[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VLANs and IP Addressing

Posted on 2014-07-13
12
Medium Priority
?
314 Views
Last Modified: 2014-08-07
Hi all,

I have been tasked with setting up some VLANs on 10 HP 2520 switches. This is a departure from my normal IT support area so thought I'd seek out a little advice from more knowledgable people.

These switches are being deployed in a new building on site and will connect into the existing site infrastructure.

So... I need to setup the following VLANs:

Vlan ID: VLAN 53
Ports: 17-20
IPs: 10.120.130.0/24
Gateway:  10.120.130.254
Description:   SVR
Device IP Range: 10.12.130.1 - 10.120.130.250


Vlan ID: VLAN 54
Ports:  1-16
IPs: 10.120.140.0/24
Gateway:   10.120.140.254
Description:   CAM
Device IP Range: 10.12.140.1 - 10.120.140.250

         
Vlan ID: VLAN 55
Ports:  21-24
IPs: 10.120.150.0/24
Gateway: 10.120.150.254
Description: DESK
Device IP Range: 10.12.150.1 - 10.120.150.250


I've had a play around with the configurations and these are the commands I believe i need to use to create a VLAN on each of the switches.


1. Create the VLANs

HP-Switch(Config)#Vlan 530 name "SVR"
HP-Switch(Config)#Vlan 540 name "CAM"
HP-Switch(Config)#Vlan 550 name "DESK"


2. Allocate ports to VLANs

HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#untagged 17-20
HP-Switch(vlan-53)#tagged 48
HP-Switch(vlan-53)#exit

HP-Switch(Config)#Vlan 54
HP-Switch(vlan-54)#untagged 1-16
HP-Switch(vlan-54)#tagged 48
HP-Switch(vlan-54)#exit

HP-Switch(Config)#Vlan 55
HP-Switch(vlan-55)#untagged 21-24
HP-Switch(vlan-55)#tagged 48
HP-Switch(vlan-55)#exit

So that should have made the 3 VLANs on specific ports all routing via the tagged port 48.

What I cant understand is how I allocate the IP addresses. I had thought I could use the following command to tell the VLAN what IP range to use but it just comes up saying Bad IP

HP-Switch(vlan-53)# ip address 10.120.130.0 255.255.255.0

If i change it to 130.1/24 then the switch is allocated the .1 address meaning I'd have to setup an IP for each of the 10 switches for each of the VLANs meaning there would in effect be 4 managment IPs for each switch.

Do i even need to assign an IP range to the VLAN?  The IP addresses are allocated to specific MAc addresses by the existing DHCP servers.
0
Comment
Question by:Paradroid
  • 5
  • 4
  • 3
12 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1000 total points
ID: 40194532
What device is doing the routing?

If this switch is doing the routing then you need to set the VLAN IP address to the ".254" address you are setting as the gateway address.

If something else is doing the routing then you may not need to set any IP address on the VLAN interfaces.

The only reason to have an IP address on a VLAN interface is if that switch must "participate" at L3 in that VLAN.  Typically when the switch needs to do routing.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 40194645
"These switches are being deployed in a new building on site and will connect into the existing site infrastructure. "
From this I think it is fair to assume the vlan-routing is in place elsewhere, with IP-adresses assigned to vlans (x.x.x.254) and IP-helper-address's also deployed to make the DHCP-process happen.
You do not write how these switches are to be managed. Does a vlan exits for this purpose already? or are the switches to be managed from one or more of the new vlans? To manage a switch 'in band' it must have at least one IP-adress.
0
 

Author Comment

by:Paradroid
ID: 40194845
The VLANs already exist and as far as I can tell from the documentation I've seen the routing looks to be handled by a diferent switch (either a 2920 or a 2510G)

The switches will be managed via ports on the default VLAN1 and I dont see a need for them to be assigned IP's on each VLAN.


So, assuming all routing is handled by a separate switch then VLAN 53 would be configured on these 10 switches using the following:

HP-Switch(Config)#Vlan 53 name "SVR"
HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#untagged 17-20
HP-Switch(vlan-53)#tagged 48
HP-Switch(vlan-53)#exit


If I am informed that the switches themselves ar doing routing then I need to add the following command into my config

HP-Switch(vlan-53)#ip address 10.120.130.254 255.255.255.0


Do I need to setup ip helper for DHCP or does the switch doing the routing handle all that?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 57

Expert Comment

by:giltjr
ID: 40195172
If the DHCP server is on a different VLAN then you will need to setup a helper address on each VLAN pointing to the IP address of the DHCP server.

