This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.
VLAN plan/implementation help?
Hello everyone,
This is my first experts-exchange post, but I'm hoping all of your expertise can help me.
I'm fairly green when it comes to VLAN implementation, especially on HP Procurve hardware (there isn't nearly the documentation out there compared to Cisco).
I'll try and give you the goal of the project, as well as provide as much information as possible.
This scenario is an old K-12 school, so the cabling to the individual rooms isn't ideal. There's usually just one uplink to each classroom. We're looking to separate the traffic of all of our computer labs from the rest of our network. However, we still need those computers to talk to our server stack (AD, DNS, Fileserver, etc) for various reasons. I know this should be possible using inter-vlan routing, but after a few unsuccessful days of trying I'm looking for some guidance.
So, I'm pretty sure that all of the ports are connected to the computer labs need to be "untagged" in VLAN10, and all of the interconnecting links need to be "tagged" in VLAN 10. But perhaps I'm understanding it wrong. I'm sure this will come quite simple to you folks, so if you could just give me a configuration from one switch to another, I can probably figure it out for the rest of the labs.
Other things to consider: The Procurve 2910al is a Layer 3 switch. The 10.0.0.0/19 network is addressed via DHCP. The 10.0.32.0/19 network (for VLAN 10), we're prepared to statically assign (since they're desktops anyways).
If you need more information, I will be more than happy to provide. I may not be able to test this again until Wednesday, but will make sure to give credit where it's due.
Thank you very much for your help.
(brief (and poorly drawn) network diagram attached)
network.png
This is my first experts-exchange post, but I'm hoping all of your expertise can help me.
I'm fairly green when it comes to VLAN implementation, especially on HP Procurve hardware (there isn't nearly the documentation out there compared to Cisco).
I'll try and give you the goal of the project, as well as provide as much information as possible.
This scenario is an old K-12 school, so the cabling to the individual rooms isn't ideal. There's usually just one uplink to each classroom. We're looking to separate the traffic of all of our computer labs from the rest of our network. However, we still need those computers to talk to our server stack (AD, DNS, Fileserver, etc) for various reasons. I know this should be possible using inter-vlan routing, but after a few unsuccessful days of trying I'm looking for some guidance.
So, I'm pretty sure that all of the ports are connected to the computer labs need to be "untagged" in VLAN10, and all of the interconnecting links need to be "tagged" in VLAN 10. But perhaps I'm understanding it wrong. I'm sure this will come quite simple to you folks, so if you could just give me a configuration from one switch to another, I can probably figure it out for the rest of the labs.
Other things to consider: The Procurve 2910al is a Layer 3 switch. The 10.0.0.0/19 network is addressed via DHCP. The 10.0.32.0/19 network (for VLAN 10), we're prepared to statically assign (since they're desktops anyways).
If you need more information, I will be more than happy to provide. I may not be able to test this again until Wednesday, but will make sure to give credit where it's due.
Thank you very much for your help.
(brief (and poorly drawn) network diagram attached)
network.png
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You need to ensure that VLAN10 is "tagged" on both sides of all links between switches, and leave VLAN1 untagged (the default setting, I assume). Also, on the Layer3 switch, you have to configure IP addresses for both VLAN1 and 10. These IP addresses will be configured as the default gateway for clients in the respective subnets: Clients in VLAN 10 will use the IP configured on 2910-al for VLAN 10 as the default gateway, and the DHCP server should assign the IP configured for VLAN 1 as default gateway to all DHCP clients. Then you should be able to route between 10.0.0.0/19 and 10.0.32.0/19.
If you need more info, let me know. I think that I have an HP ProCurve config manual saved somewhere.
If you need more info, let me know. I think that I have an HP ProCurve config manual saved somewhere.
Thanks Otto, so will I need to change DHCP to point gateway/router to 10.0.0.40 (which is currently vlan1 ip assigned) instead of 10.0.0.4 (which is our firewall/gateway to the Internet)? If I do that, do I need to create a static route similar to 0.0.0.0/0 10.0.0.4?
You've been a great help.
You've been a great help.
Yes on the static route. Or you can just implement a static route on the firewall for (route 10.0.32.0/19 to 10.0.0.40), but I'm not sure about additional rules being required on the firewall. The main concept that you should remember, is that the IP assigned as default gateway in every subnet has to know how to get to every other subnet (plus a default route to the internet, if required).
you can segment each switch and give access to users based on vlan . use tag port to communicate with each switch .verify each switch connected with another as tagged . vlans tagged to particular port that connected to another switch .
Thanks Otto, I finally had a chance to test it out today.
The VLANs are now routing and can talk, just what we were looking for. Our only lingering issue is that we can't get out to the Internet on VLAN 10, which I'm guessing is due to a lack of configuration (static route?) in the SonicWall.
Perhaps that is for a new thread, though. Thanks again for your help.
The VLANs are now routing and can talk, just what we were looking for. Our only lingering issue is that we can't get out to the Internet on VLAN 10, which I'm guessing is due to a lack of configuration (static route?) in the SonicWall.
Perhaps that is for a new thread, though. Thanks again for your help.
I would assume that it is caused by the missing static route. As I've indicated, every device that needs to forward traffic, needs to know where a particular subnet is located. By default, devices (like the L3 switch and your SonicWall gateway) only knows about subnets directly connected to them. Sometimes, we add a default gateway, to indicate that if it is not in any of the connected subnets, it needs to go in a particular direction.
But, in the case of the SonicWall, you already have a default route out to the internet. Then you need a more specific static route to VLAN 10 to allow traffic from the Internet to hosts on VLAN 10 to be forwarded to the L3 switch, or else it will just route it back out to the Internet again (where the default gateway points to).
But, in the case of the SonicWall, you already have a default route out to the internet. Then you need a more specific static route to VLAN 10 to allow traffic from the Internet to hosts on VLAN 10 to be forwarded to the L3 switch, or else it will just route it back out to the Internet again (where the default gateway points to).
Premium Content
You need an Expert Office subscription to comment.Start Free Trial