VLANs and IP Addressing

Hi all,

I have been tasked with setting up some VLANs on 10 HP 2520 switches. This is a departure from my normal IT support area so thought I'd seek out a little advice from more knowledgable people.

These switches are being deployed in a new building on site and will connect into the existing site infrastructure.

So... I need to setup the following VLANs:

Vlan ID: VLAN 53
Ports: 17-20
IPs: 10.120.130.0/24
Gateway:  10.120.130.254
Description:   SVR
Device IP Range: 10.12.130.1 - 10.120.130.250


Vlan ID: VLAN 54
Ports:  1-16
IPs: 10.120.140.0/24
Gateway:   10.120.140.254
Description:   CAM
Device IP Range: 10.12.140.1 - 10.120.140.250

         
Vlan ID: VLAN 55
Ports:  21-24
IPs: 10.120.150.0/24
Gateway: 10.120.150.254
Description: DESK
Device IP Range: 10.12.150.1 - 10.120.150.250


I've had a play around with the configurations and these are the commands I believe i need to use to create a VLAN on each of the switches.


1. Create the VLANs

HP-Switch(Config)#Vlan 530 name "SVR"
HP-Switch(Config)#Vlan 540 name "CAM"
HP-Switch(Config)#Vlan 550 name "DESK"


2. Allocate ports to VLANs

HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#untagged 17-20
HP-Switch(vlan-53)#tagged 48
HP-Switch(vlan-53)#exit

HP-Switch(Config)#Vlan 54
HP-Switch(vlan-54)#untagged 1-16
HP-Switch(vlan-54)#tagged 48
HP-Switch(vlan-54)#exit

HP-Switch(Config)#Vlan 55
HP-Switch(vlan-55)#untagged 21-24
HP-Switch(vlan-55)#tagged 48
HP-Switch(vlan-55)#exit

So that should have made the 3 VLANs on specific ports all routing via the tagged port 48.

What I cant understand is how I allocate the IP addresses. I had thought I could use the following command to tell the VLAN what IP range to use but it just comes up saying Bad IP

HP-Switch(vlan-53)# ip address 10.120.130.0 255.255.255.0

If i change it to 130.1/24 then the switch is allocated the .1 address meaning I'd have to setup an IP for each of the 10 switches for each of the VLANs meaning there would in effect be 4 managment IPs for each switch.

Do i even need to assign an IP range to the VLAN?  The IP addresses are allocated to specific MAc addresses by the existing DHCP servers.
ParadroidAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
What device is doing the routing?

If this switch is doing the routing then you need to set the VLAN IP address to the ".254" address you are setting as the gateway address.

If something else is doing the routing then you may not need to set any IP address on the VLAN interfaces.

The only reason to have an IP address on a VLAN interface is if that switch must "participate" at L3 in that VLAN.  Typically when the switch needs to do routing.
0
jburgaardCommented:
"These switches are being deployed in a new building on site and will connect into the existing site infrastructure. "
From this I think it is fair to assume the vlan-routing is in place elsewhere, with IP-adresses assigned to vlans (x.x.x.254) and IP-helper-address's also deployed to make the DHCP-process happen.
You do not write how these switches are to be managed. Does a vlan exits for this purpose already? or are the switches to be managed from one or more of the new vlans? To manage a switch 'in band' it must have at least one IP-adress.
0
ParadroidAuthor Commented:
The VLANs already exist and as far as I can tell from the documentation I've seen the routing looks to be handled by a diferent switch (either a 2920 or a 2510G)

The switches will be managed via ports on the default VLAN1 and I dont see a need for them to be assigned IP's on each VLAN.


So, assuming all routing is handled by a separate switch then VLAN 53 would be configured on these 10 switches using the following:

HP-Switch(Config)#Vlan 53 name "SVR"
HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#untagged 17-20
HP-Switch(vlan-53)#tagged 48
HP-Switch(vlan-53)#exit


If I am informed that the switches themselves ar doing routing then I need to add the following command into my config

HP-Switch(vlan-53)#ip address 10.120.130.254 255.255.255.0


Do I need to setup ip helper for DHCP or does the switch doing the routing handle all that?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

giltjrCommented:
If the DHCP server is on a different VLAN then you will need to setup a helper address on each VLAN pointing to the IP address of the DHCP server.

