Help with VLANs

[robbie-w]

Hello,
We are new to VLANs and just have a basic question to clear up some issues with understanding a few points

We have a 3com 5500G backbone consisting of 1 copper 48 port 5500G and 1 x Fibre 5500G linked together by XRN. The copper switch acts as a server switch and the fibre switch ports each has a 3Com 2948 switch attached to them. 2 fibre ports are inter site links running at 10mb and 100mb to different sites.

What I want to do is VLAN off segments of the network possibly switch rooms at a time which could be a group of 4 x 2948. But also vlan off each inter site link.

What I have been doing as a test is the following

VLAN1 - Servers and Admin
VLAN2 - Site 1
VLAN3 - Site 2
VLAN4 - Switch room 1
etc

As the 5500G is a layer 4 switch it can handle the routing and has allowed me to create a vlan interface for each vlan which works well.

What I have done is rather than go into the end point switches is set each fibre port on the 5500G to a VLAN(untagged)

e.g. 1/0/1 VLAN2 1/0/2 VLAN3 etc

Each VLAN correctly DHCP's to its own subnet(from a single DHCP). My first question is should it be possible that each VLAN can ping and access each other? (Because they do). I was expecting them not being able to without being specifically tagged with the others vlan id?

My second question is if this is supposed to happen like this then is it reducing the broadcasts like VLANs should? vs a flat network

Number 3 is if I havent done things right should we be going into the 2948's and setting the VLANs there rather than at the core?(We were being lazy because we didnt see it was necessary)

Sorry for the essay hope I've explained myself

Thanks

Robbie

[powdarrmonkey]

Each VLAN correctly DHCP's to its own subnet(from a single DHCP). My first question is should it be possible that each VLAN can ping and access each other? (Because they do). I was expecting them not being able to without being specifically tagged with the others vlan id?

That's down to the firewall in your routing. If it's allowed to ping through, then it can.

My second question is if this is supposed to happen like this then is it reducing the broadcasts like VLANs should? vs a flat network

Yes. A broadcast is only sent to the local subnet, where a ping request (or any other form of ICMP traffic) is routed to the IP that you specify. A broadcast packet will not be transmitted beyond its subnet (known as a broadcast domain).

Number 3 is if I havent done things right should we be going into the 2948's and setting the VLANs there rather than at the core?(We were being lazy because we didnt see it was necessary)

You have done it right, you just need to configure your firewall properly.


The TCP/IP Guide - IP Basic Address Structure and Main Components: Network ID and Host ID has some quite good info on subnetting, broadcast concepts, etc.

[jimothy]

I don't know if this will be of any help; but we VLAN'd our network as we had many sites. To give more control over traffic we set Access Control Lists which effectively denied inter-site traffic as we routed everything through to our main site. Before we had ACLs effective every VLAN could access every other VLAN.

We are using HP Procurve equipment (Mainly Layer 3 switches) so I don't know if there will be any similarities?

As you're using Layer 4 devices you should be able to be more granular over the types of traffic you allow.

[robbie-w]

Thanks guys thats cleared it up

[robbie-w]

Thanks thats cleared it up

Robbie

[contink]

Just to piggy back on this thread as I'm an even bigger babe in the woods when it comes to VLAN.

Can anyone recommend small scale switches capable of handling VLAN. I'd like to setup a VLAN at home and learn the ropes as I don't get the opportunity in any of my schools.. Budget is tight so obviously cheaper the better...

Thanks in advance and apologies for stealing the thread

[Geoff]

Grabbing a second hand Catalyst series Cisco switch off ebay would be ideal.

[jimothy]

I only really know HP; an entry level Procurve would do the trick:

Ebay

The only difference is in the terminology as HP call VLAN trunking: tagging

[Geoff]

The HP command interface is modelled on Cisco's IOS, so you'd be right at home with either vendors switches.

[jimothy]

The HP command interface is modelled on Cisco's IOS, so you'd be right at home with either vendors switches.

Sorted then

[DMcCoy]

One thing to bare in mind for home is those procurves make *lots* of noise.

Other things will be lack of vlan routing and ACLs that are only available on bigger switches, although some have limited support.

If you just want to try the VLAN side itsef without doing routing, acls, dynamic vlans etc the Procurve 1700 is a cheap web managed and silent (J9079A).

I was looking into getting an 1800 for home, web managed, 24 port silent 1GB ports

[Geoff]

If you are feeling brave you can pull the ProCurve apart and replace the fans. If you stick some nice quiet zalman (or similar) ones in the difference is amazing.

[Joedetic]

The Cisco switches are noisy too tbh, but you can replace the fans as Geoff said.

One of the things I love about VLANs on Cisco kit is VTP. I'll be going back into a HP environment soon and will have a lot more to do with the switches than I did before, what are the main differences between HP CLI and Cisco IOS CLI?

[Geoff]

One of the things I love about VLANs on Cisco kit is VTP.

You should be using GVRP now, like everyone else is.

I'll be going back into a HP environment soon and will have a lot more to do with the switches than I did before, what are the main differences between HP CLI and Cisco IOS CLI?

The HP interface isn't as buggy and does everything out of the box without you having to buy 'addons'?

But seriously, the major differences is that HP uses the IEEE standard equivalent of Cisco proprietary protocols. So GVRP instead of VTP, LLDP instead of CDP. 802.11Q instead of ISL. Etc.

[Joedetic]

Yeah. GVRP wasn't on the CCNA 3 syllabus...vtp was that's how I know about it. 802 standards I expected.

Are the commands different such as enable, and show etc etc etc?