Stack Exchange Network
Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
VLAN help (HP Switch)
First off, thank you all very much for taking the time to read my post, I am hoping for some help!
I was hoping to get some help with getting the configs right for my network switches. I don't believe my issue is directly related to the vlans in my pfSense setup, rather my network switches, but please let me know your thoughts.
To make it simple, I will only use two switches, and once this is working, I can make the same changes for the third switch. I'm pretty sure my issue is that I am not understanding vlan tagging properly, so I was looking for some guidance. The goal is to ultimately segment my network and get the vlans working properly. I have security cameras I would like to put on their own segment, as well as some Access points I would also like to setup guest access for my wireless network. I also have a VLAN setup for IOT devices.
Currently, I am just untagging all ports on all switches on my default vlan, and allowing all traffic through for everything, until I can get things working properly. I have been tinkering with things for awhile now, but can't seem to get it working.
======================================================================
Key information:
Router = pfSense All network switches = HP Procurve Switches (model 2530) one is a 24port GB switch, the other is 24port PoE.
I have a total of 5 vlans configured on all switches and in the router, the "default_vlan" is not being used (per best practice).
Here is the setup:
I am using a pfSense firewall and I have all vlans configured correctly on the router from what I can tell, the network interface from the firewall appliance is plugged into port 1 on switch01. Port 24 on switch01 is configured as a trunk port and is plugged into port 23 on switch02.
I will post the configs for both switches below, but wanted you to be aware of what the main ports are for. You will see below in the configs, but in my testing I just patched in a laptop to Port 1 on switch02 just to see if I can pull a dhcp address for it (only able to pull an IP from my default vlan). That particular vlan I was tinkering with is titled WIFI, so I just wanted to point out this out so there isn't any confusion, while you're looking at my config.
Here are the current configs for my switches, after I've made some additional changes. I do realize that I don't need to have the IP's listed in there for each vlan, and can remove them to simplify things further, but I wanted to put them in there just to test, and rule that out.
====================================================================== On the pfSense (router) side: ====================================================================== All VLans are configured in the VLANs section using the same VLAN tag, and even the description (although that shouldn't matter). While I do have additional NIC ports on my firewall, I am not physically segmenting this off at the moment, rather I am using the lan port interface for each of the vlans.
Here are a few questions I had, that may help me get a better understanding of what I'm missing:
I "presume" that the port that my router plugs into on switch01 should be a trunk port, but do all of the vlans need to be tagged (including the default vlan)? I currently have it setup so that the default vlan is untagged and all other vlans are tagged. I've tried changing this port to have all vlans being tagged (as I thought was the correct way), but then I lose connection to the internet on my main desktop that is plugged into a port on switch01 (not the laptop I'm testing on port1 above).
Same question as above for all trunk ports. So port 24 on switch01 that connects to port 23 on switch02 should be my trunk port, do all vlans here need to be tagged, because I currently have the default vlan untagged (this is the only way I can get traffic to pass to the second switch) and all other vlans are configured as just tagged.
The laptop that I'm using to test if I can pull a dhcp address on that is plugged into port 1 on switch02, should the default vlan be set to "no" and should I be just tagging that port on the WIFI vlan, or does the default vlan need to remain as untagged, while the WIFI vlan should be set to Tagged? My understanding is that you only want to tag the switch port on the vlan you want it to communicate with.
Apologies for these dumb questions, but I am having a difficult time getting things to work here. I have tried so many scenarios, but can't seem to get anything to work.
Thanks for any assistance on this! I really appreciate any help here!
- 2 Having the same IP address on two different switch interfaces is causing problems – Ron Trunk Commented May 24, 2019 at 14:48
- Rule of thumb: untag to your default vlan (e.g cctv camera on vlan 200 would have its port untagged vlan200). Trunk ports tag all VLANs. – Timothy Frew Commented May 24, 2019 at 18:09
First you should know that HP and Cisco use the term "trunk" differently. What HP calls a trunk, Cisco calls an Etherchannel (port aggregation).
I'll use the term in the Cisco sense (VLAN trunk) since you seem comfortable with that.
