Confused about native VLAN, tagged and untagged ports 1

[gmail2]

I'm pretty new to VLAN's so I hope somebody can help me out. I've got a ProCurve 26xx and I need to create two VLAN's. I renamed the native vlan to vlan1 and created vlan2 also. There is a PIX plugged into port1 which has had it's interface trunked. The VLAN assignment is as follows:

port     VLAN1     VLAN2
1        Tagged     Tagged
2-12     Untagged   Untagged
13-24    Untagged   Tagged

But I'm beginning to think that this is incorrect. I tagged port 1 to both because of the PIX interface being trunked. I left the remaineder untagged because this is the native vlan (now I'm not 100% sure if these two issues are even related). I can ping the default gateway on the PIX which is defined as physical. However, if I change port 2 (where the PC I'm testing from is plugged into) then I can no longer reach the pix. I don't quiet understand that, surely Tagging it into VLAN1 is a more explicit way of saying that the port belongs to VLAN1.

On the second VLAN however, where I've tagged all the ports for VLAN2, I cannot reach the interface on the pix (same subnet, defined on the PIX as logical). Am I completely missing the point here? Could somebody explin to me a little about the tagging? If I changed the VLAN assignement for VLAN2 on port 13 to Unassigned, would it work? Sorry, I didn't have much time to test yet ... but it just seems the more I think about this the more confused I get about the tagging and the native VLAN. Can somebody help me out at all?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[TheBublitz]

OK here is the skinny on VLAN tagging.



1. You ONLY tagg a port if it is going to recieve traffic from more than 1 vlan.(Examples would be an access point may be connected to a switch port. The access point may serv requests for Laptops<--Not 802.1q compatible so only get traffic from untagged vlan ususally vlan 1, and then wireless ip phones <---probably vlan 2 Tagged) another example is some people connect their PC to their IP phones to conserv cable drops. SO you set the phone to vlan 2 TAGGED and the pc only gets vlan 1 info Untagged.

2. You can only have 1 Untagged Vlan per port.

3. All non 802.1q devices will only recieve traffic on a port from the UNtagged VLan

4.Trunk ports to other hp switchs NEED to have both ends configured for 802.1q so both switchs get vlan 1 and 2 info

5. If you assign a device to ONLY 1 vlan lets say vlan 2. You dont need to tagg the vlan. so you would enter.....

vlan 2 untagged ethernet 5

This would take port 5 out of vlan 1 and into vlan 2 untagged(there is No need for the tag since its apart of only 1 vlan which is vlan 2).

If you wanted port 5 to be an access point OR a trunk port to another hp switch you would enter this

vlan 2 tagged ethernet 5

This would leave port 5 in vlan 1 untagged, and it would also be apart of vlan 2 tagged

6. If your PIX isn't 802.1q compatible then you need to enable IP routing on your switch to route between vlans. to do this enter the command...

ip routing

VERY important hehe

7. If you switch is going to be routing the vlans(most common setup)

All devices on vlan 2 Need to set their gateway to the switch IP configured for vlan 2.

The same can be said for vlan 1 devices unless you want the pix to be the gateway. (I woulden't reccommend this unless there wont be much traffic between the vlans)

8. The switch should use the PIX as its gateway or make a route

0.0.0.0 0.0.0.0 (ip of pix)

9. The pix needs a route to lan 2 also if its not handling vlan 2 traffic. Ill use 10.50.10.0/24 as an example for vlan 2 network and 10.30.30.0/24 for vlan 1 netowrk.

"10.50.10.0 255.255.255.0 (vlan 1)" (ip addres of vlan 1 configured into switch

and another route (if vlan 1 devices are using switch as gateway)

"10.30.30.0 255.255.255.0 (vlan 1)" (ip configured in the switch)


Billy Bublitz
Integrity Windows and Doors