You are here

trouble with config on HP ProCurve 2650

10 posts / 0 new
Last post
KD7VEA
trouble with config on HP ProCurve 2650
I am trying to set up my ProCurve 2650 and things arent adding up right.  I looked at one of the other models specs here on this site to see how they are being configured, and tried to modify it to my needs.  here is my physical port assignments
port 2 PC
port 47 Nanostation running DHCP server
port 48 Rocket dish with NAT 192.168.0.200
port 49 Wan connection to router

I want to use ports 40-46 as lan ports for the nanostation on port 47.
I want to DTD the 2 units on ports 47-48.
I want a WAN connection to port 48.


I first create VLAN 4 and set it as the Primary Vlan to move the Primary off of VLan 1.
I set up VLan 1 with 1-39, and 49-50 as untsagged, and ports 40-48 as tagged.

I set VLan 2 to tagged on 47-48.

from everything I've seen, this should work, but I don't have a wan connection until I add port 48(the rocket dish that I want my Wan on) to the untagged vlan 1 at this point I will have a wan connection, but everything I have seen show that the WAN connection should be on untagged VLan 1 and the nodes and node lans should be on tagged VLan 1.  is this correct?  it appears to work, I have downloaded packages off of the internet with this configuration.  I would appreciate any info I can get, Thanks
Jake

 
AE6XE
AE6XE's picture
Not entirely sure I
Not entirely sure I understand your setup, but I'll restate a bit how I would typically setup:

VLan 1 with 1-39:     VLAN 1 should only be on ports 47, 48, and 49 and any other port with a mesh node on it.     leave tags on departing out to the mesh nodes, port 48 and 49.  untag departing out port 49 to a typical home network.  port 49 default or PVID should be set to vlan 1.
VLan 2 to tagged on 47-48:    Yes, vlan 2 only on these ports and leave tags on departing these ports.
vlan 10:   Could be the NanoStation LAN network for devices.  vlan10 only on ports 40 to 47.  untag departing out ports 40 to 47.    The PVID or default on these ports should also be vlan 10. 
vlan 11:   Could be the Rocket LAN network for devices receiving an IP from this node.  untag on port 48, and any other designated port (could only be this one to insure the packets don't go somewhere unintended).  The PVID or default on these ports should also be vlan 11

Any other ports on the switch that are not included in the above configuration could stay with vlan 4 default.  The above configured ports should not have vlan 4 known on the ports. 

Joe AE6XE

 
KD7VEA
AE6XE, Thanks for the
AE6XE, Thanks for the response.  It looks like my biggest problem is that I was adding the untagged Vlan1 to all of the ports except for 40-48 (40-46 are the Nanostation Lan ports, 47 is the nanostation, and 48 is the rocket dish)  I will reconfigure everything tonight and post my findings.
KD7VEA
AE6XE as I am trying to

AE6XE as I am trying to reconfigure my switch I noticed something that looks like it was a typo.  You posted  

VLan 1 with 1-39:     VLAN 1 should only be on ports 47, 48, and 49 and any other port with a mesh node on it.     leave tags on departing out to the mesh nodes, port 48 and 49.  untag departing out port 49 to a typical home network.  port 49 default or PVID should be set to vlan 1
 
you dont list port 47 as tagged or untagged, should that have been 47 and 48 tagged, and 49 untagged?
 

AE6XE
AE6XE's picture
Ah, yes a typo.  You have it
Ah, yes a typo.  You have it correct.  The mesh nodes have to see the vlan 1 tag (as they are networking devices and are configured to know vlan 1 as their WAN virtual network interface).  Your home network LAN and devices need packets untagged.  The general non-router/switch device is unaware of vlan tags. 
KD7VEA
I've still got a problem here

I've still got a problem here.  let me lay this out to see if you guys can spot my issue.
port 2 -> to my desktop
port 47 -> to my nanostation node with DHCP server turned on
ports 40-46 -> lan ports for nanostation on port 47
port 48 -> to my nat node with address of 192.168.0.200
port 49 -> to my router/modem/wifi switch/internet connection. 

