Vlan issue on Procurve
Iím having a small issue hope you clarify a missing click.
ďmy uplink to the edge side is fiber optic from the Core to the edge 48 ports switch and itís untagged in VLAN 32 (primary VLAN) on 4 ports 45-48. Note that I have a 24 ports poe switch installed in the same floor cabinet with the 48 ports switch but no fiber from the core to it (its role to provide power to the AP).
What I did is that I untagged 2 ports 23-24 in VLAN 32 and connect one of them to port 45 on the 48 ports switch. Iíve created the same vlans as done on the 48 ports switch, but the issue is that I am not getting IP addresses from the DHCP server. Although on the 48 ports switch it's working fine
Is there anything else I should do?
thanks for your help
The ports that you've used to join the two switches together need to be tagged members of an VLANS you are trying to share. In other words make port 45 on the 48 port switch a tagged member of any VLANS you are trying to share, then make the connected port on the POE switch a tagged member of the same VLANS. Your APs will have to be on untagged (access) ports, unless they understand VLANS in which case they can be on tagged ports.
Hello Keithu, and thx for your quick reply.
actually what i did is I already tagged the uplink ports 23-24 on the 24 prts switch and 45-48 on 48 ports switch for the VLAN "WiFi" that i've created on both switches and already created on the core side. but still, i m not getting a reply from the poe side.
I don't know if these details i've provided are enough for you to understand the design.
thanks for your time dude
So your APs get DHCP addresses when they're plugged into the 48 port but not the 24 port poe? If your uplink ports are tagged members of "WiFi" and the ports connected to the APs are untagged members of "WiFi" it should work.
i have another issue maybe it's similar or related to the previous one.
this network is a part of a hotel where the design consist of creating a vlan per room number, for exp vlan 401 for room 401, vlan 502 for room 502 etc...i have untagged all the uplink ports on VLAN 32(primary) and created all the vlan's on all the switches in the floors, then untagged port 1 for room 401, port 2 in vlan 402, port 3 in vlan 503 and so on then tagged 45-48 the uplinks in each vlan. and i created the vlan 2 named GUEST then tagged all the ports in it including the 45-48 uplinks.
on the core switch side, i created the vlans as well, 401,402,403,...501,502, and tagged the uplink ports for every floor, then i created vlan 2 named GUEST and tagged all the uolinks to the floors as well...then I plugged my DHCP router on port B20 of the Core and untagged it in VLAN 2 then tagged B20 in all the VALNs.
with this, if i plug the pc in port 1 of the 5th floor, i am able to get an IP address from my DHCP router.
the issue is that the management of the hotel are asking that if the guest wants to connect to the internet from a public area not his room cable, they are asking to get access through his vlan room number through wireless AP.
what do i need to do to achieve this demand? note that i've created on the core switch a VLAN named it WiFi and tagged all the uplinks for the floors in it and created Wifi on the edges and tagged 45-48 as well in it. i have what we call MSM750 and procurve RF manager.
can you please advise? if there's smthg missing to do here.
It sounds like you've implemented all these vlans in order to isolate each room from the others. Is that right? You could do the same thing with just one VLAN using a feature called port isolation on the procurves (also called private vlans on some other switches). Although your clients will all be on the same VLAN they won't be able to tak to each other.
Expanding your current setup to wifi sounds like a nightmare. I would put everyone on a vlan with port isolation and have them authenticate to a captive portal.
It sounds very much to me like you are over-engineering a simple system, due to not having the right equipment.
What I'd be doing is scrapping cabled connectivity in rooms - in a hotel, there is no need for that. Instead, a simple, guest capable, managed wireless system would be the best solution.
However, if the budget doesn't stretch to that, how about using RADIUS authentication? ie. all ports are set up to connect to a radius server, where they can authenticate connected devices based on their MAC address.
You can then set up accounts in an Active Directory for each MAC address on a client's computer. If your Wireless AP's can tie into the same Radius based authentication, they can do the same thing.
But, the easiest thing to do would be invest in a proper managed wireless system. I've seen an Extricom system in use in one hotel, a Cisco one in another etc... Unmanaged AP's will be more trouble than they're worth.
Thx guys for all your suggestions, and i really thought of different solution because it's a nightmare as Keithu said...however, this is the design they have implemented and i'm obliged to stick to it as it is standard worldwide in all the branches all over the world.
it's taking me time to accomplish it and i need assistance, any suggestions?