VLAN configuration in a Win Server 08 domain with HP Procurves L3/L2 switches throughout, advice needed.

I currently have a 192.168.0.0/24, class c network configuration.  I'm closing in on having about 15 valid IP addresses, obviously it's a little past time to do something about this, but still not to late.  I weighed just changing the subnet to bump this up to 512 versus setting up VLANs, and everything I looked at said VLANS are the way to go.  

I'm running Win Server 08 and have configured the following within DHCP:
192.168.0.0 - Servers / Routers / AP's
192.168.20.0 - Workstations
192.168.30.0 - Zero Clients
192.168.40.0 - Mobile BYOD Devices
192.168.50.0 - Printers / Cameras

From my understanding, I keep each subnet at a /24 (I think I can go /24, /28, if desired to limit devices, but not sure I'd want to do that, plus I like similarity).  As I understand it, everythings fine on that front.  

My ProCurve switches are setup with the specific VLAN info, I have the appropriate VLAN ID's configured on every switch required.  

I have nearly every port accounted for; meaning that I know what VLAN ID's are required per port, and the appropriate trunked groups for those requiring that.  

My uncertainty comes in here; do I need to do anything to make Windows Server 08 transfer data between VLANs?  For instance, my Server VLAN obviously needs to communicate with everything other VLAN, I realize the trunked ports will allow the various VLANs to pass through, but is that it?  Do I need anything on the server side to pass data in between these vlans?

I know it's kind of a loaded question, and a bit confusing, but I'm trying to ensure I'm on the right path.  Thanks for any insight at all.
Brian MilovichITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jburgaardCommented:
If your server has one IP , say 192.168.0.2
and your L3-switch has one IP in every vlan
say 192.168.0.1 255.255.255.0
and 192.168.20.1 255.255.255.0
..
and 192.168.50.1 255.255.255.0
L3, so you should have IP-routing configured and doing all intervlan-routing.

On the L3-switch you would have to put IP helper-address pointing to DHCP-server in all  vlans but the one connected
directly.

So an extract from a very condensed config could look like
vlan 2
name server
IP ADDRESS 192.168.0.1 255.255.255.0
untag 1 (port to server f.ex)
tag 50 (port to other switch f.ex)
exit
vlan 20
name Workstations
IP ADDRESS 192.168.20.1 255.255.255.0
IP HELPER-ADDRESS 192.168.0.2
untag 2 (port to workstatin f.ex)
tag 50 (port to other switch f.ex)
exit
IP ROUTING (L3-operation)
0
Don S.Commented:
The key here is to enable routing somewhere.  The Procurve can do it but it by enabling IP routing which will essentially route everything to everything.  If you want to isolate VLANs from each other, then using your internet router often is best assuming that it is robust enough to handle it.  The server could also be setup to do routing if you added IP addresses for each vlan in the NIC(s) and added the routing role.  Where ever you would do the routing, adding entries for IP helpers would be needed to pass DHCP negotiation through the router.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian MilovichITAuthor Commented:
I have a Juniper SRX 220, which can do the routing, but from what I understand that would put quite a heavy load on it (my initial thought was that I had to do this on the Srx).  After talking with a couple of other folks in the IT world, they said it'd be best to do this at the switch level.  
So with going what both of you have said, I can do this at the switch level (l3), as long as I setup the IP Helper addresses that pointed to the DHCP server.  I'll be doing DHCP and DNS on this box, so I'll have a single IP Helper address for each vlan?

The drawback to doing this at the Switch level is that it routes everything to everything, meaning I don't get the added security of a VLAN on my Router that can completely isolate particular vlans?  

Does that sound right?
0
Don S.Commented:
Correct
0
jburgaardCommented:
Yes,
you COULD perhaps add some ACL's
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.