VLAN plan/implementation help?
Hello everyone,
This is my first experts-exchange post, but I'm hoping all of your expertise can help me.
I'm fairly green when it comes to VLAN implementation, especially on HP Procurve hardware (there isn't nearly the documentation out there compared to Cisco).
I'll try and give you the goal of the project, as well as provide as much information as possible.
This scenario is an old K-12 school, so the cabling to the individual rooms isn't ideal. There's usually just one uplink to each classroom. We're looking to separate the traffic of all of our computer labs from the rest of our network. However, we still need those computers to talk to our server stack (AD, DNS, Fileserver, etc) for various reasons. I know this should be possible using inter-vlan routing, but after a few unsuccessful days of trying I'm looking for some guidance.
So, I'm pretty sure that all of the ports are connected to the computer labs need to be "untagged" in VLAN10, and all of the interconnecting links need to be "tagged" in VLAN 10. But perhaps I'm understanding it wrong. I'm sure this will come quite simple to you folks, so if you could just give me a configuration from one switch to another, I can probably figure it out for the rest of the labs.
Other things to consider: The Procurve 2910al is a Layer 3 switch. The 10.0.0.0/19 network is addressed via DHCP. The 10.0.32.0/19 network (for VLAN 10), we're prepared to statically assign (since they're desktops anyways).
If you need more information, I will be more than happy to provide. I may not be able to test this again until Wednesday, but will make sure to give credit where it's due.
Thank you very much for your help.
(brief (and poorly drawn) network diagram attached)
network.png
This is my first experts-exchange post, but I'm hoping all of your expertise can help me.
I'm fairly green when it comes to VLAN implementation, especially on HP Procurve hardware (there isn't nearly the documentation out there compared to Cisco).
I'll try and give you the goal of the project, as well as provide as much information as possible.
This scenario is an old K-12 school, so the cabling to the individual rooms isn't ideal. There's usually just one uplink to each classroom. We're looking to separate the traffic of all of our computer labs from the rest of our network. However, we still need those computers to talk to our server stack (AD, DNS, Fileserver, etc) for various reasons. I know this should be possible using inter-vlan routing, but after a few unsuccessful days of trying I'm looking for some guidance.
So, I'm pretty sure that all of the ports are connected to the computer labs need to be "untagged" in VLAN10, and all of the interconnecting links need to be "tagged" in VLAN 10. But perhaps I'm understanding it wrong. I'm sure this will come quite simple to you folks, so if you could just give me a configuration from one switch to another, I can probably figure it out for the rest of the labs.
Other things to consider: The Procurve 2910al is a Layer 3 switch. The 10.0.0.0/19 network is addressed via DHCP. The 10.0.32.0/19 network (for VLAN 10), we're prepared to statically assign (since they're desktops anyways).
If you need more information, I will be more than happy to provide. I may not be able to test this again until Wednesday, but will make sure to give credit where it's due.
Thank you very much for your help.
(brief (and poorly drawn) network diagram attached)
network.png
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Yes on the static route. Or you can just implement a static route on the firewall for (route 10.0.32.0/19 to 10.0.0.40), but I'm not sure about additional rules being required on the firewall. The main concept that you should remember, is that the IP assigned as default gateway in every subnet has to know how to get to every other subnet (plus a default route to the internet, if required).
you can segment each switch and give access to users based on vlan . use tag port to communicate with each switch .verify each switch connected with another as tagged . vlans tagged to particular port that connected to another switch .
ASKER
Excellent help, thanks!
ASKER
Thanks Otto, I finally had a chance to test it out today.
The VLANs are now routing and can talk, just what we were looking for. Our only lingering issue is that we can't get out to the Internet on VLAN 10, which I'm guessing is due to a lack of configuration (static route?) in the SonicWall.
Perhaps that is for a new thread, though. Thanks again for your help.
The VLANs are now routing and can talk, just what we were looking for. Our only lingering issue is that we can't get out to the Internet on VLAN 10, which I'm guessing is due to a lack of configuration (static route?) in the SonicWall.
Perhaps that is for a new thread, though. Thanks again for your help.
I would assume that it is caused by the missing static route. As I've indicated, every device that needs to forward traffic, needs to know where a particular subnet is located. By default, devices (like the L3 switch and your SonicWall gateway) only knows about subnets directly connected to them. Sometimes, we add a default gateway, to indicate that if it is not in any of the connected subnets, it needs to go in a particular direction.
But, in the case of the SonicWall, you already have a default route out to the internet. Then you need a more specific static route to VLAN 10 to allow traffic from the Internet to hosts on VLAN 10 to be forwarded to the L3 switch, or else it will just route it back out to the Internet again (where the default gateway points to).
But, in the case of the SonicWall, you already have a default route out to the internet. Then you need a more specific static route to VLAN 10 to allow traffic from the Internet to hosts on VLAN 10 to be forwarded to the L3 switch, or else it will just route it back out to the Internet again (where the default gateway points to).
Switches / Hubs
A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.
23K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
You've been a great help.