Help with Setting VLANS in Procurve, please

[flednam2]

Dear Community,

I would appreciate some help with setting up Vlans on my Procurve 1810G.

As an example to illustrate what I want to achieve:

Eg:
1 Vlan for upstair, say VLan 101, ports 2 to 4
1 Vlan for downstair, say VLan 102, port 5 to 8
with Port 1 connected to the router as Trunk

Router can handle Vlans.

I have tried many but unable to get the second Vlan to work for some reason. This is my latest setting:

Default Vlan1:
Port 1 as Trunk and Untagged.
Ports 2 - 8 marked as Excluded (E)

VLan 101
Port 1 as Trunk and Tagged
Ports 2 - 4 Untagged
Port 5 - 8 Excluded

Vlan 102
Port 1 as Truck and Tagged
Ports 2 - 4 Excluded
Ports 5 - 5 Untagged

For some reason, VLan 102 refuses to play ball. And a few more hairs falling off my head.

Thank you for your help in anticipation.

 

[unclerico]

what kind of router do you have?? can you post the router configuration??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[flednam2]

Thanks for your reply.

The router is a Mikrotik RB450G.

Here is an extract of the current configuration setting in the router.

(I hope that it's not too much detail).

# jan/15/2010 20:32:12 by RouterOS 4.2

/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:43 \
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:44 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:45 \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:46 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:47 \
master-port=none mtu=1500 name=ether5 speed=100Mbps

/interface vlan
add arp=enabled comment="" disabled=no interface=ether2 l2mtu=1520 mtu=1500 \
name=VL-101 use-service-tag=no vlan-id=101
add arp=enabled comment="" disabled=no interface=ether2 l2mtu=1520 mtu=1500 \
name=VL-102 use-service-tag=no vlan-id=102

/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
switch-all-ports=yes

/ip dhcp-server
add address-pool=static-only authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=VL-101 lease-time=3d name=server1

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback

/ip address
add address=192.168.101.1/27 broadcast=192.168.101.31 comment="" disabled=no \
interface=VL-101 network=192.168.101.0
add address=192.168.102.1/27 broadcast=192.168.105.31 comment="" disabled=no \
interface=ether3 network=192.168.102.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=61.9.134.49 secondary-dns=\
61.9.133.193

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall filter
add action=drop chain=forward comment="Invalid Connections" connection-state=\
invalid disabled=no
add action=accept chain=forward comment="Established Connections" \
connection-state=established disabled=no
add action=accept chain=forward comment="Related connections" \
connection-state=related disabled=no

/ip firewall mangle
add action=mark-packet chain=prerouting comment="" disabled=no dscp=26 \
new-packet-mark=VoIP-SIP passthrough=yes
add action=mark-packet chain=prerouting comment="" disabled=no dscp=46 \
new-packet-mark=VoIP-RTP passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
ether1
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.0.0/16

/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set VL-101 discover=yes
set VL-102 discover=yes


/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set VL-101 queue=default
set VL-102 queue=default

 

[unclerico]

i'm not familiar with that type of router but this caught my eye:
add address=192.168.102.1/27 broadcast=192.168.105.31 comment="" disabled=no \interface=ether3 network=192.168.102.0

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[flednam2]

Hi Unclerico,

I have to take my hat off to you for having a sharp eye on that error.

But that was not the issue. It was an offline typo. In editing the details of the current router configuration file from the 4 actual vlans down to 2 to make it short and simple in illustrating my problem, I made this offline typo. I am terribly sorry to have sent you to wrong spot and wasting your time.

This brings me back to my original issue. And I am not sure from your reply if my VLan setup in Procurve 1810G looks correct?

Much appreciated for your community spirit.

Cheers

PS. I have been recommended Mikrotik router by a geek. And I understand that it is as capable as a Cisco router at a fraction of the cost. In case you wonder.

 

[flednam2]

Hi Unclerico,

I stumbled on the correct settings of the Procurve 1810G and traffic now flows through like water under the bridge.

By excluding the Trunk port in Vlans 101 and 102 (marking as E), traffic from the router flows through smoothly.

Essentially, it appears to me as if i initially oversubscribed the Trunk Port in 1810G. To me, this mean the Trunk port can only be specified as the Untagged Trunk port in the default Vlan. For the remaining VLans, it needs to be excluded as a trunk. At least on the 1810G anyway.

(From original setting, s/be port 1 Trunk and E(xcluded) in Vlans 101 and 102).

Again, I thank you for your community spirit and help.

Cheers

 

[VinceWhirlwind]

It looked to me like you were missing an IP address for VLAN 102 on your router.

 

[dashrender75]

I would guess in your 1810G that 'trunk' might have something do with with LACP (link aggregation) more than the trunking of multiple VLANs on a single link. Your having 'Taggeg' the uplink port (the one that goes to your router) already did that function.

But this is only a guess.

 

[flednam2]

VinceWhirwind,
Thanks. I have it working now. At one stage, that was what I thought. As it turned out, I did not have the correct Vlan setting in Hp 1810G initially. It's working fine now.


Dashrender75,
You're right there. I ended up having dual Trunk ports b/w the switch and the router. And it's fast.

My commnent here is that there are diffirences of Vlan setups at implementation level from one switch to the next and this makes problem solving a bit more challenging.

I consider my issues solved. Will close this thread in a day or two.

Thank you all for your contribution. Unclerico in particular.

Cheers