Trunk ports can have up to one untagged VLAN; all others must be tagged. You can, if you prefer, tag all VLANs on a trunk. The tagging configuration must match on both sides of the trunk link.
Devices like PCs, cameras, etc. do not understand VLAN tags. So a port that has a PC on it must have the desired VLAN untagged on that port. For example, if you want your camera on VLAN 200, you would have VLAN 200 untagged on the camera port.
Some devices such as IP phones do understand tags. Typically, the data VLAN is untagged, and the VoIP vlan is tagged.
You must log in to answer this question.
Not the answer you're looking for browse other questions tagged networking router switch pfsense ..
- The Overflow Blog
- Looking under the hood at the tech stack that powers multimodal AI
- Featured on Meta
- Join Stack Overflow’s CEO and me for the first Stack IRL Community Event in...
- User activation: Learnings and opportunities
Hot Network Questions
- Is there a way to hide/show seams on model?
- "First et al.", many authors with same surname, and IEEE citations
- Was the total glaciation of the world, a.k.a. snowball earth, due to Bok space clouds?
- Can you recommend a good book written about Newton's mathematical achievements?
- The graph of a continuous function is a topological manifold
- Why the simulator should be a PPT in simulation-based security?
- What's "jam" mean in "The room reeled and he jammed his head down" (as well as the sentence itself)?
- How to plausibly delay the creation of the telescope
- Confused about the uniform distribution of p-values under the null hypothesis
- Establishing Chirality For a 4D Person?
- Play the Final Fantasy Prelude
- What early 60s puppet show similar to fireball XL5 used the phrase "Meson Power?"
- Emergency belt repair
- Why did mire/bog skis fall out of use?
- Wondering about ancient methods of estimating the relative planetary distances
- Count squares in my pi approximation
- Determining Entropy in PHP
- Why are no metals green or blue?
- Why Doesn't the cooling system on a rocket engine burn the fuel?
- Fear of getting injured in Judo
- If a mount provokes opportunity attacks, can its rider be targeted?
- Removing undermount sink
- How to win a teaching award?
- If morality is real and has causal power, could science detect the moment the "moral ontology" causes a measurable effect on the physical world?
- Docs »
- pfSense® software »
- pfSense® software Configuration Recipes
- Give Feedback
Configuring Switches with VLANs ¶
This section provides guidance on configuring a few varieties of switches for use with VLANs. This offers generic guidance that will apply to most if not all 802.1Q capable switches, then goes on to cover configuration on specific switches from Cisco, HP, Netgear, and Dell.
This is the bare minimum configuration needed for VLANs to function, and it does not necessarily show the ideal secure switch configuration for any specific environment. An in depth discussion of switch security is outside the scope of this documentation.
Switch configuration overview ¶
Generally three or four things must be configured on VLAN capable switches:
Add/define the VLANs
Most switches have a means of defining a list of configured VLANs, and they must be added before they can be configured on any ports.
Configure the trunk port
The port to which the firewall running pfSense® software will be connected must be configured as a trunk port, tagging all possible VLANs on the interface.
Configure the access ports
Configure ports for internal hosts as access ports on the desired VLANs, with untagged VLANs.
Configure the Port VLAN ID (PVID)
Some switches require configuring the PVID for access ports. This specifies which VLAN to use for the traffic entering that switch port. For some switches this is a one step process, by configuring the port as an access port on a particular VLAN, it automatically tags traffic coming in on that port. Other switches require this to be configured in one or two places. Check the switch documentation for details if it is not one detailed in this chapter.
Cisco IOS based switches ¶
Configuring and using VLANs on Cisco switches with IOS is a fairly simple process, taking only a few commands to create and use VLANs, trunk ports, and assigning ports to VLANs. Many switches from other vendors behave similarly to IOS, and will use nearly the same if not identical syntax for configuration.
Create VLANs ¶
VLANs can be created in a standalone fashion, or using VLAN Trunk Protocol (VTP). Using VTP may be more convenient, as it will automatically propagate the VLAN configuration to all switches on a VTP domain, though it also can create its own security problems and open up possibilities for inadvertently wiping out the VLAN configuration.
