gateway used for the network?)
What about the other two switches? Would each switch need a trunk directly to the router? The switches are currently chained in such a way such that the router goes directly into our 2800, and each 2600 comes off the 2800 (hopefully that makes sense!)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Alright, let's start from the core - the router.
On the router, you configure a port with two subinterfaces. The interface itself gets no IP address, but each subinterface needs an ip address on its subnet (ie fa0/1.1 would have ip 192.168.1.1, fa0/1.10 would have ip 192.168.10.1)
You would then need to configure a trunk from one switch to the router (I believe procurve supports dot1q encapsulation for trunks)
You could daisy chain your other switches, so that switch A connects to the router, switch B connects to Switch A, switch C connects to Switch B - and each switch connects to each other via a trunk line, so that all VLANs can reach the next switch, and get to the router. There's no need to plug each switch directly into the router - in fact, I'm not sure you're allowed to do that.
On the router, you configure a port with two subinterfaces. The interface itself gets no IP address, but each subinterface needs an ip address on its subnet (ie fa0/1.1 would have ip 192.168.1.1, fa0/1.10 would have ip 192.168.10.1)
You would then need to configure a trunk from one switch to the router (I believe procurve supports dot1q encapsulation for trunks)
You could daisy chain your other switches, so that switch A connects to the router, switch B connects to Switch A, switch C connects to Switch B - and each switch connects to each other via a trunk line, so that all VLANs can reach the next switch, and get to the router. There's no need to plug each switch directly into the router - in fact, I'm not sure you're allowed to do that.
ASKER
Thanks guys, that "trunking" terminology definitely helped. Let me hammer away at it and I'll see what I can come up with.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys, you were both helpful so I split the points up. I'm going to do a little more research and get my facts straight before I take another whack at it.
Where is this 10.x network? I assume connected to your router? In any case, in order for VLANs to talk to each other, you must route between them - so you need a trunk port from one of your switches into the router, set up subinterfaces (which do need IP addresses by the way), and you're good to go.