hp switch vlan port assignment

VLAN Configuration

VLANs provide a method for segmenting a network into related groups, improving the efficiency of traffic flow, and limiting the propagation of multicast and broadcast messages. On an individual switch, traffic between VLANs is blocked unless the VLANs are connected by a router, increasing security.

Quick Scroll to:

• Access the VLAN Configuration page from HP TopTools

Access the VLAN Configuration page using the Web Agent

Enable vlans, rename a vlan, remove a vlan, modify port vlan configuration, devices supported:.

• HP ProCurve Switch 8000M, 4000M, 1600M, 2424M, and 2400M with software update C.08.XX.

Note: If a switch is a Commander, the stack options will appear at the top of the page. 

Note: When multiple VLANs exist on a switch, only one VLAN can be untagged for each port. When you first add a VLAN to a switch, the default setting on that VLAN is No for all ports, indicating that no ports are members of this VLAN. Using the Web browser interface, if you then reconfigure a port to Untagged for a new VLAN while there is an Untagged setting on another VLAN for the same port, the switch automatically reconfigures the other VLAN setting to No . For example, if you configure Port A1 as Untagged for the 2nd VLAN, then the switch automatically reconfigures DEFAULT_VLAN for port A1 to No . 

Access the VLAN Configuration Page from HP TopTools

• Click on the Devices button in the navigation frame.
• Select Device Types from the menu.
• Select Networking Devices .
• Double-click on the device in the device list.
• In the Status page click on the Configuration tab. The device's configuration page displays.
• Select the VLAN Configuration button. The VLAN Configuration page displays.
• Click on the Configuration tab.

To enable VLANs, click the VLANs Enabled radio button at the bottom of the table in the VLAN Configuration page. 

If you change the current setting, you need to reboot the switch to effect the change. You will be prompted for the reboot.

• Click on the Add/Remove VLANs button at the bottom of the table in the VLAN Configuration page. The Add/Remove VLAN page displays. 
• Enter a name for the new VLAN in VLAN Name field below the Current VLAN Definitions list box.
• Enter the 802.1Q ID (an unused number between 1 and 4094) in the field labeled 802.1Q VLAN ID .
• Click on the Add VLAN button. The VLAN appears in the Current VLAN Definitions box. 
• Click on the Add/Remove VLANs button at the bottom of the table in the VLAN Configuration page. The Add/Remove VLAN page displays.
• Select the VLAN to be renamed from the Current VLAN Definitions list. 
• Enter a name for the selected VLAN in the New VLAN Name field.
• Click on the Rename Selected VLAN button to save the new name.
• Select the VLAN to remove from the Current VLANS box.
• Click on the Remove Selected VLAN button.
• Confirm removal of the VLAN.

To modify ports in a VLAN:

• In the VLAN table, click on the Modify button for the VLAN whose ports you want to modify. The  Modify Port VLAN Configuration page displays.
• Select the port to be modified.
• Select the Mode , for example, Tagged .  
• Click on the Apply button. 

The modes are:

• Tagged - Each tagged VLAN has a unique VLAN ID (VID). You can configure multiple tagged VLANs on the same port.
• Untagged - The switch allows one untagged VLAN per port.
• No - The port is not a member of that VLAN.

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

VLAN help (HP Switch)

First off, thank you all very much for taking the time to read my post, I am hoping for some help!

I was hoping to get some help with getting the configs right for my network switches. I don't believe my issue is directly related to the vlans in my pfSense setup, rather my network switches, but please let me know your thoughts.

To make it simple, I will only use two switches, and once this is working, I can make the same changes for the third switch. I'm pretty sure my issue is that I am not understanding vlan tagging properly, so I was looking for some guidance. The goal is to ultimately segment my network and get the vlans working properly. I have security cameras I would like to put on their own segment, as well as some Access points I would also like to setup guest access for my wireless network. I also have a VLAN setup for IOT devices.

Currently, I am just untagging all ports on all switches on my default vlan, and allowing all traffic through for everything, until I can get things working properly. I have been tinkering with things for awhile now, but can't seem to get it working.

======================================================================

Key information:

Router = pfSense All network switches = HP Procurve Switches (model 2530) one is a 24port GB switch, the other is 24port PoE.

I have a total of 5 vlans configured on all switches and in the router, the "default_vlan" is not being used (per best practice).

Here is the setup:

I am using a pfSense firewall and I have all vlans configured correctly on the router from what I can tell, the network interface from the firewall appliance is plugged into port 1 on switch01. Port 24 on switch01 is configured as a trunk port and is plugged into port 23 on switch02.

I will post the configs for both switches below, but wanted you to be aware of what the main ports are for. You will see below in the configs, but in my testing I just patched in a laptop to Port 1 on switch02 just to see if I can pull a dhcp address for it (only able to pull an IP from my default vlan). That particular vlan I was tinkering with is titled WIFI, so I just wanted to point out this out so there isn't any confusion, while you're looking at my config.

Here are the current configs for my switches, after I've made some additional changes. I do realize that I don't need to have the IP's listed in there for each vlan, and can remove them to simplify things further, but I wanted to put them in there just to test, and rule that out.

====================================================================== On the pfSense (router) side: ====================================================================== All VLans are configured in the VLANs section using the same VLAN tag, and even the description (although that shouldn't matter). While I do have additional NIC ports on my firewall, I am not physically segmenting this off at the moment, rather I am using the lan port interface for each of the vlans.

