×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

(OP)
I recently got 3 new HP 5120-48G EI Switch with 2 Interface Slots (JE069A). Each swith is currently fitted with 1 local connect module and effectively function as a stacked switch. I would like to partition my network as below. I currently do not have any experience with VLAN and based on my assumptions and understanding on VLAN, I presume the following can be done. Please let me know if this is actually possible and how to achieve it. Attached is visual on how my switch would be partition with VLAN.

(Visio diagram as attached)

S1 = Windows AD Domain Controller
S2 = Internet Gateway
S3 = Confidential File Server
S4 = General File Server

Team A = VLAN 1
Team B = VLAN 2
Team C = VLAN 3
Team D = VLAN 4
Team E = VLAN 5
Team F = VLAN 6

VLAN 1 can only see S1, S4
VLAN 2 can only see S1, S2, S4
VLAN 3 can see everything
VLAN 4 can only see S2
VLAN 5 can only see S2
VLAN 6 can only see S2

RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

People are somewhat mislead by textbooks on networking which still suggest that VLANs are a method of providing security between workgroups.
That was true 20 years ago, before Windows NT.
Nowadays, security is provided through identity management & authentication, in your case, AD. It boggles my mind that educational institutions and networking equipment vendors still all use this workgroup segregation as their prime example of the use of VLANs. Nobody in their right mind uses VLANs for this on a corporate network.
It's a complete waste of time devising a complex network design for a purpose which has been superseded 20 years ago.
The purpose of VLANs is to segregate traffic for performance purposes and to break down broadcast domains, again for performance purposes.
The most important thing is to make it simple in order to make it easy to support. Making it complicated astronomically increases your risk of configuration mistakes and security incidents due to staff not understanding the implications or details of changes they make.

RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

Of course, it´s possible.

e.g.

interface GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 5 untagged
port hybrid pvid vlan 5

:
:
interface GigabitEthernet1/0/9
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 6 untagged
port hybrid pvid vlan 6


- add ACLs with "packet-filter" to all ports for your subnets: http://www.h3c.com/portal/download.do?id=1290690

Don´t forget to install latest firmware: https://h10145.www1.hp.com/downloads/SoftwareRelea...

RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)

Seriously, do it with authentication on the domain and user permissions. That stuff has to be configured anyway, but trying to use VLANs for your security creates a whole layer of configuration that's unnecessary, probably won't really work very well (what happens when the finance guys off VLAN2 start a project using the same server application as the finance guys off VLAN4? You'll end up with a horrible mess), and worst of all will be difficult to understand and support and therefore add to risk and cost of ownership.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close