With VTP, to add another VLAN it only needs to be configured on a single switch, and then all other trunked switches in the group can assign ports to that VLAN. If VLANs are configured independently, they must be added to each switch by hand. Refer to Cisco’s documentation on VTP to ensure a secure configuration use used, and that it is not prone to accidental destruction.
In a network with only a few switches where VLANs do not change frequently, VTP may be overkill and avoiding it will also avoid its potential downfalls.
Standalone VLANs ¶
To create standalone VLANs:
VTP VLANs ¶
To setup a switch for VTP and VLANs, create a VTP database on the master switch and then create two VLANs:
Configure Trunk Port ¶
For handing off VLANS to pfSense software a switch port not only has to be in trunk mode, but also must be using 802.1q tagging. This can be done like so:
On some newer Cisco IOS switches, the Cisco-proprietary ISL VLAN encapsulation method is deprecated and no longer supported. If a switch does not allow the encapsulation dot1q configuration option, it only supports 802.1Q and the encapsulation does not need to be specified.
Add Ports to the VLAN ¶
To add ports to these VLANs, assign them as follows:
Cisco CatOS based switches ¶
Creating VLANs on CatOS is a little different, though the terminology is the same as using VLANs under IOS. Standalone VLANs and VTP are both possible to maintain the VLAN database:
Then configure a trunk port to automatically handle every VLAN:
Then add ports to the VLAN:
HP ProCurve switches ¶
HP ProCurve switches only support 802.1q trunking, so no configuration is needed for encapsulation. First, ssh or telnet into the switch and bring up the management menu.
Enable VLAN Support ¶
First, VLAN support needs to be enabled on the switch if it is not already:
Choose Switch configuration
Choose Advanced Features
Choose VLAN Menu…
Choose VLAN Support
Set Enable VLANs to Yes if it is not already, and choose a number of VLANs. Each time this value is changed the switch must be restarted, so ensure it is large enough to support as many VLANs as necessary.
Restart the switch to apply the changes.
Before the VLANs can be assigned to ports, The VLANs must be created. At the switch configuration menu:
Choose VLAN Names
Enter the VLAN ID , 10
Enter the name , DMZ
Choose Save
Repeat the steps from Add to Save for any remaining VLANs
Assigning Trunk Ports to VLANs ¶
Next, configure the trunk port for the firewall as well as any trunk ports going to other switches containing multiple VLANs.
Choose VLAN Port Assignment
Choose Edit
Find the port to assign
Press space on Default VLAN until it shows No
Move over to the column for each of the VLANs on this trunk port, and Press space until it shows Tagged . Every VLAN in use must be tagged on the trunk port.
Assigning Access Ports to VLANs ¶
Move over to the column for the VLAN to which this port will be assigned
Press space until it shows Untagged .
Netgear Managed Switches ¶
This example is on a GS108Tv1, but other Netgear models are all very similar if not identical. There are also several other vendors including Zyxel who sell switches made by the same manufacturer, using the same web interface with a different logo. Log into the web interface of the switch to start.
Planning the VLAN configuration ¶
Before configuring the switch, several items are required:
The number of VLANs to be configured
The IDs to use for the VLANs
How each switch port needs to be configured
For this example, an 8 port GS108Tv1 is used, and it will be configured as shown in Table Netgear GS108T VLAN Configuration .
Switch port | VLAN mode | VLAN assigned |
|---|---|---|
1 | trunk | and , tagged |
2 | access | untagged |
3 | access | untagged |
4 | access | untagged |
5 | access | untagged |
6 | access | untagged |
7 | access | untagged |
8 | access | untagged |
Enable 802.1Q VLANs ¶
To configure the switch to use 802.1Q VLAN trunking:
Navigate to the System menu on the left side of the page
Click VLAN Group Setting , as indicated in Figure VLAN Group Setting .
VLAN Group Setting ¶
Select IEEE 802.1Q VLAN (Figure Enable 802.1Q VLANs ).
Click OK to confirm the switch to 802.1Q trunking, as shown in Figure Confirm change to 802.1Q VLAN .
