Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Implementing VLANs into a working Network

Posted on 2011-03-12
10
Medium Priority
?
801 Views
Last Modified: 2012-05-11
Hello All,

My company has exhausted all our IPs in the current 192.168.123.x Scope. I am currently working on implementing VLANs to resolve this issue.

I have never implemented VLANs on a live network, let alone on HP equipment. If someone can look over my configs and help me fix what needs to be fixed so the implementation can be done seamlessly.

Thank you in advance.

Darren Dyke

Please see the below configs for each switch:

hostname "West_GB_2910"
module 1 type J9145A

exit
ip default-gateway 192.168.123.254
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 1-2,4-24
ip address 192.168.123.253 255.255.255.0
no untagged 3
exit
vlan 9
name "VLAN9_VOICE"
untagged 3
ip address 10.123.1.253 255.255.255.0
exit

vlan 400
name "East VLAN"
ip address 192.168.124.253 255.255.255.0
ip helper-address 192.168.123.6
tagged 5
exit
vlan 500
name "West VLAN"
ip address 192.168.125.253 255.255.255.0
ip helper-address 192.168.123.6
tagged 5
exit
vlan 600
name "Private WIFI"
ip address 192.168.126.253 255.255.255.0
ip helper-address 192.168.123.6
tagged 5
exit
vlan 700
name "Public WIFI"
ip address 192.168.127.253 255.255.255.0
ip helper-address 192.168.123.6
tagged 5
exit

fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
timesync sntp
ip route 0.0.0.0 0.0.0.0 192.168.123.254

==============================================

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "DATA GB WEST"
time timezone -300
time daylight-time-rule Continental-US-and-Canada

trunk 18-19 Trk1 Trunk
trunk 6-7 Trk2 Trunk
trunk 11-12 Trk3 Trunk
ip default-gateway 192.168.123.253
sntp server 192.168.123.254
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server host 192.168.123.58 "public"

vlan 1
name "DEFAULT_VLAN"
untagged 1-5,8-10,13-17,20-24,Trk1-Trk3
ip address 192.168.123.246 255.255.255.0
exit
vlan 500
name "West VLAN"
ip address 192.168.125.246 255.255.255.0
tagged Trk3,1,22-23
exit
vlan 600
name "Private WIFI"
ip address 192.168.126.246 255.255.255.0
tagged Trk3,1,13-14,22
exit
vlan 700
name "Public WIFI"
ip address 192.168.127.246 255.255.255.0
tagged Trk3,1,13-14,22
exit
ip authorized-managers 192.168.123.0 255.255.255.0
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
password manager
password operator

===============================================

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "EASTGB01"

trunk 2-3 Trk1 Trunk
ip default-gateway 192.168.123.253
sntp server 192.168.123.254
ip routing
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server host 192.168.123.58 "public"
vlan 1
name "DEFAULT_VLAN"
untagged 5-24
tagged Trk1
ip address 192.168.123.241 255.255.255.0
exit
vlan 400
name "East VLAN"
ip address 192.168.125.241 255.255.255.0
tagged Trk1,1,4
exit
vlan 600
name "Private WIFI"
ip address 192.168.126.246 255.255.255.0
tagged Trk1,15
exit
vlan 700
name "Public WIFI"
ip address 192.168.127.246 255.255.255.0
tagged Trk1,15
exit
ip author
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
spanning-tree Trk1 priority 4


===============================================

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "WEST OPERATIONS"

ip default-gateway 192.168.123.253
sntp server 192.168.123.254
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
ip address 192.168.123.240 255.255.255.0
exit
vlan 500
name "West VLAN"
ip address 192.168.125.240 255.255.255.0
tagged 24
untagged 1-23
exit

==============================================


Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "EAST DEV GB"
snmp-server contact "Tom Packert"
ip default-gateway 192.168.123.253
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
ip address 192.168.123.238 255.255.255.0
exit

vlan 400
name "East VLAN"
ip address 192.168.125.238 255.255.255.0
tagged 21
untagged 1-20,22-24
exit
net-diagram.jpg
0
Comment
Question by:drnfx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 5

Expert Comment

by:tiago_aviz
ID: 35116865
Dumb question: why not enlarge the network mask for the internal network?
0
 

Author Comment

by:drnfx
ID: 35116890
Change the subnet mask at this point is not an option... this is a LIVE network and VLANs are the easiest option....
0
 
LVL 5

Expert Comment

by:tiago_aviz
ID: 35116926
I would have to disagree. You can change the network mask for a broader network on all servers and firewalls first, and then change it on your dhcp servers, extending the address scope. I've done this over and over on live networks.

As for the hp switch configuration, I wouldn't know if it would work as I only work with cisco equipment.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:drnfx
ID: 35117037
I agree... but that is not one of my options...

Thank you for the input, i am a cisco guy myself... foreign to the antiquated HPs
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 2000 total points
ID: 35118136
As far as I can see access-ports ARE untagged in their vlan, fine.

The interswitch links should carry all relevant vlans with same pattern of tagging in both ends.
I wonder why you did not bring vlan1 along on all switches, you may have your reason,  this is however not the way I implemented my setup. I only setup routing on one of my switches.

You do not mention details of changes to you routing.
I can see you have setup Ip helper-address to DHCP-server, fine.

Scope options in DHCP should have a default gateway setting of the Vlan-IP in THE routing switch(fx. not IP of the firewall).
In the device with IP 192.168.123.254 there should be implemented routes back to the new vlans via 192.168.123.253
fx something like IP ROUTE 192.168.124.0  MASK 255.255.255.0 GW 192.168.123.253

HTH
0
 

Author Comment

by:drnfx
ID: 35128500
I actually forgot to tag vlan 1, i was writing these configs from scratch.

I agree only one switch should have routing... I would like to make it on the 123.253 since that switch is the one connected to the Astaro Firewall. I haven't been able to test this config yet because I am waiting for some more NICs that will allow me to create an Ethernet VLAN and tag the VLANs on the firewall.

What routes should I have on the 123.253?

0
 
LVL 17

Expert Comment

by:jburgaard
ID: 35130829
route to dgw like
ip route 0.0.0.0 0.0.0.0 192.168.123.254
is what you need
The inter-vlan routing is automatically build for the vlans with IP's on the routing switch.
 
-to show at CLI:
show ip route

HTH
0
 

Author Comment

by:drnfx
ID: 35131089
Okay, I already have this route in... so in theory as long as i tag vlan 1 then this should work.

Will keep you informed.

Thanks for input :)
0
 

Author Comment

by:drnfx
ID: 35167281
jburgaard: thanks for all your input thus far, I have one more question for you...

The reason why I didn't include vlan 1 was because I forgot to ask how to change the default VLAN for the switches...

I want to create another vlan, vlan 300 and that is going to be the admin vlan where all the switches/routers/servers are going to rely, the IP schema will be the same: 192.168.123.x however I am unsure how to set that as the new default vlan.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 35173588
I have not tried. AFIK you can not do that.

If you want to implement a common ground in communication with Cisco-devices, untagging vlan 300 on HP port linking to cisco will match a native vlan on Cisco-device.

If this is a matter of security please have look at:
http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf

Generaly you can find detailed info in 'Advanced traffic managment guide' for you switch
fx look at chap 2 in http://ftp.hp.com/pub/networking/software/2600-2800-4100-6108-AdvTraff-Oct2005-59908853.pdf -mentioning the 'primary vlan' (DHCP to switch) and the 'secured management vlan' (not participating in routing)
HTH
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question