Solved

Vlan Question

Posted on 2014-03-19
5
585 Views
Last Modified: 2014-03-20
Hello
I am trying to establish a Vlan between two switches
getting a little confused between tagged and untagged port assignments
both switches are HP Procurve switches

I switch a is connected on port 39 to switch 2 on port 24?
i have the VLAN id of 58 setup on both switches?
 when i connect the switches i am unable to pass traffic across ( unable to ping a device on switch 2 from switch 1

I am trying to get the devices on switch 2  VLAN 58 to be able to access the internet via our firewall also.
any ideas?
0
Comment
Question by:schuitkds
  • 2
  • 2
5 Comments
 
LVL 7

Expert Comment

by:Lee Ingalls
Comment Utility
Here is a screenshot of my Port Based VLAN's on an HP Procurve. Take a look at the Default VLAN, ENG VLAN and ISCSI VLAN to see how I Tagged, Forbade and Untagged specific ports depending on where they are used.

Picture is worth a 1000 words.

Default VLAN is for general usage
Eng is a specific for Design Engineers - basically the same as the Default only segmented from the default traffic and ISCSI.
ISCSI is for my storage array.
HP-ProCurve-Port-Tagging.pdf
0
 

Author Comment

by:schuitkds
Comment Utility
thank you so please clear up what tagged and untagged means in the HP world?
in my scenario of trying to create a vlan on and between two switches
which ports need to be tagged and which ports need to be untagged?
do the ports that connect the switches together on each device need to be tagged?
0
 
LVL 7

Expert Comment

by:Lee Ingalls
Comment Utility
Here's a decent copy-paste from HP...

Per-Port VLAN Configuration Options
Parameter Effect on Port Participation in Designated VLAN

**Tagged: Allows the port to join multiple VLANs.

**Untagged: Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. A port can be an untagged member of only one port-based VLAN.

**Forbid: Prevents the port from joining the VLAN, even if GVRP is enabled on the switch.
Reference: http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/Difference-between-VLAN-Tagged-and-Untagged/td-p/3836359#.Uyn25fldVc8

My example...
VLAN 1 Default VLAN no ports are tagged and ports 9-12 are forbidden. So no default vlan traffic is permitted all ports not forbidden. The untagged ports are open and available to any traffic.

VLAN 1 ID 20 ENG is a subset of the Default VLAN where I've tagged ports 4-5 and 13-14, which were untagged and not forbidden in the Default VLAN. Just for the Engineers to are working with very large design assemblies concurrently so I'm trying to isolate their traffic between their workstations and the storage array which is ID 30 ISCSI

VLAN 1 ID 30 ISCSI ports tagged 4-5 13-14 27, 33 and the Forbidden Ports the ones from the default vlan. This connects the storage array on a dedicated 10GB per port Switch in a different subnet to the servers. All ISCSI traffic is on a separate subnet who's traffic in VLAN'd at the switch. ENG has subset of Defaul VLAN to isolate it's traffic and provide a less conjested path to the storage array and the default vlan is general network for workstations that are gateway'd to the internet firewall/router.
0
 

Author Comment

by:schuitkds
Comment Utility
so in my scenario basically all ports untagged on the default vlan  on switch A except port 39 which i change to tagged?
switch B port 24 i switch to Tagged?
if i want access to all devices/ports on switch B do i flag all the ports as tagged?

scenario i desire is any device attached to switch A  is able to connect or use any device on switch b

in your scenario about is a device attached to port #2 Vlan1 able to access the device/network on port 4 in Vlan20
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
Comment Utility
Here's the quick and easy approach:

Do you have a link that needs to carry more than one VLAN? If so, the port connected to that link needs to tag the frames so that the recipient will know which VLAN a frame belongs to.

If the link is only carrying one VLAN, then the frames do not need to be tagged. Hence, "untagged".
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now