Confirm change to 802.1Q VLAN ¶
After clicking OK, the page will refresh with the 802.1Q VLAN configuration as shown in Figure Default 802.1Q Configuration .
Default 802.1Q Configuration ¶
Add VLANs ¶
For this example, two VLANs are added with IDs 10 and 20 .
To add a VLAN:
Click the VLAN Management drop down
Click Add New VLAN as shown in Figure Add New VLAN .
Add New VLAN ¶
Enter the VLAN ID for this new VLAN, such as 10
Click Apply . The VLAN screen is now ready to configure VLAN 10 (Figure Add VLAN 10 ).
Click Add New VLAN again as shown in Figure Add New VLAN to add VLAN 20 (Figure Add VLAN 20 ).
Add VLAN 10 ¶
Add VLAN 20 ¶
Add as many VLANs as needed, then continue to the next section.
Configure VLAN tagging ¶
When a VLAN is selected from the VLAN Management drop down, it shows how that VLAN is configured on each port:
A blank box means the port is not a member of the selected VLAN.
A box containing T means the VLAN is sent on that port with the 802.1Q tag.
U indicates the port is a member of that VLAN and it leaves the port untagged.
The trunk port must have both VLANs added and tagged.
Do not change the configuration of the port being used to access the web interface of the switch! This will lock the administrator out of the switch. The only means of recovery on the GS108Tv2 is using the reset to factory defaults button since it does not have a serial console. For the switches that have serial consoles, keep a null modem cable handy in case network connectivity with the switch is lost. Configuring the management VLAN is covered later in this section.
Click in the boxes beneath the port number as shown in Figure ref: figure-toggle-vlan-membership to toggle between the three VLAN options.
Toggle VLAN Membership ¶
Configure VLAN 10 membership ¶
Figure Configure VLAN 10 Membership shows VLAN 10 configured as outlined in Table table-netgear-gs108t-vlan-configuration . The access ports on this VLAN are set to untagged while the trunk port is set to tagged.
Configure VLAN 10 Membership ¶
Configure VLAN 20 membership ¶
Select 20 from the VLAN Management drop down to configure the port memberships for VLAN 20 .
Configure VLAN 20 Membership ¶
Change PVID ¶
On Netgear switches, in addition to the previously configured tagging settings, the PVID must also be configured to specify the VLAN used for frames entering a port:
Select PVID from the VLAN Management drop down as shown in Figure PVID Setting .
PVID Setting ¶
The default PVID setting is VLAN 1 for all ports as shown in Figure Default PVID Configuration .
Default PVID Configuration ¶
Change the PVID for each access port, but leave the trunk port and port used to access the switch management interface set to 1 .
Figure VLAN 10 and 20 PVID Configuration shows the PVID configuration matching the port assignments shown in Table Netgear GS108T VLAN Configuration , with port 8 being used to access the switch management interface.
VLAN 10 and 20 PVID Configuration ¶
Apply changes when finished
Remove VLAN 1 configuration ¶
By default, all ports are members of VLAN 1 with untagged egress frames. To remove VLAN 1 from the other ports:
Select 1 (Default) from the VLAN Management drop down
Remove VLAN 1 from all ports except the one used to manage the switch and the trunk port, to avoid being disconnected.
In this example, port 8 is used to manage the switch. When finished, the screen will look like Figure Remove VLAN 1 Membership .
Remove VLAN 1 Membership ¶
Verify VLAN functionality ¶
Configure VLANs on pfSense, including the DHCP server on the VLAN interfaces if needed. Plug systems into the configured access ports and test connectivity. If everything works as desired, continue to the next step. If things do not work as intended, review the tagging and PVID configuration on the switch, and the VLAN configuration and interface assignments on pfSense software.
Dell PowerConnect managed switches ¶
The management interface of Dell switches varies slightly between models, but the following procedure will accommodate most models. The configuration is quite similar in style to Cisco IOS.
