Solved

Vlan on HP 1905 smart switch

Posted on 2011-09-17
16
2,652 Views
Last Modified: 2012-05-12
Greeting ,

I was looking at some response on building Vlan , one seem to be pretty similar at what my need's are , but limited by my client budget Iand what is available in KL a HP 1905 smart switch ( need ACL) what was fitting in.

As per the doc The HP 1905 doesn't seem to  have static routing feature so can I still bui;ld something like shown below :

///////////
On the switch:
ip default-gateway 10.0.0.254
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 25
   ip address 10.0.0.253 255.255.255.0
   exit
vlan 11
   name "Class_1"
   ip address 10.0.1.1 255.255.255.0
   untagged 1-12
   exit
vlan 12
   name "Class_2"
   ip address 10.0.2.1 255.255.255.0
   untagged 13-24
   exit

On the router connected to port 25, create two static routes:

10.0.1.0/24 -> 10.0.0.253
10.0.2.0/24 -> 10.0.0.253

/////////////////////

Never worked on smart switch so it is all new to me  The HP 1910 smart switch it's also available  ( having static routing) but almost at twice the cost of a 1905 so over my client budget ... it dont have to be HP but choice here in KL are somewhat limited, otheer switch suggestion are welcome,

Thank's

Alan
0
Comment
Question by:hiramlight
  • 12
  • 4
16 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36554093
To realise this your router needs to support tagged VLAN (IEEE 802.1q) and add a "tagged 25" to vlan 11 and vlan 12 or a seperate port on all virtual networks.

Because this switch doesn't support layer 3 routing it also won't be possible to assign ip adresses in multiple vlans. As well this is not nessesary. The switch only needs one ip address for management and monitoring.
0
 

Author Comment

by:hiramlight
ID: 36554295
hi adcxyz,

from the hp 1905 spec:
Layer 2 switching
•VLAN support and tagging — support up to 64 port-based VLANs and dynamic configuration of IEEE 802.1Q VLAN tagging, providing security between workgroups

So the 1905 should be enought for what I want to do then, we have 5 floors , each with an Access point for wireless internet access so  I need to run to 2 seperate subnet, one for wireless access could be 'class_1' and another for office workstations (each with af ix IP)  and be "class_2" , and tag port 25  to be the gateway to our 3com router ( internet) . then ACL to keep the computer on each subnet to communicate with each other.
so somethiing like this maybe ...?

3 separate lan

10.0.1.0   // Gateway  3com  router lan IP 10.0.1.254 connected on switch port 25

10.0.2.0  (admin_1)
and
10.0.3.0 (wireless_1)

vlan 1
name "DEFAULT_VLAN"
untagged 25
no untagged 1-22
exit

vlan 2
Admin_1
1 - 11 Untagged
25 Tagged
exit

vlan 3
Wireless_1
12 - 22 Untagged
25 Tagged
exit

/// ACL

ip access-list standard "ambassador"
10 permit 10.0.1.0 0.0.0.255
20 deny 10.0.0.0 0.0.255.255
30 permit any

vlan 2
ip access-group "ambassador" in
vlan 3
ip access-group "ambassador" in


'' router static route

 DEFAULT          10.0.1.0        10.0.1.254
2 Admin_1         10.0.2.0        10.0.1.254
3 Wireless_1      10.0.3.0       10.0.1.254

on th HP 1905, does i get 1 IP ...? if so then the switch IP would be the gateway ... correct ..?

Thank's
Alan
0
 

Author Comment

by:hiramlight
ID: 36554297
If what I put before can work, then tomorrow I wlll go and get na hp 1905 , so I can begin testing here before setting it up on location

Thank you for your help,

Alan
 
0
 

Author Comment

by:hiramlight
ID: 36595026
when I do something like this

vlan 1
name "VLAN001"
Port9-12 Untagged
Port21-24 Untagged
Port26 Untagged

exit


vlan 2
Admin_1
1 - 11 Untagged
25 Tagged
exit

vlan 3
Wireless_1
12 - 22 Untagged
25 Tagged
exit


vlan4
GATE
25 Untagged
exit
/////////////////////////

I cannot go anywhere , look at the manual but something I  must be missing , port 25 and 26 are the  two combo ports ...so I add a Vlan to untagged it but no ,  what am I doing wrong ..?? do I have to set the Global Vlan Setting..?

thank's

Alan
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36598285
Can you post a "show run" after configuring what you want?
This config can't be correct because a port can only be untagged to one vlan at a time.
In your case, you want ports 9-11 to be in vlan 1 and vlan 2, and ports 12,21,22 in vlan 1 and 3.

