AfternoonShift
asked on
VLAN Setup - Windows Server 2003 DHCP - HP ProCurve Switches
Hi All,
VLAN is something totally new to me, so a few questions that I've run into. I'm looking to separate our wireless traffic from our LAN traffic.
I'm currently using a HP 5406ZL switch.
Domain Controller(running dhcp/dns) is connected to Port B23 & B24.
Wireless AP(AeroHive) is connected to port D16.
i created VLAN10 on switch and a new scope(10.10.10.1/23) on the server.
Domain controller is on VLAN1(192.168.0.1/21)
I created a new dhcp scope in the domain controller for 10.10.10.1/23.
I removed D16 from VLAN1 and added it to VLAN10. I changed D16 from untagged to tagged (i read that if you want the port to talk with more than 1 vlan, i had to tag it)
i enabled dhcp-relay and added ip helper-address to vlan 10. (192.168.0.3, which is the DHCP server address)
Is there something i'm missing? when i try to connect, i never get a ip from the DHCP server.
--------------------------
; J8697A Configuration Editor; Created on release #K.15.10.0009
; Ver #03:03.1f.ef:f0
hostname "HP-5406zl"
module 1 type j8702a
module 2 type j8702a
module 3 type j8702a
module 4 type j8702a
module 5 type j8702a
ip default-gateway 192.168.0.1
snmp-server community "public" unrestricted
snmp-server contact "IT" location "Technology Closet"
vlan 1
name "DEFAULT_VLAN"
no untagged D16
untagged A1-A24,B1-B24,C1-C24,D1-D1
ip address dhcp-bootp
exit
vlan 10
name "VLAN10"
tagged D16
ip address 10.10.10.1 255.255.254.0
ip helper-address 192.168.0.3
exit
--------------------------
VLAN is something totally new to me, so a few questions that I've run into. I'm looking to separate our wireless traffic from our LAN traffic.
I'm currently using a HP 5406ZL switch.
Domain Controller(running dhcp/dns) is connected to Port B23 & B24.
Wireless AP(AeroHive) is connected to port D16.
i created VLAN10 on switch and a new scope(10.10.10.1/23) on the server.
Domain controller is on VLAN1(192.168.0.1/21)
I created a new dhcp scope in the domain controller for 10.10.10.1/23.
I removed D16 from VLAN1 and added it to VLAN10. I changed D16 from untagged to tagged (i read that if you want the port to talk with more than 1 vlan, i had to tag it)
i enabled dhcp-relay and added ip helper-address to vlan 10. (192.168.0.3, which is the DHCP server address)
Is there something i'm missing? when i try to connect, i never get a ip from the DHCP server.
--------------------------
; J8697A Configuration Editor; Created on release #K.15.10.0009
; Ver #03:03.1f.ef:f0
hostname "HP-5406zl"
module 1 type j8702a
module 2 type j8702a
module 3 type j8702a
module 4 type j8702a
module 5 type j8702a
ip default-gateway 192.168.0.1
snmp-server community "public" unrestricted
snmp-server contact "IT" location "Technology Closet"
vlan 1
name "DEFAULT_VLAN"
no untagged D16
untagged A1-A24,B1-B24,C1-C24,D1-D1
ip address dhcp-bootp
exit
vlan 10
name "VLAN10"
tagged D16
ip address 10.10.10.1 255.255.254.0
ip helper-address 192.168.0.3
exit
--------------------------
ASKER
here's the current config now.. When i tagged port 23 and 24, both VLAN1 and VLAN10 cannot ping or connect to the dhcp server. I also swapped my laptop port from D13(untagged on VLAN10) to D15(untagged on VLAN1) and still could not get an ip from the server.