First, create the VLANs:
Next, setup a trunk port:
Finally, add ports to the VLANs:
/ 5 Download
Omada 48-Port Gigabit L2+ Managed Switch with 4 SFP Slots
- 48× Gigabit RJ45 ports and 4× Gigabit SFP slots
- Centralized cloud management via the web or the Omada app †
- Standalone management via web, CLI, SNMP, and RMON
- Static Routing helps route internal traffic for higher efficiency
- VLAN, ACL, QoS, and IGMP Snooping
- ERPS supports rapid protection and recovery in a ring topology
- Fanless design for silent operation
- Durable metal casing and rackmountable design
Learn more about Omada Cloud SDN>
- Build Features
- Specifications
48× Gigabit RJ45 Ports, 4× Gigabit SFP Slots
Fanless Design for Silent Operation
Centralized Management †
Omada App †
Zero-Touch Provisioning †
Ethernet Ring Protection Switching
Static Routing
Traffic Separation
Software Defined Networking (SDN) with Cloud Access
Remotely manage your access points, switches, and gateways across multiple sites all from a single interface.
Omada Access Points
Omada Switches
Omada Gateways
Unified Managment Interface
Controllers
Cloud Access
| HARDWARE FEATURES | |
|---|---|
| Interface | • 48× 10/100/1000 Mbps RJ45 Ports (Auto-Negotiation/Auto MDI/MDIX)• 4× 100/1000 Mbps SFP Slots• 1× RJ45 Console Port• 1× Micro-USB Console Port |
| Fan Quantity | Fanless |
| Physical Security Lock | √ |
| Power Supply | 100-240 V AC~50/60 Hz |
| Dimensions ( W x D x H ) | 17.3×8.7×1.7 in (440×220×44 mm) |
| Mounting | Rack Mountable |
| Max Power Consumption | 34.86 W (220 V/ 50 Hz) |
| Max Heat Dissipation | 118.94 BTU/h (220 V / 50 Hz) |
| PERFORMANCE | |
|---|---|
| Switching Capacity | 104 Gbps |
| Packet Forwarding Rate | 77.38 Mpps |
| MAC Address Table | 16 K |
| Packet Buffer Memory | 12 Mbit |
| Jumbo Frame | 9 KB |
| SOFTWARE FEATURES | |
|---|---|
| Quality of Service | • 8 priority queues• 802.1p CoS/DSCP priority• Queue scheduling: SP (Strict Priority), WRR (Weighted Round Robin), SP+WRR• Bandwidth Control: Port/Flow based Rating Limiting• Smoother Performance• Action for Flows: QoS remark (802.1P Remark, DSCP Remark) |
| L2 and L2+ Features | • 32 IP Interfaces: Support IPv4/IPv6 Interface• Static Routing: 48 IPv4/IPv6 Static Routes• Static ARP: 128 static entries• 316 ARP Entries• Proxy ARP• Gratuitous ARP• DHCP Server• DHCP Relay: DHCP Interface Relay, DHCP VLAN Relay• DHCP L2 Relay• Link Aggregation• Spanning Tree Protocol• Loopback Detection• 802.3x Flow Control• Mirroring• Device Link Detect Protocol (DLDP) |
| L2 Multicast | • Supports 511 (IPv4, IPv6) IGMP groups• IGMP Snooping• IGMP Authentication• Multicast VLAN Registration (MVR)• MLD Snooping• Multicast Filtering: 256 profiles and 16 entries per profile |
| Advanced Features | • Automatic Device Discovery • Batch Configuration • Batch Firmware Upgrading • Intelligent Network Monitoring • Abnormal Event Warnings • Unified Configuration • Reboot Schedule *:• L2PT (Layer 2 Protocol Tunneling) • Device Link Detect Protocol (DLDP)• PPPoE ID Insertion• ERPS |
| VLAN | • VLAN Group: Max 4K VLAN Groups• 802.1q Tagged VLAN• MAC VLAN: 48 Entries• Protocol VLAN: Protocol Template 16, Protocol VLAN 16• Private VLAN• GVRP• VLAN VPN (QinQ): Port-Based QinQ; Selective QinQ• Voice VLAN |
