Solved

5 Vlans, 2 Hp Procurve Switches, One Router, need help!!

Posted on 2012-03-27
15
634 Views
Last Modified: 2012-04-02
My current setup is for a local small church/school.

2x  HP 1810g-24 gigabit swtiches.
2x WAPs
1x Asus RT-n66u (dot1q supporting)

Goal is to create multiple vlans to separate the groups, fileshare, print, etc. with internet access to vlans.

I created 4 vlan's on top of the default 1. they are as follow...

vlan 1 - default
vlan10 - staff
vlan20 - student
vlan30 - multimedia team
vlan40 - general use

I also created a trunk on switch 1 port 2, and trunked it with port 1 of switch 2.

all wiring is centralized to a server rack.
I am also intending to add in a WAP for the student, and one for the general use.

The trouble i am having is, putting in the right untagged/tagged configurations to allow
the vlan's to see the router. I was able to get it at one point, but I didn't save and couldn't recover the settings.  

I have attached an excel sheet of the layout of the switches.
vlan-distro.xlsx
0
Comment
Question by:Dakren12
  • 5
  • 4
  • 3
  • +1
15 Comments
 

Author Comment

by:Dakren12
ID: 37775218
i forgot to mention, all the end hosts are just computers, desktops, laptops, printers, etc... or additional consumer level routers/wap's
0
 
LVL 119
ID: 37778721
your trunks need to carry all Tagged VLANs.

your access ports, network ports that connect to staff, student PCs need to be tagged with correct VLANs.

so a student network port is VLAN 20, staff 10 etc

router should understand the tagged traffic

by doing this staff and student traffic will be separated.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 37779655
I agre with hanccocka as far as trunks are concerned: TAG all vlans on up/downlink-ports
OR untag vlan1&Tag the rest
-but do it same way in both ends!

The port leading to router shoud mach config in that end:
my guess would be: untag vlan1&Tag the rest (native vlan =untagged)

But the access-ports must just be UNtagged in one vlan

HTH
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Dakren12
ID: 37780445
so this is what you guys are saying?

Switch 1 (Port 1 is connected to router, only vlan1 is untagged for router)
               (Port 2 is trunk, tagged for every vlan)

             1 2 3 4 5 6 7 8 9 10  11 12 13 14 15 16 17 18 19 20 21 22 23 24
vlan 1   UTUUU  UUUU  U   U   U   U   U   U  U  U   U   U  U  U   U  U   U
vlan10  T T T T T T  T T T  T   T    T    E   E   E   E   E   E   E   E   E   E   E   E
vlan20  T T E E E E  E E E  E   E    E    E   E  E   E   E    E   E   T   T   T   T   T
vlan30  T T E E E E  E E E  E   E    E    E   E  E   E   E    E   E   E   E   E   E   E
vlan40  T T E E E E  E E E  E   E    E    E   E  E   E   E    E   E   E   E   E   E   E


Switch 2 (Port 1 is trunk, connected to trunk of switch 1, taggged for all vlans)

             1 2 3 4 5 6 7 8 9  10 11 12 13  14 15 16 17  18 19 20 21 22 23 24
vlan 1   T UUUU  UUUU  U   U   U   U  U   U  T   U   U   U   U   U  U   T  U
vlan10  T E E E E E  E E E  E   E    E   E   E   E   E    E   E    E   E    E  E   E   E
vlan20  T E T T T T  T T T  T   E    E   E   E    E   E   E   E    E   T    T   T   T   T
vlan30  T E E E E E  E E E  E   T    E   E   E   E   E    T   E    E   E    E   E   E   E
vlan40  T E E E E E  E E E  E   E    T   T   T   T   U   E    T   T   T    T   T   U  T

Port 16 and 23 is untagged on vlan40 and tagged in vlan1, these port are wireless
access points.

I have attached an excel version
LAYOUT.xlsx
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 37780498
normaly a NIC on a PC will not 'understand' a Tagged packet, so UNtag accessports in relevant vlan
0
 

Author Comment

by:Dakren12
ID: 37780542
if NIC's wont understand tagged packets.... does that mean i have to UNtag every port that goes to a computer in the corresponding vlans?
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 37780688
yes
and maybe also to AccessPoints
0
 
LVL 119
ID: 37781161
if NIC's wont understand tagged packets.... does that mean i have to UNtag every port that goes to a computer in the corresponding vlans?

Yes.
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 37781691
I looked in the user manual for the Asus RT-n66u router and don't see anyhting about VLANs or VLAN tagging which would be required for your setup.
0
 

Author Comment

by:Dakren12
ID: 37783107
hmmmm, I telnet into the router, and i saw this

Jan 1 01:00:07 kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 500 total points
ID: 37783909
If it does do tagging then you need to have the port on the router and the port it is connected to on the switch tagged for all 4 VLANs. Just like you did for the trunks between the switches.

vlan10 - staff
vlan20 - student
vlan30 - multimedia team
vlan40 - general use
0
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 500 total points
ID: 37784253
You will also need a different IP interface on the router for each VLAN/Subnet.
0
 

Author Comment

by:Dakren12
ID: 37786338
i dont think my router support multiple interfaces for each vlan/subnets, do you have a recommendation under $400?
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 500 total points
ID: 37787306
I can't give you a specific recommendation but you might check out Draytek and Netgear which usually have good pricing.

Just make sure they can do what you want for the VLAN routing piece in your design.
0
 
LVL 119
ID: 37787681
Draytek 2830N
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to Create Separate Guest WiFi VLAN on Netgear R8000 19 87
DNS Server 7 58
Router Question 12 54
windows server 2012 R2 DHCP clustering ? 5 19
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question