Hi,
Wow and wow. This was exately what I wanted even though Im not that new to network so first part was not new to me.
Totaly agree about the HP cloud managment but plan was to config everything in local and then switch it over to cloud to have an Nice overwview in an app.
Its everything about Vlans. I think I got it all except a few things. I guess I need to config the trunkport on both the router and switch?
Do I need to connect an aditional cable for the trunkport e.g port 22 or will port 23 be used according to your guide?
To understand: so if I use same Vlan it Will not need to intervlan routing on the router only do the switching on the switch and therefore I dont need any router with 10Gbe as long as I dont need to jump between different Vlans?
Port 24 Will be my managment port because I tagged the Vlanson this port?
I already locked myself out trying to get away from Vlan 1 once so will do this later as you said. :)
I saw you could setup dhcp on the 1930 when is this used then?
Not home before later next week so just waiting to try it all out.
Tnx a lot for all help so far!
------------------------------
Thomas Holmberg
------------------------------
Original Message:
Sent: 09-25-2021 05:36 PM
From: TerrenceT Tibbs
Subject: Newbe need help to get access to several Vlans on Instant on 1930 24G
Hi,
ok let me help you setup from what I understand you are trying to achieve.
Forget 2 routers you don't need 2.
example
Plug your PC into a LAN port on your router
set your router ip and admin login to 192.168.1.1
Your WAN will be the internet ISP cable coming in, leave that alone as the ISP will give you a static or dynamic IP at their end.
Your LAN on your router will default to 192.168.1.1
Plug your 1930 in from port 23, into your router on any LAN port
Now plug your PC into port 24 on your switch, Use port 24 as good practice to keep your dedicated management port well away from your other ports(i am presuming its a 24 port switch)
If you have DHCP set on your Router it will give your switch an IP in the subnet range, if not then you need to assign an IP to the switch (highly recommended).
Login into your HP switch and set the IP of the switch to "static" 192.168.1.2 use the same subnet as the default router subnet.
Forget the HP cloud management, it's shite and will restrict what you can do, just use local management as you arnt running 100 switches.
Reboot your router and Switch.
Your router is now 192.168.1.1
Your switch is 192.168.1.2
Now login into your router and do the following
This will vary depending on model etc.
By default your LAN will be 192.168.1.x
Your VLAN will be 1 by default even though its not assigned, this is standard practice.
Create a VLAN 10, 20,30 on your router
Assign an interface (can be all on the same port for now) to each VLAN and an IP range
VLAN 1= default LAN and will be used for management (this isn't great practice) but your risk won't be high for home use so don't worry, just read about changing over to a dedicated VLAN for management when you are more confident or you will lock yourself out from your network.
VLAN 10 = 192.168.10.1 camera
VLAN 20 = 192.168.20.1 servers
VLAN 30 = 192.168.30.1 storage
If you want DHCP on each VLAN then setup the DHCP for each VLAN on your router, if you don't do this you will need to assign each device its own IP or it won't know which subnet to be attached to. Personally if you are new to all this I would leave DHCP switched on for all your VLANS/Subnets on your router and let the router hand out the IP. Then you can set static IP on your router for each device by MAC address later to allocate dedicated IP's.
Let your router do the routing and the switch do the switching.
e.g.
it's good practice to keep your vlans in sync with your subnets, just to help you in 3 months when you forget everything.
server ip 192.168.20.10
camera ip 192.168.10.10
storage server 192.168.30.10
Setup your firewall rules for now, just allow any to any, this well let your router speak to all VLANS on the interface , when you understand firewall rules more you can start to lock down your network by restricting what devices can talk to each other across your VLANS.
