Hi, one question: why you're narrating us what commands you type are doing when it's easier to simply copy and paste the commands you type and the results they generates?
Please, do us a favor...do a
show running-configuration, copy and paste its output on notepad, sanitize it by removing sensitive information you should hide (MAC Addresses, Serial Numbers, Usernames, etc. leave the necessary to understand who-is-who and what-is-what) and post here using the Paragraph -> Preformatted style (for a better reading) so we can understand what you are referring to.
What you want to achieve?
Do you want to create an "isolated" VLAN (say VLAN id 210) and assign the port 2/40 (interface 40 of the 2nd Stack Member) to that VLAN as untagged so the connected peer will be on that VLAN id?
Then go to VLAN 210 context:
vlan 210
then execute:
untagged 2/40
write memory
exit
verify the setting you imposed with:
show vlan ports ethernet 2/40 detail
The very same approach could be used for tagging/untagging a logical interface like the trk<id> type.
With regards to "isolation": if VLAN 210 is not routed by the Stack (it has no SVI) or by another interconnected Switch/Firewall to the Stack, the outgoing traffic from the VLAN unaware host connected on port 2/40 will be "placed" into VLAN 210 inside the switch (Stack) and it will go nowhere, well it will be transported eventually (if that VLAN 210 is transported on a uplink/downlink interface to other peer switches)...but it will not be routed since the VLAN 210 has no SVI (on the switching infrastructure or on your Firewall if this one is the router for all/part of your network segments), the same could be said about the incoming traffic into the VLAN unaware host connected to port 2/40...clearly TWO hosts on the very same VLAN 210 (not necessarily on the same switch) will be able to communicate each others under particular conditions (provided that IP Addressing matches).
show trunks and
show lacp will show you IF you have Port Trunks on your stack.
show lldp info remote-device will show you connected peers (exchanging LLDP).
Note: maybe you already know but a
trk interface means -
in the grammar of ArubaOS-Switch / HP ProVision OS based switches like your ones - that you're dealing with a
logical interface which is the representation of a links aggregation of two or more
physical interfaces (and this aggregation is "Non Protocol" driven, when it is configured with the
trunk option, or it is "LACP" driven when it is configured with the
lacp option), please do not confuse this Port Trunking (
trk<Id>) logical interface with a "trunk interface" in the Cisco meaning (Cisco calls trunk interface an interface carrying more VLANs, to simplify...it operates as a trunk for VLANs).
------------------------------
Davide Poletto
------------------------------
Original Message:
Sent: Nov 18, 2021 12:31 PM
From: Daniel Murrin
Subject: Five HP2920's, stacking, two stacks, vlan configuring, cant bring up full list of ports?
EDIT/update:
I ran the commands
The gui shows the new 210 vlan i made and 2/40 being untagged.. it shows tagged trk1
The existing main vlan 1, shows all the untagged ports, but for tagged it says none
However, when i plug a laptop into 2/40, it still has full network / internet access, unsure what i did wrong
edit: oops it was 2/42 not 2/40 :D
So i need to do the reverse to 2/40
is it
config t
vlan 1
untagged 2/40
untagged trk1 (is this the difference here)?
.
Original Message:
Sent: Nov 18, 2021 09:22 AM
From: Matt Parker
Subject: Five HP2920's, stacking, two stacks, vlan configuring, cant bring up full list of ports?
Hi Mark,
You will have to CLI into the switch you are trying to configure. We use putty. Once logged in as manager execute the following commands:
config t
vlan 25 (25 is whatever vlan you are trying to put that port in)
untagged 2/40
tagged trk1 (trk1 is whatever your uplink port is and remember if it is going to another switch down the line before your core switch that that VLAN must be tagged on those switches as well.)
exit
write memory
------------------------------
Matt Parker
Original Message:
Sent: Nov 17, 2021 04:32 PM
From: Daniel Murrin
Subject: Five HP2920's, stacking, two stacks, vlan configuring, cant bring up full list of ports?
Not sure how to list that, im in the traditional gui as admin :
Untagged: 1/1-1/29,1/31,1/33-1/48,1/A1-1/A2,2/1-2/48,3/1-3/48,4/1-4/48,Trk1
Basically all are untagged i think.
The one i need to be on its own vlan isolated is 2-40 i think
However in the interface i'm not sure how to do that, i guess i would want to mark 2-40 as another vlan? I dont see a way to add vlans or tag ports in either interface.
edit: i was in as admin not "manager" i think this is why
edit2: i log in as manager but it still says operator, so not quite there
Existing vlans (I think i only really use id 1, the first one):
vlan table
1 Default vlan
20 dmz
50 management
100 servers
150 workstations-lan
200 VOIP
Well actually maybe voip is used in commander #1 with the dual poe switches (6 total switches, first two are poe for voip)
i guess i'd want to make another vlan ID call it say "Isolated" and utilize it
Original Message:
Sent: Nov 17, 2021 03:08 PM
From: Davide Poletto
Subject: Five HP2920's, stacking, two stacks, vlan configuring, cant bring up full list of ports?
Hi! can you post sanitized running configurations of both stacks? generally tagging or untagging a port has a direct relationship with (is a requirement tied by) the connected peer...as example: a VLAN unaware host not configure to tag egressing packets (nor to accept ingressing tagged packets) requires a port which is untagged member of a specific VLAN Id...but is the host is VLAN tagging capable then that configuration changes and that very same port could be configured as a tagged member of the required VLAN Id. That's just to say that "it depends" on what is connected, what you want to propagate and how you want do it.
Original Message:
Sent: 11/17/2021 1:34:00 PM
From: markm75
Subject: Five HP2920's, stacking, two stacks, vlan configuring, cant bring up full list of ports?
Update: i figured out that the bottom switch seems to be the commander for the other 4 switches and its ip works, the other one for the poe is a commander with the other ip.
So now the question on vlans, i need to have the port i've located Not be part of the existing vlan so it is isolated (though i assume dns/internet wont work on that port), do i just configure a second vlan, is it tagged or untagged and assign that one to the port in need?
Originally a few years back i configured this set of switches with trunking (i think) , two stacks (i think also) and transceivers on the back connecting each one for redundancy.
Here was the original thread, i've tried reading through to remind myself exactly how this was configured but not much luck so far.
The issue is that i cant figure out how to set a port to a different vlan ( also unsure if should be tagged or untagged) on the 5th device in the set. When i view the gui i can only see the very first network switch (commander?), the first one is a poe the rest arent. If i put the ip address in for the second switch or any other, it times out or wont come up.
Anyone have any ideas here, im reaching back in memory and without many physical notes from then to realize exactly what i did or how i should be able to see those other ports?
Thanks in advance