hp vlan setup
im trying to set up vlans on a hp 2510-24 such that all vlans can see port 26 (server) but pcs on odd numbered ports cant see pcs on even numbered ports (test network seemed a nice simple idea lol)
so from what i can make out i want to tag port 26 on all vlans forbid 1,3... on even 2,4,... on odd and that should be it but atm all pcs can ping all pcs.
any idea where im going wrong?
if it makes any odds dhcp is from server on port 26 1 scope
What you probably want to do is set all the odd ports untagged for vlan only (don't worry about forbid) and the even ports untagged to vlan 2.
There's then serveral ways to setup the server, you could tag both vlans to tagged on port 26 and then enable vlan support via the network card properties on the server (if it has it)
Or if the server has two network port just connect one to a port that's vlan 1 untagged and the other to one that's vlan 2 untagged.
But first tell us what you're trying to acheive.
EDIT: And the two vlans should have separate DHCP scopes.
im just experimenting not trying to achieve much other than seeing if i can do it. I might at some point vlan off wifi traffic but its mainly to see if i can
how do i do scopes on diff vlans?
right on my 3 vlans (ignoring default) i have
vlan id2 tagged port26
vlan id3 untagged 1 tagged 26
vlan id4 untagged 2 tagged 26
pc plugged into port 1/2 cant ping or be pinged from port 26 can from 3+
Big picture only -
VLAN 1 - untagged - 1, 3, 5, ... , 23
VLAN 2 - untagged - 2, 4, 6, ... , 22
VLAN 3 - untagged - 24 (not sure where you got port 26 on a 24 port switch, but have not looked up this particular model) - for the server
VLAN 1 - create a deny ACL to VLAN 2 range
VLAN 2 - create a deny ACL to VLAN 1 range
Enable IP routing, make sure VLAN 1,2 have ip helper set up for DHCP server.
Get this working before you worry about tagging ports which overcomplicates things.
ports 25/6 are gb ports so server/uplink most hp 24 ports actually have 26 which is a pain sometimes when you replace 2 with a 48 lol
You need to set up access control lists on your switch if you want to actually forbid access to a vlan from different sections of the network.
Originally Posted by sted
tagging is the wrong way round you should be tagging ports you want to restrict and untagging ports you dont
odd ports are tagged vlan 1
even ports are tagged vlan 2
uplink port is untagged.
on the far end switch you would then do the same, uplinks untagged but the server port tagged in both vlan 1 and 2.