I need your help, in my internship subject, i need to ceate two VLANs 3 and 4, to manage four EndSystem ( Computers) and two HP 2920 -24G Switchs.
ES1 -(vlan3) untagged port 3 untagged port 19- ES3 (vlan4)
port 3 & 5- Switch1 port 15 ------tagged----- port 3 Switch2-port 17 & 19
ES2 - (vlan3 & 4) tagged port 5 tagged port 17- ES4 (vlan 4 &3)
the configuration attached on a file.
The problem is that i have to define two vlans of the same address-mac (the same computer) on the same port, for that i defined the port as tagged for both vlans 3 and 4, because i need to have a queue on that port to forward the traffic from both VLANs to that address-mac,. but the problem is that computers does'nt understand the tagged frames, we need to forward an untagged frame to EndSystem. How can i forward an untagged frames from different vlans to an EndSystem that belong to that both vlans from one port.
A have already on my mac-table the good match between @mac and two vlans and one port . but the ping does'nt work because of the tagged frames that cannot be analysed by the Endsystems.
MAC Address Port VLAN------------- ----- ----@mac ES2 5 3@mac ES4 15 3@mac ES1 3 3@mac ES3 15 4@mac ES2 5 4@mac ES4 15 4
Waiting for your help. thank you :)
I think that your endpoint device need to support tagged vlanning. Check your network adapter properties.
You can't pass 2 untagged vlan's to 1 endpoint.
thank you for your response,
i add the 8021q to my endpoint devices, by executing this command: modprobe 8021q
and i added virtual interfaces to my endpoint devices eth2:3 & eth2:4 by the command :
vconfig add eth2 3 # for vlan 3 with x.x.x.23
vconfig add eth2 4 # for vlan 4 with x.x.x.24
and i configured th port as untagged for one vlan and tagged for the second.
On Switch 1:
VLAN ID : 3
Port Information Mode Unknown VLAN Status---------------- -------- ------------ ----------3 Untagged Learn Up5 Untagged Learn Up15 Tagged Learn Up
VLAN ID : 4
Port Information Mode Unknown VLAN Status---------------- -------- ------------ ----------5 Tagged Learn Up15 Tagged Learn Up
but the ping still does'nt work between endsystems with tagged links (ES3(vlan4)--ES2(vlan4-p5-tagged))!!
I htink you're not really getting the purpose of VLANs.
In your diagram, you have 4 hosts that all have IP addresses on the same subnet. If they're in the same subnet, they are in the same VLAN.
If you want separate VLANs, you use different subnets.
VLANs are a mechanism for different networks to use the same shared physical infrastructure.
Start your planning with a Layer-3 diagram.Figure out your IP networking independently of your physical infrastructure. What is it you are trying to achieve?
For example, your requirement may be that 1 and 3 need to be on the same broadcast segment, hosts 2 & 4 need to be on the same broadcast segment, but you don't want hosts 1 &3 seeing broadcast traffic from hosts 2 & 4.In this case, you select 2 subnets, and you assign to hosts 1 & 3, IP addresses in Subnet A, and to hosts 2 & 4, IP addresses in subnet B.Now that you have designed your Layer-3 networks, you look at your physical infrastructure - Hosts 1 & 2 are in building X, while hosts 3 & 4 are in a different building Y.Building X has 1 switch, Switch X.Building Y has 1 switch, Switch Y.So on Switch X you create VLAN A and you patch Host 1 to it. You create VLAN B and you patch Host 2 to it.On Switch Y you create VLAN A and you patch Host 3 to it. You create VLAN B and you patch Host 4 to it.Now you patch the two switches together and on all the inter-link switchports on both sides of the link you add VLAN A and VLAN B.
As far as 802.1q config goes, it's pretty simple:if you have a single VLAN on a link (link to a host, for example) then you can configure it as untagged (usually) or tagged (less usual) so long as the host and the switchport are configured the same.if you have 2 or more VLANs on a link (inter-switch link for example) then you configure either 0 or 1 VLAN untagged and all other VLANs as Tagged, with both sides of the link configured the same.