Do you have tagged vlans configured in your 3com router? These vlans must be configured using the same ids as in your switch.
0
 

Author Comment

by:hiramlight
ID: 36600437
Hi abcxyz, ,

No I didn't tag valn in my 3com router, as I said first time I have to deal with Vlan, all I did in the router is build static routes as I want each vlan to use different iP.  didn't know I had to do that , So I will look in the 3 com router on how to configure tagged vlan . ..... if you can give me ointer on how  , I appreciated   ( but I dont have thew router model, it is 3 com small business router ) but in the mean time  I will goggle it ,


What I want to do is actually simple, 2 Vlan , one for AP ( access point) and one for the office work stations , both Vlan using the same port tpo access internet but not visible to each other or at least not accessible, since the AP will be access it by the hotel guests.

Thank's

 Alan

0
 

Author Comment

by:hiramlight
ID: 36600640
the router is an 3 com WL-537  office connect .. hope thta we caab conf Vlan on those ....
0
 

Author Comment

by:hiramlight
ID: 36600923
whoo  I made serious mistake in the copy/ past for the vlan in my previous post .

vlan 1
name "DEFAULT_VLAN"
untagged 25-26
no untagged 9-24
exit

vlan 2
Admin_1
1 - 4 Untagged
25 Tagged
exit

vlan 3
Wireless_1
5 - 8 Untagged
25 Tagged
exit

/////////

port 25 is connected to the 3com with an rj45  to access internet

Not sure how I can make such mistake , but had a long day that day and couldn't understand why as soon asI  tagged 25,  all connections were lost couldbn't even ping anthing from laptop connected to the 1905 ..

hope you caan help me work this out.

Thank's

Alan
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 10

Accepted Solution

by:
acbxyz earned 500 total points
ID: 36708569
With this 3com router it is not possible to do what you want.

vlan tagging is like you have an ordinary lan cable (the untagged vlan) with more separated cables inside (tagged vlans). These virtual cables can't cross.

If you want separate network subnets, you can use one layer2-lan, but it is unsecure and you can use dhcp only on one subnet. To use separate (v)lans, you need a layer3-router which has as many physical interfaces as you need networks and as many real cables between it and your switch, so you can use untagged ports, or a router which supports tagged vlans (ieee 802.1q).

http://en.wikipedia.org/wiki/Virtual_LAN
http://de.wikipedia.org/wiki/Datei:Ethernetpaket.svg

One option can be to reflash your 3com with ddwrt or openwrt, but it can be difficult.
0
 

Author Comment

by:hiramlight
ID: 36715880
Ya I was reading about openwrt , but  would an 828 g/sdsl cisco modem / router support this ,didn't use it for a while and I remmeber I could set virtual access .

Thank's

Alan
0
 

Author Comment

by:hiramlight
ID: 36715929
and is it possible even if not using tagged port to have 2 vlan accessing the net by using only one port let said port 25 ...?  let said I creat 3 vlan, vlan1 P1-8, vlan2 P9-12  and Vlan3 Port 25 and for exempel use Vlan 3 as guest Vlan and that be gateway to the net ... I tried but he didn't work .. maybe I w missed soemthing ..
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36718994
I have installed openwrt on an old wrt54 which works fine (excluding wlan) as router between different lans with vlan support and as firewall (iptables created with fwbuilder)

As I said before, to connect different vlans you need a layer 3 router. If you only want one port on your switch for this, you need tagged vlans and a router which supports this, too. The only other option would be a layer 3 switch, your 1905 is not.

If you use tagged vlans you should not use vlan 0 or 1 inside a switch, because if tagged they can conflict with untagged ports.
0
 

Author Comment

by:hiramlight
ID: 36790468
well, I look at openwrt sitee and 3com is in the unsupportable device, not thaat speccific model but still.. so need to see if I caan find an older moddel wwho would support it .. I also have aa levelOne rouer but dod show anywhere .... i WILL STOP AT THE SHOP WHERE i GOT THE 1905 AND SEE IF i CAN EXCHANGE FOR 1910 , WHO SUPPORT LEVEL 3 .. , that might be the simplest solution .. .
0
 

Author Comment

by:hiramlight
ID: 36790759
oops sorry for upper ...!
0
 

Author Closing Comment

by:hiramlight
ID: 36911563
I got a little bit confused because of the first comment from adcxyz , where he mention the we can't gave IP address because that switch doesn't have layer 3, the " as well as that is not necessary" got me to think that I still can use tagged port, when later as he explain  there is actually more to it , same with the 801.x, it is on the 1905, but so far didn't really see how this can be helpfull, I would think maybe in a case where we stack switch or like abcxyz mention , with a router that support vlan . Anyway it was my first experience  with smart switch and thank's to his help I was able to find a solution who work for me.. and at the end of the day it is what really matter and what EE is all about ....
0
 

Author Comment

by:hiramlight
ID: 36911635
typo error, by 801.x , I meant 802.1Q  , sowwhen abcxyc wrote " To realise this your router needs to support tagged VLAN (IEEE 802.1q) and add a "tagged 25"  ""  I got the 1905 switch and  I assumed that  the tech description mentioning "". : dynamic configuration of IEEE 802.1Q VLAN tagging, providing security between workgroups ""  would do the trick and I certainly was wrong.didn't find out how the dynamic section section of the 1905 could have helped . maybe I missed it ....
:
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now