| Access Control List | • Time-based ACL• MAC ACL: Source MAC, Destination MAC, VLAN ID, User Priority, Ether Type• IP ACL: Source IP, Destination IP, Fragment, IP Protocol, TCP Flag, TCP/UDP Port, DSCP/IP TOS, User Priority• Combined ACL• Packet Content ACL• IPv6 ACL• Policy: Mirroring, Redirect, Rate Limit, QoS Remark• ACL apply to Port/VLAN |
| Security | • IP-MAC-Port Binding - 512 Entries - DHCP Snooping - ARP Inspection - IPv4 Source Guard: 100 Entries• IPv6-MAC-Port Binding - 512 Entries - DHCPv6 Snooping - ND Detection - ND Snooping - IPv6 Source Guard: 100 Entries• DoS Defend• DHCP Filter• Static/Dynamic Port Security: Up to 64 MAC addresses per port• Broadcast/Multicast/Unicast Storm Control: kbps/ratio/pps control mode• 802.1X- Port-based authentication- Mac-base authentication- VLAN Assignment- MAB- Guest VLAN- Radius authentication and accountability support • AAA (including TACACS+)• Port Isolation• Secure web management through HTTPS with SSLv3/TLS 1.2• Secure Command Line Interface (CLI) management with SSHv1/SSHv2• IP/Port/MAC-based access control |
| IPv6 | • IPv6 Dual IPv4/IPv6• Multicast Listener Discovery (MLD) Snooping• IPv6 ACL• IPv6 Interface• Static IPv6 Routing• IPv6 neighbor discovery (ND)• Path maximum transmission unit (MTU) discovery• Internet Control Message Protocol (ICMP) version 6• TCPv6/UDPv6• IPv6 applications: DHCPv6 Client, Ping6, Tracert6, Telnet (v6), IPv6 SNMP, IPv6 SSH, IPv6 SSL, Http/Https, IPv6 TFTP |
| MIBs | • MIB II (RFC1213)• Bridge MIB (RFC1493)• P/Q-Bridge MIB (RFC2674)• Radius Accounting Client MIB (RFC2620)• Radius Authentication Client MIB (RFC2618)• Remote Ping, Traceroute MIB (RFC2925)• Support TP-Link private MIBs• RMON MIB(RFC1757, rmon 1,2,3,9) |
| MANAGEMENT | |
|---|---|
| Omada App | Yes. Requiring the use of Omada Hardware Controller, Omada Cloud-Based Controller, or Omada Software Controller. |
| Centralized Management | • Omada Cloud-Based Controller• Omada Hardware Controller• Omada Software Controller |
| Cloud Access | Yes. Requiring the use of Omada Hardware Controller, Omada Cloud-Based Controller, or Omada Software Controller. |
| Zero-Touch Provisioning | Yes. Requiring the use of Omada Cloud-Based Controller. |
| Management Features | • Web-based GUI• Command Line Interface (CLI) through console port, telnet• SNMPv1/v2c/v3- Trap/Inform- RMON (1, 2, 3, 9 groups)• SDM Template• DHCP/BOOTP Client• 802.1ab LLDP/LLDP-MED• DHCP AutoInstall• Dual Image, Dual Configuration• CPU Monitoring• Cable Diagnostics• EEE• Password Recovery• SNTP• System Log |
| OTHERS | |
|---|---|
| Certification | CE, FCC, RoHS |
| Package Contents | • SG3452 Switch• Power Cord• Quick Installation Guide• Rackmount Kit• Rubber Feet |
| System Requirements | Microsoft® Windows® 98SE, NT, 2000, XP, Vista™ or Windows 7/8/10/11, MAC® OS, NetWare®, UNIX® or Linux. |
| Environment | • Operating Temperature: 0–40 ℃ (32–104 ℉);• Storage Temperature: -40–70 ℃ (-40–158 ℉)• Operating Humidity: 10–90% RH non-condensing• Storage Humidity: 5–90% RH non-condensing |
† These functions require the use of the Omada SDN Controller. Zero-Touch Provisioning requires the use of the Omada Cloud-Based Controller. Go to the Omada Cloud-Based Controller Product List to find all the models supported by the Omada Cloud-Based Controller.
