VLAN Networking

So, who is going to be able to help me with this problem, Jim, I'm not looking at you!

Before we begin, I'm not network expert, I deal with databases / SQL for most of the day, so this is all a bit new to me.

Basically I have been given a task of creating a couple of VLAN's on a switch (HP Procurve 2848) that will have separate networks on, but they all need to connect to a single modem router on a single port on the switch and I'm really struggling to get anywhere.

To break it down:

Modem / Router
This assigns IP addresses in the 192.168.1.X range and the default gateway is 192.168.1.254

Switch
IP address 192.168.1.1 with the default gateway 192.168.1.254

I have created 3 VLAN's (1 is default)
Default VLAN - IP 192.168.1.1 / 255.255.255.0
VLAN2 - IP 192.168.10.1 / 255.255.255.0
VLAN3 - IP 192.168.11.1 / 255.255.255.0

The output of the config if it helps is:


If I connect any PC / server into the ports used for the default_vlan, it can get out on the internet. If I connect anything to VLAN2 or 3, this cannot get out on the internet.

I've tried numerous tagging / untagging options on the ports used and I'm not getting much luck.

Any ideas?

What's the DHCP scope set to on your router?

EDIT: And remember on Procurves, untagged and tagged are the reverse of whatever you may have worked with before (e.g. Ciscos) - so Tag VLANs on your trunk ports

EDIT2: You might also need IP helpers on your VLAN interfaces.

Router is set to DHCP scope on 192.168.1.64 - 1.252, but I'm not overly fussed about using DHCP for these devices on the other VLAN's.

Now, tagged and untagged is what gets me confused.

The modem router goes to port 1 on the switch, default_vlan is on port 1,6,7,8 (all set as untagged). I have a server plugged into port 6&7 and I assigned a static IP address and this can connect to the internet without any issues. If I plug a laptop into port 3 (VLAN2, ports 2,3,4,5, all untagged) I can't get anything. I have trued changing port 1 in VLAN2 to tagged and that didn't help.

I... No, it's gone.

Have you looked down the back of the sofa, Jim?

Tagged/Untagged is very simple on Procurves.

Think of untagged as an access port/end point i.e. if you untag a VLAN on a port, anything you plug into that port is a member of that network/VLAN.

Tagging a port tells that port that it needs to carry traffic from that VLAN/network but its not physically a member of that network.

In your scenario, try setting port 1 on your switch to untagged on vlan1, tagged on 2 and 3.

All other ports simply need to be untagged on whatever VLAN you want them to be a member of.

I wish. Sofas have been eBay-ed, prior to move. I hope my NAS will work on Spanish electricity...

Cheers Jim, knew I could count on you



I already tried untagged on vlan1 and tagged on vlan2&3 on port 1. That's what I started with as I thought it would be correct

Hi Infrastructure guy here

Unfortunately this is not as simple as you may want.

Lets talk about this slowly and carefully.

Option 1
You have a "real" router

Set up like this. you have sub interfaces for simplicity fe0/0/1, fe0/0/2, fe0/0/3

Each "Sub interface" can be assigned an IP that will be that network's/subnet's default gateway


Option 2
You have a layer three switch

Your L3 switch has an Ip address on each VLAN (this is my lab set-up and common in most places I have worked.)

you set an ip on the router and switch port fe/0/x so that you have a route through to the GW. Most routing happens on VLAN interfaces.

I can configure equipment PM me You have contributed to forum plenty.

option 3 cheepo router with 'vlans' cheep switch l2 vlans.

Each VLAN group has a cable to a switch port. there is no tagging.

Begbie you have made many good posts that have learnt me stuff PM me I could donate 1 hour and set it all up.

What you are trying to do is called 'inter-VLAN routing', for which you need a Layer 3 switch. Your 2848 is only a Layer 2 switch, so it won't pass traffic between VLANs.

With a Layer 3 switch, you can configure a virtual IP on each VLAN, which you then set as the default gateway for equipment plugged into the ports that are members of that VLAN. This gateway is then how traffic passes to other VLANs.

Computers, servers, printers etc. are all completely unaware of VLANs, which is why they all connect into untagged ports. Only equipment which is capable of being VLAN aware such as switches and routers, connect to a tagged port.

Well, I finally cracked it

It needed a route adding on the modem / router on where to send the data back to. So in my case, it was of adding a route of 192.168.10.0 / 11.0 255.255.255.0 192.168.1.1

The modem will send the data to the switch, from there, the switch will pass the data to the VLAN's.

Thanks to everyone who helped though.

Facepalm moment... glad you got it sorted.