VLAN setup on HP ProCurve Switch

[tbz_ck]

Anyone had any experience of this?

I'll soon be setting up a new network at work to replace the 100Mbit/s setup we have now. I want to segregate Voice and Data traffic onto separate subnets and use the Layer 3 functionality of the HP switches to route accordingly. I think I need to set-up VLAN's for this purpose but haven't tried that before.

I'm not afraid to experiment till I get it right but wondered if anyone has done it before and can give me a quick heads up to save me time and effort?

Ta

CK

 

[Worthy]

Set up the VLANS on your L3 switch (3500s by any chance?), one for voice and one for data. Give them the .1 address for that VLAN. Make whichever ports on your L3 switch that will link to your L2 switches as tagged for the voice vlan, and untagged for data. Then set up the VLANS on your L2 switches and give them the .2 addresses. So for example, on your L3 switch:

ip routing
vlan 1
name "Data"
untagged 48 (or whichever port is feeding to your switch for that VLAN)
qos priority 0
ip address 192.168.1.1 255.255.255.0
vlan 101
name "Voice"
qos priority 4
ip address 192.168.101.1 255.255.255.0
tagged 48
voice

And then you would link port 48 to your L2 switch (say port 26 on there), and set up the config as follows:

no lacp 25-26 (these are the two uplink ports on a 24 port Procurve switch)
vlan 1
name "Data"
ip address 192.168.1.2 255.255.255.0
untagged 1-24
tagged 25-26
vlan 101
name "Voice"
ip address 192.168.101.2 255.255.255.0
tagged 1-26
primary-vlan 1
ip default-gateway 192.168.1.1

That should work. You should be able to route betweek the VLANS and split the data and voice traffic. You can expand on this further by setting up Trunking and having two GB links to each of your edge switches from your L3 switch to satisfy increased demand.

Hope that helps, let me know if you need anything else.

 

[tbz_ck]

Thats very useful, many thanks 'Worthy'

The kit arrives tomorrow so I'll be starting to play with them over the next week or so and let you know how I get on.

The Procurve switches are the 2900-48 and 2900-24. The Voice will be on two D-link L2 switches with PoE that we already own.

The voice network will be on the 192.168.4.0/24 subnet and the data network will be on the 192.168.5.0/24 subnet.

 

[Worthy]

Another little piece of advice - I'd set up your voice VLAN with 192.168.104.0 instead of 192.168.5.0. It helps everything make more sense when troubleshooting, and allows for you to expand your network over into different subnets without clashing with the phone system.

 

[tbz_ck]

Another little piece of advice - I'd set up your voice VLAN with 192.168.104.0 instead of 192.168.5.0. It helps everything make more sense when troubleshooting, and allows for you to expand your network over into different subnets without clashing with the phone system.

I'm not sure I follow your reasoning Are you still talking about /24 subnets or something else?

We have around 60 phone devices (IP Phones, Softphones and ATA's) so I thought that a /24 subnet all to itself would be sufficient for now and any unexpected radical future growth. On the data segment we again have around 80 devices requiring IP addresses. A /24 subnet makes plenty available for that too.

The kit is here already. If I get time today I'll start to have a play!

 

[TrX]

I think worthy means if you ran out of .4 address space for your phones (more phones for future growth), you could create a larger 'Supernet' out of 4 class C's (.4 .5 .6 and .7) (would be a /21 CIDR mask)

Where as if you have used .5 for your Data network, you would have to move that as well (More ballache) so it's just easier to plan in advance.

//TrX

 

[tbz_ck]

Set up the VLANS on your L3 switch (3500s by any chance?), one for voice and one for data. Give them the .1 address for that VLAN. Make whichever ports on your L3 switch that will link to your L2 switches as tagged for the voice vlan, and untagged for data. Then set up the VLANS on your L2 switches and give them the .2 addresses. So for example, on your L3 switch:

ip routing
vlan 1
name "Data"
untagged 48 (or whichever port is feeding to your switch for that VLAN)
qos priority 0
ip address 192.168.1.1 255.255.255.0
vlan 101
name "Voice"
qos priority 4
ip address 192.168.101.1 255.255.255.0
tagged 48
voice

And then you would link port 48 to your L2 switch (say port 26 on there), and set up the config as follows:

no lacp 25-26 (these are the two uplink ports on a 24 port Procurve switch)
vlan 1
name "Data"
ip address 192.168.1.2 255.255.255.0
untagged 1-24
tagged 25-26
vlan 101
name "Voice"
ip address 192.168.101.2 255.255.255.0
tagged 1-26
primary-vlan 1
ip default-gateway 192.168.1.1

That should work. You should be able to route betweek the VLANS and split the data and voice traffic. You can expand on this further by setting up Trunking and having two GB links to each of your edge switches from your L3 switch to satisfy increased demand.

