VLAN help (HP switch)

[subbass]

I have one HP L3 switch which will have a wifi access point for guest use and another switch.

I currently have it configured like:

Default VLAN 1 - All ports untagged
VLAN 20 (Wifi) - All ports excluded except port 10 (tagged) which the AP will be connected to.
Port 1 (tagged) of the L3 switch is connected to the other switch.

I have enabled the following:
ip routing
dhcp-relay
ip helper (pointing to our DC)

Can someone tell me if that is correct? I accidentally locked myself out when messing around with the vlan. Not sure what I had done, although I think may have accidently set ports on VLAN 20 to untagged. Would it explain the lock out so I can prevent this from happening again ?
Thanks.

 

[Stav_13]

Hi Subbass

Can you provide a bit more information on what you are looking to achieve from this?

I'm guessing you are running multiple subnets from the DC but using your L3 switch as a router?

how is the access point interacting with the tagged packets incoming from the switch port?

the accidental lockout is hard to explain, how where you connected to the switch? If this is a new switch i would highly recommend setting it up via console cable.

Also it would help is you could post the whole config.

Cheers

 

[Sin_Chase]

I'm guessing you are running multiple subnets from the DC but using your L3 switch as a router?

I would have never assumed this from his OP, it might well be the case but using a managed switch with VLANs does not necessarily mean multiple subnets.

What does the guest network need access to on your internal network that necessitates the use of VLANs on internal kit? Can the guest network not be entirely isolated with it's own switch?

Is this for internet access? If so can you not run AP + switch for guests and have a direct connection back to your internet gateway/router and isolate it at that point? (IE no routing/traffic between production subnets and guest network)

 

[subbass]

Hi Subbass

Can you provide a bit more information on what you are looking to achieve from this?

I'm guessing you are running multiple subnets from the DC but using your L3 switch as a router?

how is the access point interacting with the tagged packets incoming from the switch port?

the accidental lockout is hard to explain, how where you connected to the switch? If this is a new switch i would highly recommend setting it up via console cable.

Also it would help is you could post the whole config.

Cheers

Yes multiple subnets on the DC and L3 switch will do the routing. I was connected to the switch via SSH when I was locked out.

I want to be able to give guests wifi internet access that is separated from the main network.

I would have never assumed this from his OP, it might well be the case but using a managed switch with VLANs does not necessarily mean multiple subnets.

What does the guest network need access to on your internal network that necessitates the use of VLANs on internal kit? Can the guest network not be entirely isolated with it's own switch?

Is this for internet access? If so can you not run AP + switch for guests and have a direct connection back to your internet gateway/router and isolate it at that point? (IE no routing/traffic between production subnets and guest network)

The router is on another floor to the L3 switch.

It should look something like this:
Router--Firewall--Switch---Switch---L3 switch---wifi AP

I've yet to test this using this config and will do so next week. The config currently looks like this:

no telnet-server
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-9,11-48
ip address 192.168.1.10 255.255.255.0
no untagged 10
exit
vlan 20
name "Guest Wifi"
untagged 10
ip helper-address 192.168.1.15
exit
dhcp-relay
ip ssh



Ignore my original post because I contradicted myself but port 1 of the L2 switch is connected to the L2 switch and the AP will go into port 10. I didn't tag any ports which I thought I did so as of right now, it looks like this