VLAN Routing on 5406 zl
Right then, i've finally got my new core switch, a HP Procurve E5406 zl, and it's a beast. I've been advised to split my network so that each building is on it's own VLAN.
So it will be something like this.
Default - Vlan 1
Servers - Vlan 2
ICT - Vlan 3
Technology - Vlan 4
Maths Block - Vlan 5
RSLA Block - Vlan 6
Science Block - Vlan 7
3 Storey Block - Vlan 8
CCTV - Vlan 9
Admin - Vlan 10
I don't know whether or not to put printers on a seperate Vlan, what would you think.
Also, we are running a 10.68.x.x ip range, from reading some of the other posts on here i've come to the conclusion that i'll have to create subnets for each of my 10 Vlans, is this correct. I want to have all my Vlans routing on the switch through to the servers vlan for dhcp (so ip helper-address i think on all the other vlans).
How would I go about setting this up?
Would I create scopes for each subnet on my DHCP server so that they could assign ip addresses to the clients on each vlan? And this may sound a bit silly, but what ip address do I put in for each default gateway? Is it the ip address that gets assigned to the Vlan on the switch?
Yes, add a printer VLAN, they are terrible culprits for broadcast traffic.
Yes, split into subnets.
You need to set a route up on the switch for each VLAN and set an IP address for the switch in each VLAN. In each VLAN you want to use DHCP you want to add an IP helper address pointing to your DHCP server. You also want to add an IP helper address to any server that you use for PXE boot such as a windows deployment server.
On your DHCP server, yes set up seperate scopes. Have the default gateway as the IP address of the switch in that IP range.
Thanks for that, can i just check one more thing, currently we have a subnet of 255.255.252.0 which has a masive range. This is set as one DHCP scope. If I create scopes for each Vlan on the DHCP server, do I then remove this current subnet and scope?
Also, I read somewhere that you have to enter the subnets in AD sites and services, is this true?
Oh, and I forgot to ask, do I put all my switches and wireless points on the default Vlan, which will be the management Vlan, or should I put all the wireless points on a Vlan of their own?
Thanks for that, can i just check one more thing, currently we have a subnet of 255.255.252.0 which has a masive range. This is set as one DHCP scope. If I create scopes for each Vlan on the DHCP server, do I then remove this current subnet and scope? Yes, the easy way is to use a different private IP range if that's possible, especially if you're working on this with the network live.
Also, I read somewhere that you have to enter the subnets in AD sites and services, is this true? Yes
Stick your wireless points on their own VLAN. It's also recommended by HP for better security to put the management interface of the switches on their own VLAN, but that can be a pita.
Originally Posted by dezt
To give you a rough idea of how to set up a VLAN from the command line on the switch:
ip helper-address 18.104.22.168
ip address 10.0.0.1 255.255.255.0
ip rip 10.0.0.1
I think what i'll do is get everything setup on a test server running DHCP in a test enviornment, and then when everything is woking fine I can implement it during the summer holidays.
The Admin Vlan will be getting it's DHCP lease from a different range, 10.120.x.x, which is what we have been allocated for our admin domain, so i'm thinking that I would leave that domain as it is for the time being, with the server being a member of the 2 vlans we currently have, curric and admin, so it can send DHCP via it's 10.120.x.x address to admin clients and also allow SIMS to be used by curric clients.
It works that way at the moment, with no routing in place on the current core, would that just be the same, or would I be better off setting up ip helper address for the admin vlan to point to the 10.120.x.x adaptor in the admin dc.
Leave it as it is, it's more secure, unless of course you want to start messing with Access Control Lists on the switches, which you may want to do anyway to prevent traffic routing between client VLANS.
So if i'm right, this would be how I would do it for my server vlan for 10 servers
ip helper-address 10.68.x.x
ip address 10.68.x.x 255.255.255.240
ip rip 10.68.x.x
What are the ip igmp and ip rip commands for?
Yep, that's about right, the ip helper address wants to point to the ip address of your DHCP server, the ip address wants to be an address within the range you have assigned to that VLAN (I tend to use the first IP address in the range) and the ip rip address should be the ip address you've set in the ip address line. The ip rip command enables routing in the vlan and igmp enables multicasting, prob won't need that.
How do I set a route to my normal default gateway to allow internet access?
my usual default gateway is 10.68.40.1
Once I know how to do this I should be good to go.
without being in a VLAN config:
ip routing (this will enable routing on th eswitch)
ip route 0.0.0.0 0.0.0.0 10.68.40.1 (this adds your default gateway as the default route)
Thanks for all your help, your a star.
Just wondering, how would I manage my switches? Would I route from the server Vlan to the Management Vlan (or Default Vlan), as they are on different subnets.
I'm guessing I would.