Here are a few questions I had, that may help me get a better understanding of what I'm missing:

I "presume" that the port that my router plugs into on switch01 should be a trunk port, but do all of the vlans need to be tagged (including the default vlan)? I currently have it setup so that the default vlan is untagged and all other vlans are tagged. I've tried changing this port to have all vlans being tagged (as I thought was the correct way), but then I lose connection to the internet on my main desktop that is plugged into a port on switch01 (not the laptop I'm testing on port1 above).

Same question as above for all trunk ports. So port 24 on switch01 that connects to port 23 on switch02 should be my trunk port, do all vlans here need to be tagged, because I currently have the default vlan untagged (this is the only way I can get traffic to pass to the second switch) and all other vlans are configured as just tagged.

The laptop that I'm using to test if I can pull a dhcp address on that is plugged into port 1 on switch02, should the default vlan be set to "no" and should I be just tagging that port on the WIFI vlan, or does the default vlan need to remain as untagged, while the WIFI vlan should be set to Tagged? My understanding is that you only want to tag the switch port on the vlan you want it to communicate with.

Apologies for these dumb questions, but I am having a difficult time getting things to work here. I have tried so many scenarios, but can't seem to get anything to work.

Thanks for any assistance on this! I really appreciate any help here!

• 2 Having the same IP address on two different switch interfaces is causing problems –  Ron Trunk May 24, 2019 at 14:48
• Rule of thumb: untag to your default vlan (e.g cctv camera on vlan 200 would have its port untagged vlan200). Trunk ports tag all VLANs. –  Timothy Frew May 24, 2019 at 18:09

First you should know that HP and Cisco use the term "trunk" differently. What HP calls a trunk, Cisco calls an Etherchannel (port aggregation).

I'll use the term in the Cisco sense (VLAN trunk) since you seem comfortable with that.

Trunk ports can have up to one untagged VLAN; all others must be tagged. You can, if you prefer, tag all VLANs on a trunk. The tagging configuration must match on both sides of the trunk link.

Devices like PCs, cameras, etc. do not understand VLAN tags. So a port that has a PC on it must have the desired VLAN untagged on that port. For example, if you want your camera on VLAN 200, you would have VLAN 200 untagged on the camera port.

Some devices such as IP phones do understand tags. Typically, the data VLAN is untagged, and the VoIP vlan is tagged.

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged networking router switch pfsense ..

• The Overflow Blog
• How do mixture-of-experts layers affect transformer models?
• What a year building AI has taught Stack Overflow
• Featured on Meta
• New Focus Styles & Updated Styling for Button Groups
• Upcoming initiatives on Stack Overflow and across the Stack Exchange network

Hot Network Questions

• What is better source of random bytes: Yubikey or /dev/random (or both)?
• Why do the same circult yields very different results from different IBM backends?
• Is there a mathematical formula or a list of frequencies (Hz) of notes?
• ". . . those who feel able to answer this call for help, have a strong cup of coffee and be on your way."
• Adding two numbers in Tally marks
• If lord krishna was vegetarian, why did he hunt animals and for what?
• QGIS: Removing overlapping features in one layer
• Sci-fi movie from the early 2000s with giant spiders, in which a lady goes into the jungle or forest looking for her lost partner or lost soldiers
• What kind of alien technology would make space colonization viable?
• Noise density in 1/f region
• Draw a car with TikZ
• Alignment inside a equivalent statements proof
• Is there a way to take away an action in D&D 5e?
• How to leave academia?
• How is the crucifixion just?
• Ensuring IEEE 754 Compliance and Numerical Precision in C++ HPC Projects
• How to remove huge startup current spikes in charger circuit?
• Will Israeli Military Service Affect My Chances of a Physics Master's Program?
• What international law did Ecuador break by storming the Mexican embassy?
• Finding Eigenvectors and Eigenvalues using a Determinant
• Why do pilots have control of so many functions that seem like they should be always-on?
• When providing examples, why they switch from "to Verb" to "Verbing" in this sentence?
• Can an unconfirmed transaction be confirmed several years later?
• Does C# 8 reference type nullability make Option/Result monad obsolete?

Viewing the VLAN membership of one or more ports (CLI)

Displays VLAN information for an individual port or a group of ports, either cumulatively or on a detailed per-port basis.

Specifies a single port number or a range of ports (for example, a1-a16 ), or all for which to display information.

Displays detailed VLAN membership information on a per-port basis.

The following describes the fields displayed by the command (see example output):

The user-specified port name, if one has been assigned.

The VLAN identification number, or VID.

The default or specified name assigned to the VLAN. For a static VLAN, the default name consists of VLAN-x where x matches the VID assigned to that VLAN. For a dynamic VLAN, the name consists of GVRP_x where x matches the applicable VID.

Port-Based, static VLAN.

Protocol-Based, static VLAN.

Port-Based, temporary VLAN learned through GVRP.

Indicates whether a port-based VLAN is configured as a voice VLAN.

Indicates whether a VLAN is configured for jumbo packets. For more on jumbos, see "Port Traffic Controls" in the management and configuration guide for your switch.

Indicates whether a VLAN is tagged or untagged.

Displaying VLAN ports (cumulative listing)

Displaying vlan ports (detailed listing).

Support Center