Once you have done this then login into your switch at 192.168.1.2
Create VLANS 10,20,30 on your switch
assign the ports for example
port 1 - vlan 10 untagged
port 2 - vlan 20 untagged
port 3 - vlan 30 untagged
Now create your trunk port to pass all the vlans from the router to the switch down 1 port (cable)
assign vlan 10,20,30 to port 23 on your switch as tagged (important if you don't do this you wont pass any vlans apart from VLAN 1)
plug camera into port 1
plug server into port 2
plug storage nas into port 3
From your PC if you are on windows type cmd into the search bar
open terminal
type
ping 192.168.1.1
this should give you your router
ping 192.168.1.2
give you your switch
ping 192.168.10.10
give you your camera
ping 192.168.20.10
give you your server
ping 192.168.1.30.10
give you your nas storage
now that everything is talking you can check your ping from your router using the same method. you should be able to ping your switch, router, and all devices from your pc.
Assign as many ports as you need to each vlan on your switch.
If you want 10gig on your nas then just use one of the 10gig ports on your switch and just change the port number assigned for the VLAN.
Same for your PC just connect up to the 10 gig port on the same vlan as your NAS then you will have full wire speed from your nas to pc.
Ta
------------------------------
TerrenceT Tibbs
Original Message:
Sent: 09-25-2021 04:26 PM
From: Thomas Holmberg
Subject: Newbe need help to get access to several Vlans on Instant on 1930 24G
Tnx for the info.
Ok so I have to setup same vlan on the router as well, got it.
And also check on I have to change IP range on each vlan.
Guess that mean I have to setup a dhcp for each vlan then on the router IF Im not going to use static IP?
Also mean I can turn off routing on the switch?
So I need a router that can manage 10Gbe throughput and I Will get that all the way?
------------------------------
Thomas Holmberg
Original Message:
Sent: 09-25-2021 11:27 AM
From: TerrenceT Tibbs
Subject: Newbe need help to get access to several Vlans on Instant on 1930 24G
they are all on 192.168.0 according to your post
Your router should be intervlan routing, so you would setup your vlans and firewall rules for your vlans on your router to pass or block vlans/devices.
You have all your vlans on the same subnet which won't work.
create seperate subnets for each vlan.
vlan10 192.168.10.1
vlan 20 192.168.20.1
etc etc
Leave WAN 2 alone and then keep your LANS for your vlans, your router will pass traffic from your WAN in to the vlans when you allow your firewall rules for WAN to all LANS etc.
If you route on the switch with static routes you will only be routing at around 800mbps if lucky which would be slower than routing through your router, as this switch won't route at 10 gig. You would be better running pfsense etc then you will router on a stick at 5-10Gbps depending on model hardware. If you want 10gig routing on the switch you need to go full layer 3 and thousands of dollars.
------------------------------
TerrenceT Tibbs
Original Message:
Sent: 09-25-2021 10:47 AM
From: Thomas Holmberg
Subject: Newbe need help to get access to several Vlans on Instant on 1930 24G
They are.
Skickat från min iPhone
Original Message:
Sent: 9/25/2021 10:19:00 AM
From: TT56
Subject: RE: Newbe need help to get access to several Vlans on Instant on 1930 24G
Your servers and cameras should be on the LAN side of your network not the WAN.
------------------------------
TerrenceT Tibbs
Original Message:
Sent: 09-17-2021 03:34 AM
From: Thomas Holmberg
Subject: Newbe need help to get access to several Vlans on Instant on 1930 24G
Hi,
The setup looks like:
Vlan | | | | |
| | | | |
1 | Router 1 | Wan 1 | 192.168.0.x | DHCP |
10 | Router 2 | Wan 2 | 192.168.2.x | DHCP |
20 | | Camera | 192.168.0.x | Static |
30 | | Servers | 192.168.0.x | Static |
40 | | Storage | 192.168.0.x | Static |
| | | | |
I want to accomplish below:
From one of the ports in the switch e.g port 10 I should be able to reach all Vlans. Also want to be able to let Vlan 20-40 to get IP from DHCP from Router 1.
Can this be fixed without ACL? Also how to make this happen?
------------------------------
Thomas Holmberg
------------------------------