Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VLAN help needed

Status
Not open for further replies.
tmckeown

tmckeown

IS-IT--Management
Nov 15, 2002
448
US
I hope someone can fill in my missing knowledge about VLAN. Bear with me, I'm new to VLAN, so I could be missing something very basic. Let me describe our setup.

We have 5 seperate buildings. Each building has a HP 2650 switch. In our data room, we have a HP 3400CL as the main switch. In each of the 5 buildings, we have a Cisco Aironet 1231 wireless access point.

On each switch and each access point, I created 3 VLANs: VLAN1=Employees, VLAN2=Guest, VLAN3=VOIP. Currently, we have one firewall/gateway to the internet. I have one DHCP server. I have only one subnet configured for the network. The mask is 255.255.0.0 and broken down like this:
10.11.1.x = computers, switches, servers
10.11.2.x = printers
10.11.3.x = IP Phones
10.11.4.x = Access points

My main goal is to segragate guest traffic from our network and give priority to the IP phones. All the guests will connect via the Cisco access points. I want them to get to the internet, but not to our servers. The VOIP VLAN is setup for wireless IP phones (Avaya/Spectralink).

So, as I said, I created those VLANs on the switches and the access points. On the switches, I set all the ports for VLAN1 (employees) to untagged. I set all the ports for the other two VLANs to tagged. VLAN1 is the native VLAN on both the switches and the access points. I have no security on the system (as of yet). There's no one here, so I can experiment without security issues.

Now onto the problem.
I use a laptop and a wireless IP phone to test. With the above configuration, from my laptop via 802.11g, I can connect to VLAN1, but both VLAN2 and VLAN3 give me a "limited or no connectivity" error when trying to connect. The wireless IP phone can not connect either.

If I change the native VLAN on the access point to VLAN3 (VOIP), the phones connect.

It seems to me that the "non" native VLANs (via wireless) are not getting network information from a DHCP server. Do I need a separate DHCP server for each VLAN?

I know I'm missing some basic principal in working with VLANs, but I'm unable to figure it out on my own. Can someone give me a clue?

Thanks for the help.
Tom

 
Sort by date Sort by votes
OK, I went a bit further and got the guest VLAN (VLAN2)working by putting a router w/DHCP on a port that has VLAN2 set for untagged.

Now, I need to figure out how to do the same with VLAN3 (VOIP). It needs access to some network server. Each por can only have one VLAN configured for untagged, so how do you route traffic from two VLANs to the same server?

Thanks,
 
Upvote 0 Downvote


For vlanning to work, Each vlan has to be on its subnet. So for example if you were using 10.11.1.x for vlan1 and 10.11.2.x for vlan2 then you would need to use a mask (such as as class c mask 255.255.255.0) that would require them to use a router to talk to each other. In your case your hp switch(s) would be acting as the router(s).

 
Upvote 0 Downvote
are you using trunking between HP switches? are your switches L2/L3?
 
Upvote 0 Downvote
If I read you correctly the IP-phone needs to access two VLAN's at once.. you can't set two untagged VLANs on a port as without tags the port and IP-Phone has no way of knowing which packet belongs in which VLAN - some switches will let you put ports in two untagged vlans - this is the same as connecting two ports together with a wire - defeats the object of having VLANs

What you need to do is EITHER - get the IP-Phone to run tagged packets (I've never used one so I don't know if this is possible) and put it in two vlans.. or ..

Stick the ip-phone in VLAN3 but make the resource you need in vlan 2(?) available in VLAN3 in one of three ways - 1) get a L3 switch and route between VLANs - that way no L2 traffic messes up your nice clean VOIP VLAN but you can route IP to the server.

2) put a second NIC in the server and assign it an IP in VLAN3's IP range so it appears in two places at once.

3) If the nic you have (HP or Intel do) has VLAN 802.1Q supporting drivers you can run tagged packets to the NIC and have "Virtual NIC's" rather like option 2.

I'd prefer option 2 unless you expect a lot of traffic to need to cross VLANs - the more you allow IP to "see" vlan 3 the more traffic can possibly bung up the VOIP traffic.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eca2
  • Locked
  • Question
Basic VLAN Configuration
Replies
1
Views
194
AH64Armament
AH64Armament
kryptor
  • Locked
  • Question
VLANs causing me a headache!! 1
Replies
1
Views
699
meneerB
meneerB
PretorianGhost
  • Locked
  • Question
VLAN Trunking J9782A
Replies
3
Views
213
VinceWhirlwind
VinceWhirlwind
whatwhatwhatwhat
  • Locked
  • Question
Domain login for laptop users. Please help
Replies
0
Views
100
whatwhatwhatwhat
whatwhatwhatwhat
DUMB4EVER
  • Locked
  • Question
3COM 3CR17333-91/HP 4210 VLAN questions
Replies
0
Views
142
DUMB4EVER
DUMB4EVER

Part and Inventory Search

Sponsor

Back
Top