*ISP features can only be configured in standalone mode.
We have updated our Policies. Read Privacy Policy and Terms of Use here. This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or
Configuring or changing static VLAN per-port settings (CLI)
This command, used with the options listed below, changes the name of an existing static VLAN and the per-port VLAN membership settings.
You can use these options from the configuration level by beginning the command with vlan <vid> , or from the context level of the specific VLAN by just entering the command option.
Configures the indicated port as Tagged for the specified VLAN. The no version sets the port to either No or (if GVRP is enabled) to Auto .
Configures the indicated port as Untagged for the specified VLAN. The no version sets the port to either No or (if GVRP is enabled) to Auto .
Used in port-based VLANs, configures <port-list> as forbidden to become a member of the specified VLAN, as well as other actions. Does not operate with option not allowed protocol VLANs. The no version sets the port to either No or (if GVRP is enabled) to Auto . See GVRP .
Available if GVRP is enabled on the switch. Returns the per-port settings for the specified VLAN to Auto operation. Auto is the default per-port setting for a static VLAN if GVRP is running on the switch. For information on dynamic VLAN and GVRP operation, see GVRP .
Changing the VLAN name and set ports to tagged
Suppose that there is a VLAN named VLAN100 with a VID of 100 and all ports are set to No for this VLAN. To change the VLAN name to Blue_Team and set ports A1 - A5 to Tagged, use the following commands:
Moving the context level
To move to the vlan 100 context level and execute the same commands:
Changing tagged ports
Similarly, to change the tagged ports in the above examples to No (or Auto , if GVRP is enabled), use either of the following commands.
At the global config level, use:
At the VLAN 100 context level, use:
You cannot use these commands with dynamic VLANs. Attempting to do so displays the message VLAN already exists with no change.
IMAGES
VIDEO
COMMENTS
Port-based VLAN port assignment screen in the menu interface. NOTE: The "VLAN Port Assignment" screen displays up to 32 static, port-based VLANs in ascending order, by VID. If the switch configuration includes more than 32 such VLANs, use the following CLI command to list data on VLANs having VIDs numbered sequentially higher than the first 32 ...
To change a port's VLAN assignment: Press E (for Edit). Use the arrow keys to select a VLAN assignment you want to change. Press the Space bar to make your assignment selection (No, Tagged, Untagged , or Forbid. If you are finished assigning ports to VLANs, press Enter and then S (for Save) to activate the changes and return to the ...
The show vlans command lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. HP Switch(config)#: show vlans 22. Status and Counters - VLAN Information - VLAN 22. VLAN ID : 33.
Learn how to configure HP switches for VLANs and tag / untag ports for different devices and wireless networks. See examples, explanations and tips from Spiceworks Community members.
HP routing switches support up to 4,096 port-based VLANs with a default of 8. Protocol-based VLANs By supporting the grouping of like protocols, protocol-based VLANs reduce the number of non-essential ... HP routing switches can support the assignment of VLANs, a switch capability, as well as route between VLANs. Given this, the user is able to ...
Tutorial HP Switch - Configure VLAN using the command line. Learn how to do an HP Switch Vlan configuration using the command-line, by following this simple step-by-step tutorial, you will be able to create a new Vlan and associate a Switch port to a specific Vlan.
Tutorial HP Switch - Vlan configuration [ Step by step ] Learn how to do an HP Switch Vlan configuration using the web interface, by following this simple step-by-step tutorial, you will be able to create a new Vlan and associate a Switch port to a specific Vlan.
The commands above configure port-based VLAN 1. The VLAN has one untagged port (1/1) and a tagged port (1/8). In this example, all three VLANs contain port 1/8 so the port must be tagged to allow the port to be in multiple VLANs. You can configure VLANs to share a Layer 3 protocol interface regardless of tagging.
