Hi,
This is my first post on the HP Community Forum, I'm hoping I can get some pointers from the gurus and experts on some VLAN queries that I have.
Currently we have HP ProCurve switches all over our building and we have VLANs set up throughout and everything is working great, however we are going through a rapid growth spurt and our current setup cannot provide adequately for us.
We have our VLANs set up on a "per device type" basis:
VLAN 4: Servers
VLAN 5: Workstations (PCs, laptops, etc)
VLAN 8: RF WIFI (handheld guns in the warehouse)
VLAN 9: Printers
Our "core" switch is a 2910 and it has a dedicated NIC for each VLAN that acts as the gateway IP for each subnet, this is as follows:
VLAN 4: 172.16.1.250
VLAN 5: 172.16.2.250
VLAN 8: 172.16.3.250
VLAN 9: 172.16.4.250
We have a Windows 2008 server (Domain Controller) that is our DHCP server and inside our SuperScope we have 4 scopes for each subnet. The Workstation scope is the only scope that has available addresses to dynamically distribute with the other 3 scopes locked down and using reservations to allow devices to communicate on our network. For example printers have a reservation for VLAN 9 and so the scope assigns the IP address to the device, all fairly standard stuff so far.
Now, we have multiple floors with switches on each floor and switches also present in our warehouse, these are all ProCurve 2810s and/or 2910s and we have stacked switches on most floors. With the introduction of mobile devices (iPhones, iPads, Androids, etc) what we are seeing is the workstation VLAN is getting hammered and will regularly get very close to running out of free IP addresses, while VLAN 9 for example has hundreds of IP addresses at its disposal but they are not available due to the way we have it set up.
It is painfully evident that this method is not suitable for us and I have proposed a change of VLAN set up from its current state of "per device type" and to change that up and create a new VLAN set up that has a VLAN for each floor. So the VLAN set up would be:
VLAN 4 - Servers (This would stay the same, we do not want to change the IP structure of our servers)
VLAN 5 - Lower Ground Floor
VLAN 6 - Upper Ground Floor
VLAN 7 - Ground Floor
VLAN 8 - Level 1
VLAN 9 - Level 2
VLAN 10 - Warehouse
VLAN 11 - Graphics Studio
The subnets would be defined as:
VLAN 4 - 172.16.1.x (No change as previously explained)
VLAN 5 - 172.16.5.x
VLAN 6 - 172.16.6.x
VLAN 7 - 172.16.7.x
(You see the pattern here)
The VLAN IP Addresses for each interface would be:
VLAN 4 - 172.16.1.250 (No change to server VLAN setup)
VLAN 5 - 172.16.5.250
VLAN 6 - 172.16.6.250
VLAN 7 - 172.16.7.250
etc
DHCP would change also, I would anticipate that the SuperScope would disappear and a scope for each VLAN would be separately created on our DHCP server.
This would give us a huge increase in available addresses and would alleviate the pressure our DHCP server is experiencing under our current setup.
As we already have Pro Curves in production and already in the desired locations the "heavy lifting" side of the work is already done, we just need to:
1. Create each VLAN on our core switch;
2. Assign the IP address to the interface (following the same IP address convention);
3. Set the IP helper address for each VLAN to be the IP address of our DHCP server;
4. Add the VLAN IDs to the relevant floor switches;
5. Untag the ports on each switch with the relevant VLAN ID;
6. Test a device on each floor to make sure that they:
a) Get the right IP address;
b) Can communicate with a device on each VLAN/Floor but most importantly communicate with the server VLAN.
Now I know you're all thinking "yes, yes I understand that's all good but where's your question!!??". OK well here are my questions:
1. Is my logic correct?
2. Have I missed any crucial steps?
3. What stops a device on the Lower Ground floor (VLAN 5) from getting an IP address from a scope not in its VLAN? I know this might be a stupid newby question but I cannot understand how if I am user "John Doe" and I have a laptop and I live on the lower ground floor, my VLAN would be VLAN 5 and so I should get an IP address from the DHCP scope of the same subnet, but is there a danger that for some reason I get an IP address from the "level 1" scope for example? As you can probably already see this is the biggest stumbling block I have.
I apologise for the long post, I wanted to give as much information as possible in the hope that I get the most direct answer.
I appreciate any advice you can give and look forward to a healthy conversation about my post.
Thanks guys.
Jamie