Register

Forgot Password

Site FAQ

Home > IT Answers > Microsoft Windows > Configuring VLAN’s on two HP procurve switches

Pandub

130 pts.

Configuring VLAN’s on two HP procurve switches

HP, HP ProCurve, Switches, VLAN, VLAN configuration

Hi all, Trying to route a new ISP(Microwave link) from one of my out building to my computer room and hence my firewall. Old ISP came direct into firewall. In the outbuilding the Microwave modem connects with cat5 to HP Procurve 2524 switch. Because this ISP is coming through my internal network, I plan on using a new VLAN called "airspeed" only for this ISP traffic. Up until now I've just been using the "Default_vlan" on both HP switches (4108 + 2524). So far I've been unable to ping from my laptop to the ISP modem both of which are on the new VLAN 2 ("Airspeed"). No traffic needs to cross from VLAN 2 to VLAN 1 so I've left the ports as untagged. I've used the subnet to provide from my ISP as the new VLAN 2 subnet. Can anybody see what I'm doing wrong here? I've added the configuration of both switch below. Thanks in advance, Rough diagram:

Microwave modem (Gateway IP 77.75.00.49) | HP 2524 switch (port 24) | HP 2524 switch fibre link | HP 4108GL switch fibre link | HP 4108GL switch (port D1) | Laptop configured with IP 77.75.00.50 (for testing but will be connected to firewall) ; J4865A Configuration Editor; Created on release #G.07.21 hostname "HP ProCurve Switch 4108GL" cdp run module 1 type J4864A module 2 type J4862B module 3 type J4862B module 4 type J4862B ip default-gateway 128.1.146.50 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged A1-A3,B1-B24,C1-C24,D2-D24 ip address 128.1.146.203 255.255.0.0 no untagged D1 exit vlan 2 name "Airspeed" untagged D1 ip address 77.75.00.51 255.255.255.248 exit ; J4813A Configuration Editor; Created on release #F.04.08 hostname "HP ProCurve Switch 2524" cdp run ip default-gateway 0.0.0.0 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.51 "public" snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged 1-23,25-26 no untagged 24 ip address 128.1.146.204 255.255.0.0 exit vlan 2 name "Airspeed" untagged 24 ip address 77.75.00.51 255.255.255.248 exit no aaa port-access authenticator active

Software/Hardware used:

ASKED: July 30, 2009 4:25 PM

UPDATED: April 19, 2013 7:28 PM

RELATED QUESTIONS

Answer Wiki:

You do not need to put any IP addresses on the VLAN 2 interfaces on either switch, that actually does what you don't want and allows traffic to pass from vlan1 to vlan2, if you don't put an IP address on vlan2 this can not happen. What you also need to do is add the fiber ports to VLAN 2 as tagged, on both switches. This then carries VLAN 1 as the untagged VLAN, and VLAN 2 as tagged, that effectively joins the VLAN 2 ports on the 2524 to the VLAN 2 ports on the 4108GL. So you need to do the following on the 2524

<b>vlan 2
no ip address
tagged 25-26</b>

On the 4108GL

<b>vlan 2
no ip address
tagged A1-A3</b>

I assume A1-A3 are the fiber ports, if you only want the Internet to go to the 2524, only tag on the fiber port that goes to that switch. You should also really put the firewall directly on the modem, and carry the internal Internet subnet on this VLAN. that will give you the maximum security. Let us know if this works :-)

Last Wiki Answer Submitted: April 19, 2013 7:29 pm by Michael Tidmarsh

11,410 pts.

All Answer Wiki Contributors: Michael Tidmarsh

11,410 pts. , BlankReg

12,265 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jul 31, 2009 11:52 AM (GMT)

Thanks Blankreg,

That worked a treat
If I move the firewall beside the modem, then their would be no need to for vlan 2, I could continue to use the default vlan for my internal network, right?

This is how my config looks now;

on the 2524

vlan 2
name “Airspeed”
untagged 24
tagged 25-26
no ip address
exit

On the 4108GL

vlan 2
name “Airspeed”
untagged D1
no ip address
tagged A1-A3
exit

Pandub

130 pts.

POSTED: Jul 31, 2009 1:16 PM (GMT)

Glad to be of help

Keeping everything on vlan 1 will be fine, and it will allow any of the hosts to have Internet access. The general rule is to firewall as close to the untrusted network as possible, as this reduces the possible vulnerability.

Regards,

Reg

BlankReg

12,265 pts.

POSTED: Oct 18, 2012 12:17 PM (GMT)

Hello,

To easily configure HP switches Vlans, you can try free open source LGPL software HP Vlan Simple Administration at https://sourceforge.net/projects/procurve-admin/files/

It’s aimed to manage vlans of all your switches at the same time.

teamcuvat

10 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags