Re: Adding vLAN not working on HP Procurve
For the purposes of 'making it work'; you probably haven't tagged the vlan on the uplink.
Aside from that though, why on earth so many vlans? Seperating by room seems a little more than overkill! You can happily run several hundred machines on a single network even over 100meg uplinks. The only thing you're going to cut down on over all those vlans is broadcast traffic - which really won't be an issue (at least not in the average environment) until you hit ~400 odd machines. Seems like extra overhead on your switches & technician time for no good reason really. :)
Re: Adding vLAN not working on HP Procurve
Yes! That's the problem. Well, they're not tagged so I'm guessing it is.
We have a vLAN per room just because when I came here there were already around that many vLANs but weren't in any particular arrangement.
When the Head of ICT wanted to look into blocking internet access by room I realised we have enough to assign each room it's own vLAN and then I could block access using our ISA, so that's how it ended up like this.
It works fine until there's something like this, but I'll remember this oversight and it wont happen again lol.
Re: Adding vLAN not working on HP Procurve
You can assign each room it's own network as part of a larger single subnet without arsing around with a small world of vlans. :)
vlan'ing everything off just creates so much unnecessary load on the switches that have to do all this extra routing. Why not just assign each room a /24 of part of a /16 network (or a /26 as part of a /23 or whatever). You can then do your room blocking by network to get just the same result without all the overhead. :)
Glad you managed to solve it though. :)
Re: Adding vLAN not working on HP Procurve
Quote:
Originally Posted by GeeDee
You can assign each room it's own network as part of a larger single subnet without arsing around with a small world of vlans. :)
vlan'ing everything off just creates so much unnecessary load on the switches that have to do all this extra routing. Why not just assign each room a /24 of part of a /16 network (or a /26 as part of a /23 or whatever). You can then do your room blocking by network to get just the same result without all the overhead. :)
Glad you managed to solve it though. :)
Its the broadcast traffic that I'm looking at reducing with vlan implementation, as well as 802.1x.
Mixing different subnet masks can also break things (snmp for me).
Re: Adding vLAN not working on HP Procurve
I know nothing about subnetting *ashamed*
Re: Adding vLAN not working on HP Procurve
Quote:
Originally Posted by DMcCoy
Its the broadcast traffic that I'm looking at reducing with vlan implementation, as well as 802.1x.
Mixing different subnet masks can also break things (snmp for me).
Sure, and that's the primary reason for deploying vlans in this kind of environment usually - but you really don't need many. Running Windows clients, you could happily shove ~350 - 400 machines in a single vlan, even with 100meg uplinks & clients using el cheapo switches.
And you don't need to mix subnet masks (nor should you) just to provide a 'simple' way to select a logical group of machines. The machines can run on a /24 (or whatever), but when you tell your proxy to deny on a /26, only those logical machines will be affected. It's just an easy way to select part of a network. :)
Quote:
Originally Posted by mrforgetful
I know nothing about subnetting *ashamed*
It's actually pretty easy to get your head round, at least at this sort of level. All you need to remember is that a /24 is your typical "home network" block of 255 addresses, using a subnet mask of 255.255.255.0. So 10.10.1.0/24 would be a single network of 10.10.1.0 through 10.10.1.255, using a subnet mask of 255.255.255.0. You then just work from there, so a 10.10.1.0/23 would be 10.10.1.0 through 10.10.2.255 (and 10.10.1.0/25 would be 10.10.1.0 through 10.10.1.127). So, if your network runs on a big network of 10.10.1.0/24, but you tell your proxy to please ban 10.10.1.0/25 - that would be 10.10.1.0 through 10.10.1.127. Likewise, banning 10.10.1.128/25 is the other half of the network. You can of course go deeper, a /30 is a network of 4 machines. :)
Re: Adding vLAN not working on HP Procurve
Makes no sense to me lol. I don't think I can remember what /23 etc changed the addresses to.
Anyways, on a brighter note (or not you may think ;)) today I've taught myself to add a vLAN from scratch, so now I have a VLAN130 :)
First time I've set up a DHCP scope, DNS Lookup Zone, configured the support for it on my Core Switch and added a Virtual LAN adaptor!
Go me.
I've earn't my fish and chips for dinner hehe, oh and Curry tonight with the IT department. Sorry I'm ranting - really good mood.
Thanks for all your help and advice guys.