I will paste the config below, this looks like it should work, but I am loosing access to my nodes with this configuration.  my computer on port 2, and my laptop connected to wifi can no longer access my nodes.  I am setting vlan 4 as the primary-vlan.  what am I doing wrong here?





 

AE6XE
AE6XE's picture
The desktop on port 2 is in
The desktop on port 2 is in vlan4.  This vlan isn't associated with any of the ports with mesh nodes or your home internet.  Add port 2 to vlan 10 (untagged) and remove port 2 from vlan 4 -- it will get an IP address from the meshnode on vlan 10 and be able to communicated to everything on the mesh network.

Your wifi and home network is blocked from gaining access into the mesh network by design, but mesh devices can reach out to the internet (checking the gateway box in setup for the WAN).

All the ports 1-39, 50 currently are a separate network and would need a DHCP server on one of these ports to issue IP addresses.  Maybe they should be moved to vlan 1 (untagged) to be devices on your home network, or could be added to vlan 10 on the mesh.

Joe AE6XE 
KE4AHR
Cripes, talk about a headache

Cripes, talk about a headache.

port 2 PC
port 47 Nanostation running DHCP server
port 48 Rocket dish with NAT 192.168.0.200
port 49 Wan connection to router

I want to use ports 40-46 as lan ports for the nanostation on port 47. I want to DTD the 2 units on ports 47-48. I want a WAN connection to port 48.

I first create VLAN 4 and set it as the Primary Vlan to move the Primary off of VLan 1. I set up VLan 1 with 1-39, and 49-50 as untsagged, and ports 40-48 as tagged.

I set VLan 2 to tagged on 47-48.


First you have to move the switch default vlan to something other than 1. I recommend picking something higher up like 100, 1000, or 4000.

And I moved your PC to port 3.

max-vlans 50
no web-management
hostname "myfineswitch"
broadcast-limit 50
primary-vlan 1000
# this is the management LAN above

vlan 1000
    name "Management VLAN"
    ip address 10.10.10.10 255.255.255.0
    untagged 1
    tagged 2
    exit
vlan 1
    name "AREDN WAN"
    untagged 49
    tagged 2,48
    exit
vlan 2
    name "AREDN DtD"
    tagged 2,47-48
    no untagged 1-50
    exit
vlan 3
    name "AREDN LAN"
    untagged 40-47
    tagged 2



Now:
  1. Port 1 / VLAN1000 is used for untagged managment and control of the ethernet switch.
  2. The DtD connection works across the tagged ports of 47-48.
  3. Port 48 / Rocket has a WAN connection on VLAN 1 as required by AREDN.
  4. Ports 40-47 are untagged for the AREDN LAN provided by Port 47, Nanostation.
And you didn't say what network you expect your desktop to be on.
  • If you add port 3 to AREDN LAN (vlan 3), then you will have access to the inside of the mesh.
  • If you add port 3 to AREDN WAN (vlan 1), then you will have access to the network provided by the upstream router, but you will not be able to access the inside of the mesh, only the configuration and control pages of the Rocket on Port 48. Also, the mesh network will have unfettered access to your desktop, just like they were on the home network with it.
Which wireless network is your laptop connecting to?
KD7VEA
Okay, that makes sense.   I
Okay, that makes sense.   I need to rework my network install.  I do know why I didnt think of that earlier.  I am going from my modem ->router->WiFi switch->procurve. I need to place the WiFi switch coming from the procurve into the switch and give the WiFi switch port access the the appropriate Vlans so that the WiFi has access to everything.  Thanks 
AE6XE
AE6XE's picture
Yes, that's what I do.    I
Yes, that's what I do.    I push all the tagged vlans to my wireless cisco controller and then have wireless SSIDs for each network -- mesh, home A,  home B, guest. 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer