A noobie to VLAN configuration and network architecture so first up apologies if this is an easy question or answered in other threads but I don't really know what I'm looking for to begin with.
I have a ProCurve 3400cl 48pt. Only the primary VLAN is configured.
On our DC Server (Win2008R2) we have a primary DHCP zone IP of 192.168.1.xx
Scenario: We've installed a new WLAN infrastructure. I want the WLAN users to receive a new IP address (newly configured zone on DHCP), IP range 192.168.5.xx (a separate NIC on the DC Server is configured for this IP).
I understand the ProCurve 3400cl can be setup for VLAN and and route traffic (to negate the need for using a separate router)?
I wish to setup a VLAN (#50), for ports 41 & 42 so I can connect our WLAN management appliance (Zone Director), to pt 41 and connect the DC NIC to pt 42, so that users logging into the WLAN will receive a 192.168.5.xx IP yet can still use our internet access, printers etc. The contractors that installed the WLAN hardware did say something about 'trunking' which I don't understand.
Here's hoping that I've explained my scenario reasonably and that it is easy for those here to move me in the right direction.
Appreciate any guidance/direction in configuring this...
Trunking (in this context) means putting multiple VLANs on the same port, using 0 or 1 untagged VLANs, and 1 or more tagged VLANs. (As opposed to the ProCurve CLI, in which trunking means link aggregation.)
I'm not sure how your Ruckus gear is set up, but the way i've seen it done usually is that the wifi access points are plugged into an untagged port on a wireless management VLAN, and then also tagged with the data VLANs on which the clients will actually be placed (VLAN 50 in your case). Then depending on the SSID the user connects to, they will be put in an appropriate VLAN. (This is so you can run multiple SSIDs on different VLANs to segregate staff & guests, or other similar setups.)
The Zone Director then should be on the wireless management VLAN to talk to all the access points, and on another VLAN (probably the default in this case) for you to manage it (and possibly to connect to remote RADIUS servers and the like).
The 3400cl can be set up to route between the VLANs. If you do this, you don't need a second NIC in the Windows server - you can just configure the switch as a DHCP relay and it will provide the necessary connectivity to the server. If you would rather keep the second NIC, you may want to configure routing and firewalling on the Windows server instead of the switch.
You'll also need to configure your Internet gateway to know about the new wireless VLAN somehow, otherwise your wireless clients will have no Internet acces. See http://h30499.www3.hp.com/t5/LAN-Routing/Beginner-s-guide-to-adding-an-IP-range/m-p/5667415 for a discussion about this - it sounds like your network is fairly similar to theirs.
I hope that points you in the right direction...
BTW, i would recommend using VLAN 5 rather than 50 if you're going to use the IP range 192.168.5.0/24. Alternatively, use 192.168.50.0/24 if you want to stick with VLAN 50. It will make your life easier if you make a standard that 192.168.X.0/24 maps to VLAN number X.
Firstly and most importantly thank you for your time in responding to my plee.
You have certainly given me some excellent suggestions/conventions to use. I like your suggestion of using the 3400cl to route between the VLANS. This sounds like a simpler solution to utilizing another NIC on the DC.
Zone Director is directly connected to a PoE switch and in turn this switch is connected to port 41 on the 3400cl (Zone Director and APs for management purposes are assigned IPs from the primary zone 192.168.1.xx (undistributed segment of the IP range)
To configure the 3400cl switch as a DHCP relay, if I am reading your post correctly, I would follow the thread you have linked for me? If not, can you dotpoint the process of doing this based on the details of our infrastructure?
Yes, I will need to configure ISA to allow the new IP range access (at the moment that is the least of my concern, but thank you for reminding me) :-)
I will change the VLAN ID# to match our WLAN IP address as you suggest, that is a great recommendation.
Once again Paul thank you in advance for your much appreciated input and direction.
Just got back to work... thanks for the suggestion on direction and the link.
I have a new zone already created for the WLAN IPs but will do as you suggest first.
Appreciate your expert suggestions.
Sadly I've hit a brick wall but I'm somewhat pleased with my progress as I 'think' I've been able to configure most of what I needed to on the 3400CL (albiet wrong as it still isn't doing what I need it to do).
My noobism is getting in the way.
Here's settings as I have them,
3400CL has an IP on the primary VLAN 10.0.1.xx
Default gateway 10.0.1.xx (correct Gateway)
Default VLAN (1) Untagged 1-48
IP Address 10.0.1.xx 255.255.255.0 (same as primary VLAN address)
IP helper-address 10.0.1.xx (same as DHCP Server) (hoping not to use second NIC as per your first post)
WLAN VLAN (50)
IP Address 10.0.50.x2 255.255.255.0 (changed DHCP Zone as your recommendation in first post)
IP helper-address 10.0.50.x1
tagged 41-42 (port 41 is Zone Director)
Other APs and ZD are all using undistributed IPs from the primary VLAN accross other switches indirectly connected to the 3400CL.
Zone Director is connected to port 41, however I do not get an IP of 10.0.50.xx assigned. Our ISA Server is configured to allow the network ranges of 10.0.1.xx and 10.0.50.xx.
The ZD WLAN SSID that I'm attempting to connect to is configured to use VLAN 50.
I hope I've covered the details for you to hopefully pinpoint where I've gone unwired (pun intended).
If you have a moment, I'd appreciate your input Paul.
I think this is going to work a lot better if you post your config, preferably with the ports named.A few quick points, though:
Firstly, I've changed the IP helper-address on VLAN 50 as the IP for the DHCP Server - 10.0.1.14
'Undistributed IPs' is an allocation of IPs not distributed automatically via DHCP (shouldn't really matter but thought I'd add this just in case it did).
As suggested (I hope) following are the relevant named ports etc..
pt#31-32 DC Server / DHCP Server
pt#41 Zone Director (VLAN#50) tagged
pt#45-46 Switches (other layer 2 switches with APs connected all on Default VLAN #1)
ip default-gateway: 10.0.1.4
ip routing: enabled
Option 82: Enabled
Response Validation: Enabled
Option 82 handle policy: append validate
Remote ID: mac
ip address 10.0.1.35 255.255.255.0
ip address 10.0.50.2 255.255.255.0
ip helper-address 10.0.1.14 (DHCP Server address)
The single NIC on the DHCP server has been configured with the 10.0.50.1 IP in the advanced settings
DHCP Zone (10.0.50.01-254), is active with the Scope Options set the same as the primary zone (i.e. 003 Router 10.0.1.4, 006 DNS Servers 10.0.1.14, 015 DNS Domain Name xxxxx.xxxx).
Zone Director's SSID that I'm testing is configured for VLAN #50. I have another SSID group that uses the default vlan #1 (which retrieves an IP without issue).
That is all the relevant information I can see.
Hopefully there is enough here to pinpoint what I've got wrong, I'm guessing the issue is to do with way I have set the DHCP relay?
Again I appreciate your patience and time Paul.. I have learnt quite a bit since starting this exercise.
One problem i can see with your config is the router for VLAN 50 - it must be an address on VLAN 50.
Thanks Paul, but I'm still missing something. I clearly need training in Networking.
I've appreciated your time mate.
Hi Tropolite,Sorry i haven't had a chance to look at this with you in detail - i'm pretty busy at the moment. Hopefully i'll get a chance to look at it with you on the weekend or something.Regards,
No need to apologise Paul,
I get back to work Mon so if you do get a chance to have another look over the configs I'd welcome that, otherwise I fully appreciate the time you have already taken to help where you can (and that has been significant so far).
In the mean time I'll do more research at home by reading the switch pdfs to see if I can identify where the problems lie and learn more in the mean time.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.