However, that is only if you are doing DHCP on the VLAN.  Example, if all hosts on the "SRV" vlan are going to have their IP addresses hard coded on them, then there is no reason to put a helper address on VLAN 530.
0
 
LVL 17

Assisted Solution

by:jburgaard
jburgaard earned 1000 total points
ID: 40195548
your config looks ok
If 'HP-Switch(Config)#Vlan 53 name "SVR"', does not work, I would try
HP-Switch(Config)#Vlan 53
HP-Switch(vlan-53)#name "SVR"

In case you are informed that ONE of the switches themselves should do routing then you also need to add the following command into the config for the switch doing the inter-vlan routing:
IP ROUTING
and probably a default gateway like this if next hop is 10.172.192.1 :
IP ROUTE 0.0.0.0  0.0.0.0   10.172.192.1

HTH
0
 

Author Comment

by:Paradroid
ID: 40228582
Thanks everyonje, After a little holiday I will be attempting the VLAN setup today, I'll let you know how I get on!
0
 

Author Comment

by:Paradroid
ID: 40234509
An update to this question.

I have configures one of the VLANS as:

Vlan 55
   name "DESK"
   untagged 20-22
   tagged 27
   no ip address
   exit

But the onsite IT are saying they dont see any packets tagged as VLAN 55.

The setup is that there are 3 switches in a 'control room' 2xHP 2510 and 1xHP 2920. What I've been told is the 10 x HP 2520 switches I need to configure are connected via fibre to these switches. The 2510's have 4 fibre connections each and the 2920 has the other 2 (making the 10 connections).  these switches then connect (via Cat5e) to the main network/switches (called 'NET1) that we have no control over.

My question now is, do i need to setup any configuration on these switches in order to pass the tagged packets or should the switch just pass them on with the tag (as added by the 'tagged 27' port)?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1000 total points
ID: 40235015
Based on that configuration the frames will only be tagged if they go out on port 27 and it will expect any frame that should be on VLAN 55 will come in tagged as being on VLAN 55.

The frames going out on ports 20-22 will be untagged and the switch will assume any frame that comes in on ports 20-22 untagged are on VLAN 55.
0
 

Author Comment

by:Paradroid
ID: 40235282
The way I am expecting it to work is this: Ports 20-22 have cameras connected, as the ports are untagged the camera traffic will automatically be assigned to VLAN55. There is no communication between cameras so all traffic will be routed out on port 27. As this is a tagged port the trafic passing out through it should get a 'VLAN55' tag attached to every frame.

The IT guys onsite are looking at a switch further up the chain (which they control) and cannot see any tagged frames from VLAN55. There are switches between the one I configured and the one they are using to inspect the frames but I am not aware of if/how they are configured. Is it possible these switches could be removing the tag from frames? The other possibilityt I'm thinking is that the ports on these switches in the middle are all set to untagged and therefore the packets are being dropped as th untagged ports drop all taged frames?

if this is the case how do I configure these middle switches to forward the tagged ports? is it a simple case of setting all the ports to tagged (assumng they are all untagged at the moment)?
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 1000 total points
ID: 40235410
Ports in both end of a link must have same tagging to 'understand' the communication. (If the pair of ports are tagged in more vlans then more vlans can be carried over same link)
The between-switch
Yes: A packet out with tag for vlan-id 55 will be dropped when arriving at a port configured for only untagged traffic or if receiving port is only tagged in other vlans.

'is it a simple case of setting all the ports to tagged (assumng they are all untagged at the moment)?'
yes, tagged vlan55
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40235525
As jburgaard stated each switch between the two "end points" of the conversations must be configured to know about and allow VLAN 55 pass through.  They should only have VLAN 55 configured to pass through the ports required.  This prevents broad traffic from being sent on ports that don't need to see that traffic.

If there is a switch that does not know about VLAN 55, it will just drop those frames.
0
 

Author Closing Comment

by:Paradroid
ID: 40247442
thanks to everyone. I have now setup these switches and all is working perfectly.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question