×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Planet of Valns- 2010

Planet of Valns- 2010

Planet of Valns- 2010

(OP)
Hello...

am all new in the Vlan planet (to me at least),in the past few days i have read alot about them, and trying on a small setup of switches, may be my concernes were answered somewhere in this forum, i read most of the vlan related posts, but i would like you experts to take a look at mine too>

what setup a have?

1- Hp procurve 5406zl
2- Hp procurve 2626 switch
3- Hp procurve 2626 switch
4- client Pc1
5- client Pc2

what i have in minde?

i want to put each client Pc in a diferent Vlan, dont allow them to see each other, but they should see the DC+DNS which are on the default_Vlan

i thought of two  scenarios :

1- from each 2626 swithc on port 25 a cable to an interface on 5406zl, and on port 26  a cable to an interface on 5406zl.

2- from each 2626 switch on port 25 or 26 a cable to an interface on 5406zl.

which of the previous scenarios are correct, if they are both correct which one is the best, and why ( cons + pros).

what I did so far (I hope its not too long for you)?

lets start with the first scenario -

below is the config of the first 2626 SW

; J4900B Configuration Editor; Created on release #H.10.50

hostname "Denver"
ip default-gateway 192.168.150.2
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 9-24,26
   ip address 192.168.150.254 255.255.255.0
   no untagged 1-8,25
   exit
vlan 2
   name "A"
   untagged 1-8,25
   ip address 192.168.155.254 255.255.255.0
   exit
spanning-tree

below is the config of the second 2626 SW

; J4900B Configuration Editor; Created on release #H.10.50

hostname "london"
ip default-gateway 192.168.166.2
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 9-24,26
   ip address 192.168.166.254 255.255.255.0
   no untagged 1-8,25
   exit
vlan 2
   name "A"
   untagged 1-8,25
   exit

is it correct so far??

now the config for th 5406zl

; J8697A Configuration Editor; Created on release #K.12.57

hostname "CORE_Prime_SW"

module 1 type J8706A
interface A1
   name "a"
exit
interface A2
   name "b"
exit
interface A3
   name "c"
exit
interface A4
   name "d"
exit
interface A5
   name "e"
   lacp Passive
exit
interface A6
   name "f"
exit
interface A7
   name "g"
   flow-control
exit
interface A8
   name "h"
exit
interface A9
   name "i"
exit
interface A13
   name "test8 +"
exit
trunk A11-A12 Trk19 LACP
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   forbid A5,A13
   untagged A10,A14-A24,Trk19
   ip address dhcp-bootp
   no untagged A1-A9,A13
   ip igmp
   exit
vlan 77
   name "Management"
   ip address 192.168.77.2 255.255.255.0
   ip igmp
   exit
vlan 200
   name "tests-0"
   untagged A7
   ip address 192.168.200.2 255.255.255.0
   ip igmp
   exit
vlan 222
   name "test11"
   untagged A1
   ip address 192.168.222.2 255.255.255.0
   ip igmp
   exit
vlan 133
   name "test33"
   untagged A6
   ip address 192.168.133.2 255.255.255.0
   ip igmp
   exit
vlan 166
   name "test4"
   untagged A2
   ip address 192.168.166.2 255.255.255.0
   ip igmp
   exit
vlan 156
   name "test5"
   untagged A3
   ip address 192.168.156.2 255.255.255.0
   ip igmp
   exit
vlan 150
   name "test8"
   forbid A13
   untagged A5
   ip address 192.168.150.2 255.255.255.0
   ip igmp
   exit
vlan 199
   name "tests99"
   untagged A4
   ip address 192.168.99.2 255.255.255.0
   ip igmp
   exit
vlan 112
   name "test12"
   untagged A8
   ip address 192.168.112.2 255.255.255.0
   ip igmp
   exit
vlan 28
   name "test28"
   untagged A9
   ip address 172.28.0.1 255.255.0.0
   ip igmp
   exit
vlan 155
   name "test8+"
   forbid A5
   untagged A13
   ip address 192.168.155.2 255.255.255.0
   exit

ip route 0.0.0.0 0.0.0.0 172.28.1.1
spanning-tree Trk19 priority 4

this config is not working in the need way, plz help,there is something but ????

thank u very much for your time

RE: Planet of Valns- 2010

I think I can see what you're trying to do.
 
The first thing is you have no IP address for VLAN 2 on your 2nd 2626.
 
Also, you have IP addresses in two different subnets on your VLAN1 interfaces on the two 2626s - I can't see how that's going to work.
 
The thing I wouldn't do is call both VLANs VLAN 2 - if they are on different subnets, give them different VLAN names.
 
More generally, I think your approach is wrong. This isn't really how VLANs are normally used.
You may encounter a situation at some stage where this approach might be useful, but as an introduction to VLANning, you should not start with this sort of thing.

The way to create three networks on shared physical infrastructure is to have 1 routing switch ("core") routing between your VLANs, with VLANs trunked/"tagged" on links to your "edge" switches.
The way to control access between VLANs is to use access lists on your "core" switch.

RE: Planet of Valns- 2010

(OP)
Man what a relief, thank you for replying, please bare with me,Ill try your kind sugesstions, and let you know if u dont mind.

thank you very much.
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close