(Solved) HP, ESXI, VLANS, and Trunks. please help

Hello, I did post this in the STH forums aswell so sorry for slight copypasta but figured id try here too. After few days of trying to do this on my own figured I would seek help.

I’m new to vlans so bare with me. I know how they work (I think) in theory but im struggling to actually configure the switch,

anyway.

What I have is:

1 HP procurve 2910al 24 port
2 Physical machines running ESXI 6.7

What I want (I think) is as follows:

I want port 1-6 on the switch to ingress and tag on vlan 250, and I want them to egress vlan 250 frames as untagged. I want these to be WAN and behave like a l2 switch. so that some one may plug their own router into port 2-6 and be on their own network.

I want port 7 to trunk vlan 250, vlan 10, and vlan 20.
I want port 8-10 to trunk vlan 10 and vlan 20,
I want port 20 to ingress vlan 10 and egress untagged.

Port 1 will be plugged into the ISP’s Modem/ONT whatever
Port 2-6 so I can plug a home router in and have WAN
Esxi host 1 will be on port 7 and host gateways, so it needs WAN
Esxi host 2 will be on port 8 so it does not need WAN
port 9,10 are incase I add 2 more hosts (probably wont).
port 20 is so I can plug a machine in for MGT

AFAIK I have ESXI set up correctly.
I have port groups with the following Tags.

pgWAN_VLAN250
pgTLAN_VLAN20
pgMGT_VLAN10
pgMGTvmk_VLAN10

attached to a vswitch with an uplink on a PCI NIC

I realize this set up is pretty scuffed but additional hardware is not an option ATM

My issue is that I don’t know how to get this to actually function on the switch, specifically the 2910al

If a network diagram napkin scribble is needed I can do that,

thanks.

There isn’t ingress vs egress vlan tagging per port. A layer 2 switch will not allow traffic to pass between vlans and typically a layer 3 switch isn’t going to perform layer 3 routing unless you explicitly configure it to do so. For traffic to pass between vlan A and vlan B, it needs to go up to a layer 3 device (router) and be allowed to pass into vlan B.

As far as vlans and ports go, you can assign one vlan as untagged on a port. That is the default vlan for that port. Ingress traffic on that port that has no vlan or a vlan that isn’t tagged on the port will be reassigned the untagged vlan.

Tagged vlans on a port are allowed but not set automatically. A device can use a tagged vlan if it is configured to do so.

So if you have host A with port eth0 plugged into a switch port 2, and port 2 is untagged vlan10 and tagged vlan20, traffic generated on eth0 will come into the network on vlan10. If you configure host A with vlan20 on eth0, that traffic will come into the network on vlan20. If you configure host A with vlan30 on eth0, that traffic will be reassigned to vlan10 on the switch (or sometimes won’t work at all in my experience). Note that in this situation, if you were to ping the vlan20 interface on host A from it’s own eth0 interface, that traffic will be passed up to the router. It will be blocked by the switch.

Trunks are pretty self explanatory, you pass all or most of the vlans between switches, routers, hypervisors, etc so they can be used individually at endpoints.

hope this diagram will help.

not sure exactly what you mean by untagged vlan 10 and tagged vlan 20, does that mean any untagged ingress gets tagged by the switch as 10? and only a frame with vlan20 already would go to 20?, and mismatch (vlan30) will attempt to go to the untagged vlan? (10 in this example)

sorry I don’t know how to actually add a trunk, or vlans to a trunk and assign said trunk to said port on this HP switch.
like the CLI menu will give me me the option of [Tag], [Untag], [Forbid], [No], under vlan and port, not sure
Like what commands in what order do I enter, or how do I do it by the CLI menu or Java web app specifically on this switch. Im sure what you are saying will make sense once I have it set up properly…err rather… configured to function as desired… and frames are flowing.

thanks.

Correct!

Unfortunately switches are nearly all proprietary and have different cli, gui and different idiosyncrasies. I can’t advise you on how to configure you’re HP.

Sounds like there is just some terminology confusion going on. Let’s go through a few scenarios and explain what will happen in each case. I’ll list a switch port configuration and then an explanation of how it behaves.

Untagged VLAN 10: In this configuration, any packets with no existing VLAN tag coming inbound to this port from the connected equipment will have the VLAN 10 tag applied to them before being passed over to another port and sent on their way. Only VLAN 10 traffic will be allowed to exit out this port, and any such packets will have the VLAN 10 tag removed before the packet is sent out the wire.

Tagged VLAN 10: In this configuration, the switch will expect all packets entering or leaving the port to have a VLAN 10 tag. In Cisco-land, they call tagged ports “trunks” - it is just a term used to mean that VLAN tags are preserved and passed through to devices on the switch port. Tagged ports should have connected devices that also expect to handle VLAN tags, otherwise they will not know what to do. If a port receives a packet that is tagged with a VLAN that it isn’t configured to accept, it should drop the traffic.

Tagged VLAN 10, Tagged VLAN 20: In this configuration, the switch will accept packets tagged with either VLAN 10 or VLAN 20 and forward them appropriately. This is still a trunk port in Cisco language.

Untagged VLAN 10, Tagged VLAN 20: I don’t recommend this configuration because it mixes tagged and untagged traffic, but switches will probably allow this configuration and it might be confusing. The behavior here should be that anything received on this port with no tag will have the VLAN 10 tag added and then forwarded on. The port will also accept traffic tagged with VLAN 20 and forward it as well. VLAN 10 traffic sent out from this port will have the tag removed before it is put on the wire.

So going back to your switch, you probably want the following configurations:

Port 1-6: Untagged VLAN 250
Port 7: Tagged VLAN 250, 10, 20
Port 8-10: Tagged VLAN 10, 20
Port 20: Untagged VLAN 10

Hope this helps.

1 Like

absolute legend.

indeed I believe you are correct about terminology getting confused. I read from a post or 2 elsewhere that on a HP switch a Trunk is not a “Trunk” what it is is some other function of the switch. so googling “HP switch trunk always got me nowhere”

Setting the ports as you described did indeed create a “trunk” frames are flowing, ESXI can be accessed. and the gateways are getting WAN. I did lose switch mgt but I have a pretty good idea of what went wrong there.
thankfully the CLI menu was GUI enough for me to do this.

1 Like

was worried I needed specific HP help but thanks to you both It makes sense now that its functioning.

thanks again guys, :wink:

1 Like