VLAN configuration in a Win Server 08 domain with HP Procurves L3/L2 switches throughout, advice needed.

Posted on 2014-08-04
Last Modified: 2014-08-10
I currently have a, class c network configuration.  I'm closing in on having about 15 valid IP addresses, obviously it's a little past time to do something about this, but still not to late.  I weighed just changing the subnet to bump this up to 512 versus setting up VLANs, and everything I looked at said VLANS are the way to go.  

I'm running Win Server 08 and have configured the following within DHCP: - Servers / Routers / AP's - Workstations - Zero Clients - Mobile BYOD Devices - Printers / Cameras

From my understanding, I keep each subnet at a /24 (I think I can go /24, /28, if desired to limit devices, but not sure I'd want to do that, plus I like similarity).  As I understand it, everythings fine on that front.  

My ProCurve switches are setup with the specific VLAN info, I have the appropriate VLAN ID's configured on every switch required.  

I have nearly every port accounted for; meaning that I know what VLAN ID's are required per port, and the appropriate trunked groups for those requiring that.  

My uncertainty comes in here; do I need to do anything to make Windows Server 08 transfer data between VLANs?  For instance, my Server VLAN obviously needs to communicate with everything other VLAN, I realize the trunked ports will allow the various VLANs to pass through, but is that it?  Do I need anything on the server side to pass data in between these vlans?

I know it's kind of a loaded question, and a bit confusing, but I'm trying to ensure I'm on the right path.  Thanks for any insight at all.
Question by:Brian Milovich
    LVL 17

    Assisted Solution

    If your server has one IP , say
    and your L3-switch has one IP in every vlan
    L3, so you should have IP-routing configured and doing all intervlan-routing.

    On the L3-switch you would have to put IP helper-address pointing to DHCP-server in all  vlans but the one connected

    So an extract from a very condensed config could look like
    vlan 2
    name server
    untag 1 (port to server f.ex)
    tag 50 (port to other switch f.ex)
    vlan 20
    name Workstations
    untag 2 (port to workstatin f.ex)
    tag 50 (port to other switch f.ex)
    IP ROUTING (L3-operation)
    LVL 18

    Accepted Solution

    The key here is to enable routing somewhere.  The Procurve can do it but it by enabling IP routing which will essentially route everything to everything.  If you want to isolate VLANs from each other, then using your internet router often is best assuming that it is robust enough to handle it.  The server could also be setup to do routing if you added IP addresses for each vlan in the NIC(s) and added the routing role.  Where ever you would do the routing, adding entries for IP helpers would be needed to pass DHCP negotiation through the router.

    Author Comment

    by:Brian Milovich
    I have a Juniper SRX 220, which can do the routing, but from what I understand that would put quite a heavy load on it (my initial thought was that I had to do this on the Srx).  After talking with a couple of other folks in the IT world, they said it'd be best to do this at the switch level.  
    So with going what both of you have said, I can do this at the switch level (l3), as long as I setup the IP Helper addresses that pointed to the DHCP server.  I'll be doing DHCP and DNS on this box, so I'll have a single IP Helper address for each vlan?

    The drawback to doing this at the Switch level is that it routes everything to everything, meaning I don't get the added security of a VLAN on my Router that can completely isolate particular vlans?  

    Does that sound right?
    LVL 18

    Expert Comment

    by:Don S.
    LVL 17

    Expert Comment

    you COULD perhaps add some ACL's

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now