HP Procurve layer 2 trunks

M

Motley

2[H]4U
Joined
Mar 29, 2005
Messages
2,497
Does anybody have experiance with HP Procurves? I'm a Cisco guy, CCNP for 6 years, I can configure VLANs and layer 2 trunks in my sleep.

I have no experience on HP Procurves (3500, 2600, E5400). I just started a new job, and I need to learn how to manage these things.

Can anyone recommended a good book on Procurves switching?

Here is part of the VLAN config. Can anyone decipher this, and translate it into Cisco language? I'm having problems with the "tagged, untagged, TRK1" parts.

Also, on a Cisco switch, with a "show vlan", you can view the vlans and the ports they are assigned to. On the HPs, all they show is the the VLAN id's.

trunk 47-48 Trk1 Trunk
trunk 19-20 Trk60 LACP
ip routing
vlan 1
name "PortBucket"
untagged 1
ip helper-address 192.168.1.229
ip address 172.20.101.110 255.255.255.0
tagged Trk1
no untagged 2-18,21-46,Trk60
exit
vlan 10
name "Voice"
ip helper-address 192.168.1.229
tagged 21-44,Trk1
voice
no ip address
exit
vlan 15
name "SAN01"
untagged 3-18,45-46,Trk60
ip address 192.168.15.1 255.255.255.0
jumbo
exit
vlan 40
name "workstations"
tagged Trk1
no ip address
exit
vlan 100
name "vSheild"
tagged Trk1
no ip address
exit
vlan 2
name "Servers"
untagged 2,21-44
ip helper-address 192.168.1.229
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
 
Not a ton of HP experience here but IIRC a trunk is different in HP land then it is in Cisco. Trunks on an HP switch are the same as Etherchannel on a Cisco. Hopefully one of the resident HP guys will chime and help out a bit more.
 
ProCurve is a bit different than Cisco but not too hard to figure out.

Trunks = etherchannels

VLANs are tagged or untagged. Think untagged as native VLAN and tagged as allowed VLAN.

for instance in your config there, I see VLAN 2 (Servers) is the native VLAN for pors 2 and 21-44.
 
Thanks for the help. So the untagged config, under the vlan, will not allow that subnet, and thus traverse the native vlan?

I'm confused as to why the TRK1 is under the vlan config, and what exactly does that do?

It's very confusing. I mean all you do with a Cisco is allow your vlans through the trunk.
 
Motley said:
Thanks for the help. So the untagged config, under the vlan, will not allow that subnet, and thus traverse the native vlan?

I'm confused as to why the TRK1 is under the vlan config, and what exactly does that do?

It's very confusing. I mean all you do with a Cisco is allow your vlans through the trunk.
Click to expand...

Nope, untagged = that vlan is the native vlan for that port (traffic is untagged on that port)

TRK is a trunk (etherchannel) aggregated interfaces. you can tag/untag a trunk port in a vlan.

Cisco makes way more sense, took me a couple days to finally get the han gof HP, now it makes a lot more sense

Read this: it helped me a lot: http://www.techdata.com/techsolutions/networking/whitepapers/Feb10/HP%20Procurve%20Migrating%20from%20Cisco%20to%20ProCurve%20Networks.pdf

• An “access port” on Cisco is an “untagged port” on
ProCurve.

• A “trunk port” on Cisco is a “tagged port” on
ProCurve.

• The “port channel” on Cisco is “link aggregation”
and is called a “trunk” on ProCurve.

• When a single end-user device such as a PC is
connected, the connection from a VLAN point of
view is untagged. Cisco refers to this kind of port as
an “access port.”

• When a phone and cascaded PC are connected,
normally one VLAN is untagged for the data traffic
of the PC, and the other is tagged for the voice
traffic of the phone. On Cisco devices, this is called
an “access-port with auxiliary VLAN.” Note that
Cisco recently changed this nomenclature and now
calls it a “multi-VLAN access port.”

• Trunking from the ProCurve side is meant to
aggregate multiple ports together, while on Cisco it
is meant to transport multiple VLANs over one port.

• Link aggregation on the Cisco side is called
“channeling.”
 
Dude, thanks!! I really appreciate that explination, and document!

Ya I agree, Cisco does it better. Funny thing, the HPs seem real similar in everything else EXCEPT the Layer 2. Strange.....
 
An "Untagged" port on a Procurve means the switch puts the appropriate VLAN ID on packets originating from the port.

A "Tagged" port looks for VLAN ID on incoming packets and only allows packets that have been marked with a VLAN ID that is from an allowed (or tagged) VLAN on that port.

Each port can be marked with unlimited "tags" but only one "untag".

For example if a packet comes over a port that has been tagged with VLAN 1,2,3,4 and untagged with VLAN 5, and the packet contains no VLAN ID, it will be marked with VLAN ID 5.
 
Motley said:
Dude, thanks!! I really appreciate that explination, and document!

Ya I agree, Cisco does it better. Funny thing, the HPs seem real similar in everything else EXCEPT the Layer 2. Strange.....
Click to expand...

no problem
it kind of annoys me not to set the vlan on the interface config, but rather add/remove interfaces in the vlan config, but whatevs, it works. I find IOS config to be much more readable than a config dump from a procurve.
 
One more question. Is there any command that tells you what interfaces are tagged to the vlans?
 
Very nice, exactly what I was looking for!

Appreciate the help guys....
 
I think the better way is whatever you are used to. I've been managing all HP switches for 7 years and like the OP said, can do everything on them in my sleep. I get any Cisco and I don't know my head from my ass. Luckily I just have to get the config because the only time I deal with Cisco is when I am dumping them to install ProCurve equipment.
 
brom42 said:
I think the better way is whatever you are used to. I've been managing all HP switches for 7 years and like the OP said, can do everything on them in my sleep. I get any Cisco and I don't know my head from my ass. Luckily I just have to get the config because the only time I deal with Cisco is when I am dumping them to install ProCurve equipment.
Click to expand...

Yup, it totally works both ways. My previous job had me managing catlyst 4510R's at the core and all 3650's for my edge switching with ASA firewalls, new job has 5412zl's at the core and all 2848's at the edge and juniper SRX firewalls, whatever you are used to is going to make the most sense.
 
Ya here, we are planning on moving the core to a level3 colo datacenter. Everything will be completely redundant.

They are purchasing new HP E5400s (core), the 2510Gs (public dmz), and 2 of the new Palo Alto firewalls. Right now we are actually demo'ing the Palo Alto's, and they are very nice, reminds me of the Juniper Netscreens.
 
Gimme some details about the Palos. I've been hearing really good stuff. How are they compared to ASAs?
 
The Palo's are really slick. Nice web interface to configure, and view status, monitor, etc. They have the layer 4 application policies, ssl vpn client (clients automatically download the software from the firewall),

Virtual firewall and routers. You can run 5 different firewalls within the one box.

Oh and the best thing is the multiple config save feature (rollback). Very similar to Juniper.

They have antivirus and advanced policy features. The dashboard even gives you a threat level, based on the config settings.

The ASA's are nice, but I just don't think they have as many features, or as easy to manage.

Apparantly, the guy who used to work for Juniper, started his own company, like 4 years ago. PAN (Palo Alto Networks).
 
You must log in or register to reply here.
Back
Top