Just looking at your diagram some more, I think you can redraw it so it makes sense:
If your intention is to have 2 ES, each on their own VLAN, and then 2 ES, each on both VLANs:
First, assign a separate subnet to each colour(VLAN).Get rid of the green and red wavy circles.Re-draw the links to each ES exactly the same as you drew the inter-switch "trunk" link: one colour/VLAN or both colours/VLANs as required.
An ES that has both colours coming to it will need a NIC in each colour. Each colour is a separate VLAN, so a separate subnet, so assign to each NIC an IP address from the subnet that belongs to that colour/VLAN.
Thank you a lot for your detailled response,
the purpose of my configuration is to have one transmitter per VLAN:
ES1 will be the transmitter , that can broadcast his traffic to the other ES in the same VLAN , so ES1 ES2 & ES4 must be in the same VLAN (vlan 3) : ES1 ES2 1 ES3 must be in the same broadcast segment.
and Also ES3 will be the transmitter in VLAN 4, that will broadcast his traffic to the other ES , for that ES3 ES2 & ES4 must be in the same VLAN 4 , so in the same broadcast segment.
the purpose of my subject is to analyse the queue on a port of switch of traffic coming from two different VLANs.
i get the point from what you expain to me, but my problem is that one ES will receive two dieffent vlan's traffic, that's why, i need to have 3 ES in the same VLAN.
For me, the Subnet address does not matter, because the switch gonna analyse the tag of the frame , if the match between the mac-address and the vlan tag in the mac-table on the switch , it gonna not forward the traffic to that ES, even if it has the same subnet address. I am wrong?
thank you for your time and attention.
The issue with IP addressing isn't about how the switch forwards your hypothetical frames, but about how a host generates those frames.The host checks the Packet destination IP address before deciding how to encapsulate it in a Frame. If the IP Packet destination address is in the same subnet as the sending host, then the sending host issues an ARP request broadcast to find the destination host's MAC address. It is probably possible for you to do something to your hosts ES2 & ES4 so that they can be members of two VLANs using two interfaces which are both addressed in the same subnet. (Like, maybe some static routes as well as static ARP entries so that it knows which interface to use for which remote host.) But why? Why not set it up like a real network?
OK, so I get you want multiple VLANs coming out of a switchport so you can analyse the switchport functionality.This is real life networking - for example, in a server room, you might have a rack full of ESX servers running VMWare with multiple servers running on it. Often, there will be servers in different subnets, so you might trunk multiple VLANs to the ESX servers. In your case, the ES2 & ES4 are like these ESX servers.
So, pick 2 subnets.10.1.3.0/24 - VLAN310.1.4.0/24 - VLAN4
Ensure both switches have VLAN3 and VLAN4 created on them.Do not put any VLAN3 or VLAN4 addresses on your switches.Ensure the switchports that are patched to each other between the 2 switches are all configured to carry VLAN3 Tagged and VLAN4 tagged.
ES1 - give it 10.1.3.1ES3 - give it 10.1.4.3
Configure ES2 with two virtual NICs, one configured for dot1q in VLAN3 with 10.1.3.2 address, the other configured for dot1q on VLAN4 with 10.1.4.2.Configure ES4 with two virtual NICs, one configured for dot1q in VLAN3 with 10.1.3.4 address, the other configured for dot1q on VLAN4 with 10.1.4.4.
Patch ES2 to a switchport. Configure that switchport for VLAN3 Tagged and VLAN4 Tagged.Same for ES4.
Patch ES1 to a switchport. Configure that switchport for VLAN3 Untagged.Patch ES3 to a switchport. Configure that switchport for VLAN4 Untagged.
To test this setup, you should- ping from ES1 and be able to ping both ES2 ( 10.1.3.2) and ES4 ( 10.1.3.4).- ping from ES3 and be able to ping both ES2 ( 10.1.4.2) and ES4 ( 10.1.4.4).
Notice that this IP addressing scheme gives you the VLAN ID for the 3rd octet, and the hostname for the 4th octet. Lining up VLAN ID with subnet and creating a pattern for the host numbering should reduce the risk of error and increase the speed of troubleshooting.
It works, thank you a lot,
I update the arp cache and added all the IP/MAC.
and i tagged all the links. the ping works, and i am gonna try to send other messages, using scapy.
thank you for your time. :)
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.