Hope that helps, let me know if you need anything else.

Hi again!

After having a play for a few days I'm still struggling to get the VLANs working the way they should. I have set up a Virtual server and several laptops for testing:

Here is what I want:

Server: 192.168.5.22 (runs DHCP, DNS, WINS) and has a secondary IP of 192.168.4.22 (DHCP scopes on both of those subnets .4.0/24 and .5.0/24)

Laptop 1: DATA laptop. Configured with a reserved IP of 192.168.5.51.
Laptop 2: DATA laptop. Configured with a reserved IP of 192.168.5.61

These 2 DATA laptops need to be able to see both the DATA subnet (.5.0/24) and the voice subnet (.4.0/24)

Laptop 3: VOICE laptop. Configured with a reserved IP of 192.168.4.51
Laptop 4: VOICE laptop. Configured with a reserved IP of 192.168.4.61

These 2 VOICE laptops (representing VoIP phones in this test) need to be able to see the .4.0/24 subnet only. However There will be some phones for example that will have PC's attached to them. Those PC's will need to communicate with the other data servers on .5.0/24 subnet.

There will be 2 VoIP servers configured with .4.10 and .4.11 addresses. These 2 servers need to see both voice and data subnets.

Now onto the switches!

The 2 Procurve switches:

1st one is the 2900-48G. This will be the main L3 switch in the network. The current config is as follows:

General settings:
ip default gateway 192.168.5.22 (for testing)
ip routing enabled
interface 47 lacp passive
interface 48 lacp passive
exit

vlan 1
name "DEFAULT_VLAN"
untagged 1-A4
qos Priority 1
ip helper address 192.168.5.22
ip address 192.168.5.1 255.255.255.0
jumbo
exit

vlan 2
name "Voicevlan"
qos priority 4
ip helper address 192.168.4.22
ip helper address 192.168.5.22
ip address 192.168.4.1 255.255.255.0
tagged 25,47
voice
exit




2nd Procurve switch (2900-24G) is in this example representing a DLINK 24 port PoE switch. It is configured as follows:

General settings:
ip default gateway 192.168.5.1 (main switch)
ip routing enabled
interface 23 lacp passive
exit

vlan 1
name "DEFAULT_VLAN"
untagged 1-2,4,6-24, A1-A4
qos Priority 1
ip helper address 192.168.5.22
ip address 192.168.5.2 255.255.255.0
jumbo
exit

vlan 2
name "Voicevlan"
qos priority 4
ip helper address 192.168.4.22
ip helper address 192.168.5.22
ip address 192.168.4.2 255.255.255.0
untagged 3,5
tagged 23
voice
exit




Ok.

The 2 "voice" PC's are in ports 3 and 5 of the 24 port (2nd) switch. They need to be able to communicate only with the servers and other phones that will be on the .4.0/24 subnet (255 is miles more addresses for that subnet than I will ever conceivably need).

The 2 "data" pc's are in port 1 of the 2nd switch, and port 1 of the main switch (48port 2900). They need to be able to communicate with both the .4.0/24 subnet and the .5.0/24 subnet and correctly pick up a .5.0/24 DHCP assignment from the server 192.168.5.22.


Problems:

I think where I am struggling is correctly identifying what ports need to be "tagged or untagged" for the corresponding VLAN. I thought I had it cracked yesterday when everything seemed to work OK, but since then something has happened by itself in that the "DATA" PC's have not been able to see anything else.


Can someone give us some pointers about what needs to change in the current config for it all to work please? I suspect the ageing network cards in my test laptop may not support 802.1q so I may need to dump the qos priority (maybe thats the issue?) Either way I'm reading hundreds of pages and still not correctly getting the whole tagged/untagged principles yet. I'll re-read again today!


Thanks in advance.

CK