However, that is only if you are doing DHCP on the VLAN.  Example, if all hosts on the "SRV" vlan are going to have their IP addresses hard coded on them, then there is no reason to put a helper address on VLAN 530.
0
jburgaardCommented:
your config looks ok
If 'HP-Switch(Config)#Vlan 53 name "SVR"', does not work, I would try
HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#name "SVR"

In case you are informed that ONE of the switches themselves should do routing then you also need to add the following command into the config for the switch doing the inter-vlan routing:
IP ROUTING
and probably a default gateway like this if next hop is 10.172.192.1 :
IP ROUTE 0.0.0.0  0.0.0.0   10.172.192.1

HTH
0
ParadroidAuthor Commented:
Thanks everyonje, After a little holiday I will be attempting the VLAN setup today, I'll let you know how I get on!
0
ParadroidAuthor Commented:
An update to this question.

I have configures one of the VLANS as:

Vlan 55
   name "DESK"
   untagged 20-22
   tagged 27
   no ip address
   exit

But the onsite IT are saying they dont see any packets tagged as VLAN 55.

The setup is that there are 3 switches in a 'control room' 2xHP 2510 and 1xHP 2920. What I've been told is the 10 x HP 2520 switches I need to configure are connected via fibre to these switches. The 2510's have 4 fibre connections each and the 2920 has the other 2 (making the 10 connections).  these switches then connect (via Cat5e) to the main network/switches (called 'NET1) that we have no control over.

My question now is, do i need to setup any configuration on these switches in order to pass the tagged packets or should the switch just pass them on with the tag (as added by the 'tagged 27' port)?
0
giltjrCommented:
Based on that configuration the frames will only be tagged if they go out on port 27 and it will expect any frame that should be on VLAN 55 will come in tagged as being on VLAN 55.

The frames going out on ports 20-22 will be untagged and the switch will assume any frame that comes in on ports 20-22 untagged are on VLAN 55.
0
ParadroidAuthor Commented:
The way I am expecting it to work is this: Ports 20-22 have cameras connected, as the ports are untagged the camera traffic will automatically be assigned to VLAN55. There is no communication between cameras so all traffic will be routed out on port 27. As this is a tagged port the trafic passing out through it should get a 'VLAN55' tag attached to every frame.

The IT guys onsite are looking at a switch further up the chain (which they control) and cannot see any tagged frames from VLAN55. There are switches between the one I configured and the one they are using to inspect the frames but I am not aware of if/how they are configured. Is it possible these switches could be removing the tag from frames? The other possibilityt I'm thinking is that the ports on these switches in the middle are all set to untagged and therefore the packets are being dropped as th untagged ports drop all taged frames?

if this is the case how do I configure these middle switches to forward the tagged ports? is it a simple case of setting all the ports to tagged (assumng they are all untagged at the moment)?
0
jburgaardCommented:
Ports in both end of a link must have same tagging to 'understand' the communication. (If the pair of ports are tagged in more vlans then more vlans can be carried over same link)
The between-switch
Yes: A packet out with tag for vlan-id 55 will be dropped when arriving at a port configured for only untagged traffic or if receiving port is only tagged in other vlans.

'is it a simple case of setting all the ports to tagged (assumng they are all untagged at the moment)?'
yes, tagged vlan55
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
giltjrCommented:
As jburgaard stated each switch between the two "end points" of the conversations must be configured to know about and allow VLAN 55 pass through.  They should only have VLAN 55 configured to pass through the ports required.  This prevents broad traffic from being sent on ports that don't need to see that traffic.

If there is a switch that does not know about VLAN 55, it will just drop those frames.
0
ParadroidAuthor Commented:
thanks to everyone. I have now setup these switches and all is working perfectly.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.