I have inherited a large govt based hp procurve network with a flattened core of 10 5406zl switches and number other layer 2 switches. Over the last year I have had to fix and standardize many things like spanning tree and I have installed all these on a 10 gig uplinks. When I look in the switch configs most everything is running on the default vlan 1 so we have a huge broadcast domain. My predecessor has all sorts of RIP, OSPF, and static routing going on that in some cases is bouncing the data all over the place for no reason until it finally hits a switch to get them out to the internet or to somewhere that makes sense. So while I have made a ton of progress here I would like to take this to the next level and get the vlans established, and get the routing and the ip default-gateway set to a best practices standard. My question here revolves around what other professionals would consider best practices on getting things set up correctly here. For example - should the vlans on all switches have an ip address or should the vlan ip addresses be only on the core switch vlans? Where should the default route on all switches point to? Is there a need to use an ip default-gateway? I'm making an assumption here that we have a top of broadcast traffic arping the whole network. Looking forward to wveryone opinion as to maybe how they may have their procurve network set up that might help me get mine in proper order. In our case we are using several cisco asa's and a fortinet virtual firewall. The fortinet is doing multiple isp load balancing and is currently the pc's default gateway and the default route (the 0.0.0.0 route) on most of the switches in the network. thanks in advance.
You shouldn't need a default gateway no, that's something that the routing will take care of anyway.
You only need an IP for VLANS on the device that's doing the routing; if there's more than one, then just on the primary device. The other switches don't need that information, they just need untagging/tagging where appropriate. If you want to have the firewall/security devices doing anything with the VLANS (i.e. any routing, security per vlan etc) they'll need setting up so they're aware. It's not a huge job (certainly not on a Fortinet box from experience (well, watching someone who does it do it properly! :D )
I have a network running all 5406,5412 and 8212 so i will help where i can
What is your end goal with this?? do you want a fully routed layer 3 to the egde network?? are you going to use rip or ospf (pick one) what does the layout of your network look like, maybe we could have a diagram of the current network and then what you want it to look like in the end, include vlan, uplinks and switch models etc
with your current setup if the routing is working correctly you will probably need a default route on the switch with your filewall connected to it, this will then be advertised to the other switches.
Im runnng 8212 and 5406 - 8212 as my core and then 5406 (distribution switch) 10g links and then 2910al for all client devices
8212 core switch has all the vlan information ip set default route etc - all switches gateways point to the core switch and are on there own management vlan (not 1)
the main distribution switchs edge comms rooms (5406) has all vlans required for that zone attached then depending on the 2910al the vlans needed for clients
it would be easier if you send network layouts and what you intent for vlans / ip etc.
Understand the pain. Flat network with 10x 5406zl's is a big ask. Been a while since your post, so I'm curious how your going.
I look after 6x 8200zl/5400zl's on a 2 campus enterprise, use collapsed core/dist for backbone/building distribution, and plenty of other edge switches 2910al/2810-48/2520, etc. Have ASA's, and other virtual/physical devices for other network services.
First step before anything else is layer 1, 2 and 3 network diagrams. Then perform a baseline analysis. Really need to know what is currently happening before making any design changes. Where's the DC's, wheres the DMZ, Border, what clients are where, what numbers, etc. Also need to know protocols and applications. For example, if layer 2 is required from point A to point F to support some application, then how do you segment that?
I use MSTP and OSPF, but that tends to get quite complicated. Unfortunately, the Procurves haven't kept up with recent developments in the switching world, and don't support TRILL, SPB or similar - which would be far more suitable. Plus, you're likely using virtual somewhere along the line, and that can complicate matters. I'd suggest looking at upgrading your core network to the latest technology if you get the chance (in terms of HP that's the new lines 59xx/58xx).
If you're stuck with Procurve, then KISS. Don't try to be too tricky. Get rid of RIP asap, not worth the effort, it doesn't scale well and can be buggy. Try and simplify the STP design as much as possible. Have multiple smaller STP domains rather than a single large one, this stops STP problems propagating across the network. Use UDLD on any trunk links. Enable STP on ALL switches (to prevent loops), but only after design is considered. Manually prune STP domains using BPDU-filter with or without routing links. Less trunk links the better - always opt for 802.3ad between switches. One or two 10Gbps trunks is enough for most designs. Only enable ip routing on core/dist. Edge switches should be "no ip routing".
But before doing anything, you need your documentation of the current network up to date and detailed, and need to know about every application that is used and where and how it talks. Taking that information, you have a chance to know where you want to go, and work on a new network design document. Then you can figure how to get there. To migrate, do one application or change at a time, test. Try to avoid making multiple changes at once, because if it fails, it can be very difficult to troubleshoot on the procurve platform.
Just getting quotes on 5406/5412 so watching this thread. I was hoping the LEA could handle this for me but they can only quote for cisco and that came to 29k to for a 4500E 7 slot to meet my requirements (modular, 10 gig, POE+, lots of SFPs, room for expansion etc)