By default all managed switches (its a requirement) that support vlans come preconfigured with all ports on vlan 1. You will want to create a new vlan, lets say vlan ID of 10 on all switches where you want to extend the BYOD devices to. On all of the switch to switch links you will want to set them to trunk mode and tag vlans 1 and 10 on those ...
if configuring a protocol VLAN. If configuring a port-based VLAN, activity would be moved to the global level. EXAMPLE: HP9300(config-vlan-decnet-proto)# exit HP9300(config)# Syntax: exit Possible values: N/A Default value: N/A ip-proto Creates an IP protocol VLAN on a switch or routing switch within a port-based VLAN, when entered at the VLAN ...
The use of VLANs on a switch offers the possibility to increase the network security level through segmentation.This video will demonstrate how to configure ...
Displays detailed VLAN membership information on a per-port basis. Descriptions of items displayed by the command are: Port name. The user-specified port name, if one has been assigned. VLAN ID. The VLAN identification number, or VID. Name. The default or specified name assigned to the VLAN.
Below is my config. I need to add a few more VLANs. I am connecting the switches together on port 49 but I am unsure how if I tag or untag as I am used to cisco. Here is my configure hostname "HP-2530-48G-PoEP" ip default-gateway 192.98..1 snmp-server community "public" unrestricted vlan 1 name "DEFAULT_VLAN" no untagged 19,21,48 untagged 1-18,20,22-47,49-52 ip address 192.192.15.1 255.255 ...
Using the menu command and running through the menu system is the easiest for beginners. From the main menu (">" means enter): 2. Switch Configuration > 8. VLAN > 3. VLAN Port Assignment > Edit >. Find the port and vLan, space until it reads as you want. > to finish, Save >. To do it through the CLI:
4. First you should know that HP and Cisco use the term "trunk" differently. What HP calls a trunk, Cisco calls an Etherchannel (port aggregation). I'll use the term in the Cisco sense (VLAN trunk) since you seem comfortable with that. Trunk ports can have up to one untagged VLAN; all others must be tagged.
Returns the per-port settings for the specified VLAN to Auto operation. Auto is the default per-port setting for a static VLAN if GVRP is running on the switch. Changing the VLAN name and set ports to tagged. Suppose there is a VLAN named VLAN100 with a VID of 100, and all ports are set to No for this VLAN.
A list of basic commands for HP switches, such as config, flash, event log, PoE, ports, security, show, SNMPv3 and VLANs. See examples, notes and references for each command.
Learn how to configure switches from Cisco, HP, Netgear, and Dell for use with VLANs and pfSense software. See examples of VLAN creation, trunk port configuration, and access port assignment for different switch models.
Multiple MACs on the same port is likely to be an unmanaged switch on the other end with multiple devices connected to it. Especially in an OT environment. If you're comfortable with Linux, take a look at nedi if you want a way to centrally manage those procurves (assuming that they're "real" procurves and not 3com descendants) 1. chevelle_dude.
You need to add a default route for IP traffic. Issue the following command: ip route 0.0.0.0 0.0.0.0 10.1.10.1. I am assuming 10.1.10.1 because the address you gave for the Test3 gateway in the description was not on the same network as the switch interface: "The Test3 network does have internet access with a gateway of 10.0.10.1".
• Static/Dynamic Port Security: Up to 64 MAC addresses per port • Broadcast/Multicast/Unicast Storm Control: kbps/ratio/pps control mode • 802.1X - Port-based authentication - Mac-base authentication - VLAN Assignment - MAB - Guest VLAN - Radius authentication and accountability support • AAA (including TACACS+) • Port Isolation
When you configure the voice VLAN assignment modes, follow these guidelines: If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X authentication and any of the guest VLAN, Auth-Fail VLAN, and critical VLAN features, assign different VLAN IDs to the voice VLAN, PVID of the connecting port, and 802.1X guest, Auth-Fail, or critical VLAN.
You can monitor ARP packets for a specific VLAN on a DHCP-snooping trusted port of a managed FortiSwitch unit and save the VLAN ID, MAC addresses, and IP addresses in the DHCP-snooping database. 964518. Selective Subnet Assignment is now supported in IPAM.
Available if GVRP is enabled on the switch. Returns the per-port settings for the specified VLAN to Auto operation. Auto is the default per-port setting for a static VLAN if GVRP is running on the switch. For information on dynamic VLAN and GVRP operation, see GVRP.