J8697A Configuration Editor; Created on release #K.15.10.0009
; Ver #03:03.1f.ef:f0
hostname "HP-5406zl"
module 1 type j8702a
module 2 type j8702a
module 3 type j8702a
module 4 type j8702a
module 5 type j8702a
ip default-gateway 192.168.0.1
snmp-server community "public" unrestricted
snmp-server contact "Erik" location "Technology Closet"
vlan 1
name "DEFAULT_VLAN"
no untagged D13
untagged A1-A24,B1-B22,C1-C24,D1-D1
tagged B23-B24
ip address dhcp-bootp
exit
vlan 10
name "VLAN10"
untagged D13
ip address 10.10.10.1 255.255.254.0
ip helper-address 192.168.0.3
exit
J8697A Configuration Editor; Created on release #K.15.10.0009
; Ver #03:03.1f.ef:f0
hostname "HP-5406zl"
module 1 type j8702a
module 2 type j8702a
module 3 type j8702a
module 4 type j8702a
module 5 type j8702a
ip default-gateway 192.168.0.1
snmp-server community "public" unrestricted
snmp-server contact "Erik" location "Technology Closet"
vlan 1
name "DEFAULT_VLAN"
no untagged D13
untagged A1-A24,B1-B22,C1-C24,D1-D1
tagged B23-B24
ip address dhcp-bootp
exit
vlan 10
name "VLAN10"
untagged D13
ip address 10.10.10.1 255.255.254.0
ip helper-address 192.168.0.3
exit
The config probably can be done more than one way.
The switch setup , the server setup and the client-setup however must mach.
On the server do you have 2 ports with an IP on each one for each vlan?
or do you have some sort of link-agregation /failover with a mix of vlans running in the link?
Is some sort of communication to take place between vlans in server or in switch or otherwise (routing)?
The configs above have conflicting assumptions.
The switch setup , the server setup and the client-setup however must mach.
On the server do you have 2 ports with an IP on each one for each vlan?
or do you have some sort of link-agregation /failover with a mix of vlans running in the link?
Is some sort of communication to take place between vlans in server or in switch or otherwise (routing)?
The configs above have conflicting assumptions.
ASKER
The server is running 2 ips. 192.168.0.2(DNS) and 192.168.0.3(DHCP). I don't have any NICs setup for the VLAN10 ip address. I was assuming i wouldn't need to do much to the server as i read someone say "it just works" once i have the ip-helper set up in the layer3 switch. The NICs are just just for failover and aren't bridged or anything like that.
Here's the ipconfig from a connected PC on VLAN1
Physical Address. . . . . . . . . : 5C-F9-DD-72-54-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Tuesday, July 15, 2014 5:51:45 PM
Lease Expires . . . . . . . . . . : Tuesday, August 19, 2014 5:52:47 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.4
NetBIOS over Tcpip. . . . . . . . : Enabled
dhcp.png
Here's the ipconfig from a connected PC on VLAN1
Physical Address. . . . . . . . . : 5C-F9-DD-72-54-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Tuesday, July 15, 2014 5:51:45 PM
Lease Expires . . . . . . . . . . : Tuesday, August 19, 2014 5:52:47 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.4
NetBIOS over Tcpip. . . . . . . . : Enabled
dhcp.png
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If testing the basic settings are in place:
ping , DHCP etc. working, then link aggregation can be set up.
In procure world the term TRUNK means more connections building a link.
(Some other vendors use the term trunk differently)
If you make a trunk of B23-B24 to a couple of ports in the server, it is not the single ports that should be tagged/untagged in some vlan(s) -but the trunk.
So a config could have:
trunk B23,B24 trk1 trunk
vlan 1
untag trk1
exit
ping , DHCP etc. working, then link aggregation can be set up.
In procure world the term TRUNK means more connections building a link.
(Some other vendors use the term trunk differently)
If you make a trunk of B23-B24 to a couple of ports in the server, it is not the single ports that should be tagged/untagged in some vlan(s) -but the trunk.
So a config could have:
trunk B23,B24 trk1 trunk
vlan 1
untag trk1
exit
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks convergint1! :) i wasn't aware of the dhcp-snooping....that came in handy! :)
IP routing was my main issues as well. I now use the switch to route all traffic between both VLANs.
IP routing was my main issues as well. I now use the switch to route all traffic between both VLANs.
Tagged – When a port is tagged, it allows communication among the different VLANs to which it is assigned.
Untagged – When a port is untagged, it can only be a member on one VLAN.
No untagged – The port is not a member of that VLAN.
Forbid – The port is “forbidden” to join that VLAN.
I think the only thing you are missing is tagging the server ports. Because the server ports are untagged it is only communicating over vlan 1, but since you need dhcp over vlan10 you'll need to tag the server ports too. This will allow the server to communicate over all vlans.