Wired Intelligent Edge

 View Only
last person joined: 9 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Issues deploying ProCurve 2920 in a basic office setup

This thread has been viewed 0 times

  • 1.  Issues deploying ProCurve 2920 in a basic office setup

    Posted Jul 10, 2015 04:04 PM
      |   view attached

    I am working on a new network infrastructure for an office.  It's been awhile since I did this kind of networking as I'm typically more web operations focused.  I'm familiar with most of the concepts (I was a CCNA at one time) but I'm definitely rusty -- and the way MikroTik and HP use the terminology isn't helping me any.  I'm hoping someone here can look over what I've put together and tell me where I've misunderstood how these switches function -- as I'm pretty sure it's a problem on the switch side.

    For context, this is a small network, <50 users max plus BYOD so I'm keeping it very simple.  Just a VLAN for network traffic and one for VOIP and one for the default VLAN that is currently for management, and later will not do anything (I'll move management to another VLAN).  I'm trying to do all of this from a remote location which obviously presents its own challenges in testing ideas.

    The attachment shows the network I'm trying to implement.  The Mikrotik is setup to create a micro-switch between the two trunked ports that are coming in from the two procurve switches.  (I actually only have the ProCurve1 switch hooked up right now to keep it simple.)  The PC I'm working with remotely is wired to the switch, and from that switch I cannot ping the router.  I was able to before I started mucking with the switch config to setup the VLANs and STP ont his side so I believe it's something I did on the switch but it could conceivably be a problem with the router configuration.  

    Here is the switch config:

    module 1 type j9729a
trunk 3-4 trk1 lacp
no telnet-server
ip default-gateway 10.0.2.1
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-2,5-48,A1-A2,B1-B2
   tagged Trk1
   ip address 10.0.0.5 255.255.254.0
   exit
vlan 2
   name "OFFICE"
   tagged 1-2,5-48,Trk1
   ip address 10.0.2.5 255.255.254.0
   exit
vlan 4
   name "VOICE"
   tagged Trk1
   ip address 10.0.4.5 255.255.254.0
   voice
   exit
spanning-tree





    If I have understood correctly, that configuration should tag all inbound traffic that is not already tagged as being in the DEFAULT_VLAN, and should allow any traffic tagged for VLAN 2 (OFFICE) on any port or Trk1, and any traffic tagged as VLAN4 should be allowed on Trk1.    

    But the PC I'm working from is plugged into Port1, and I cannot reach anything but the switch.  When I look at the logs, there's no indication that STP is blocking any ports, and it shows the trunk as up and working (as does the router).  So I assume I am confused about how VLAN tagging and port based VLANs are working on one of the two devices.  If you see something I've done wrong in this switch config I would appreciate some insight.



    #VLAN
    #Trunk
    #2920


  • 2.  RE: Issues deploying ProCurve 2920 in a basic office setup

    Posted Jul 13, 2015 11:29 PM

    First, your 2920 switch:

    You should get rid of the IP addresses on the switch from VLANs 2 & 4. The switch is just doing switching, it doesn't need IP addresses in these subnets.

    You have an IP address on VLAN1 - that's just there so you can manage the switch.

     

    Port1 is a VLAN1 port. You have added VLAN2 as "tagged" so your PC can't use it.

    What you need is to make VLAN2 as "untagged" on all Access ports on this switch, VLAN4 as "tagged" (because the phones do understand tagged frames.

    so you need:

       vlan 1
          name "DEFAULT_VLAN"
          tagged Trk1
          ip address 10.0.0.5 255.255.254.0
       vlan 2
          name "OFFICE"
          untagged 1-48
          tagged Trk1
       vlan 4
          name "VOICE"
          tagged 1-48,Trk1

     

    Then you have a router: VLANs end at the router, usually, unless the router has an in-built switch and you can have all 4 interfaces (SFP3-6) in router switchports that are assigned to the same VLAN(s).

    If those router interfaces are not switchports, then you can't span the same VLAN out of multiple interfaces.



  • 3.  RE: Issues deploying ProCurve 2920 in a basic office setup

    Posted Jul 13, 2015 11:53 PM

    Thanks.  I actually solved it a bit ago -- the router does actually have the ability to do switching, and I had some config issues there.  Once I corrected that I had an STP problem which I resolved.

    The ip address issue is a valid one, I just put them on there as I have no devices connected yet, so it gave me endpoints to test with.  The point on VLAN1 is helpful though, and I had been wanting to figure out if the phones could tag the traffic, so that was helpful - thank you.



  • 4.  RE: Issues deploying ProCurve 2920 in a basic office setup

    Posted Jul 14, 2015 01:31 AM

    The phones understand a tagged VLAN, but they will need to be *configured* to know their tagged VLAN is VLAN4.

     

    This can be done in 3 ways:

    1. configure the phone manually. Not really the way to go.

    2. use the switch LLDP to tell the phone the tagged VLAN. Assuming the phones you have support this, then add "voice to the voice VLAN:
       vlan 4
          name "VOICE"

          voice
          tagged 1-48,Trk1

    3. Use DHCP option to give it the voice VLAN ID along with its DHCP details. Check your phone vendor doco for the correct option to use.


    #VLAN
    #Voice
    #VoIP