VMware Cloud Community

HP Procurve VLANS

Anyone care to share their Physical VLAN config for Procurve Switches?

I'm not very strong on the network side and need a best practices config for setting PHYSICAL VLANS on a Procurve 2900 Switches (layer 3 capable).

Brief Setup:

2 HP DL380 G5's (6GbE ports each)

2 HP Procurve 2900-24 switches (latest firmware)

1 Equallogic PS100E SAN (3 Active 3 passive ports on 2 controllers)

VI3 Enterprise

*Procurve switches are currently stacked via 10GbE copper connection.

*Initial plan was to create 4 VLANS:100, 200, 300, 400) on each switch.

VLAN100=VM's (2 physical ports on each HP DL380)


VLAN300=DMZ (2 physical ports on each HP DL380)

VLAN400=VMotion, SC, VMKernel (2 physical ports on each HP DL380)

Am I going down the correct path? Than my next obsticle is creating the vSwitches in ESX.

Any feedback will be greatly appreciated!

Thanks all.

0 Kudos
4 Replies

The concept looks fine. You still havent covered how redundant you want the setup to be. Do you need etherchannels or not, do you want all your machines still accessable if one switch fails.

Also, "Physical VLANs" are unknown to me. Do you mean that the DMZ needs to be on a seperate switch from the VM network?

If not, you can put something like 4 ports under VMs, DMZ, iSCSI and 2 for SC/VMotion/VMkernel stuff and run trunking (VLAN tagging) over them.

This could mean that you use mac-out loadbalancing (no switch configuration needed) and 2 ports connected to each switch (total 4) for your VM networks. Then take the last 2 ports and hook 1 to each switch. This will give you redundancy and fairly well performing setup.

0 Kudos

Hi, thanks for your response.

Hi availability and redundancy is important. For each dual port card on the HP DL380's, I have 1 port connecting to "switch A" and the other 2nd port connecting to "switch B"and the 2 switches are "Stacked" via a 10GbE connection. I think stacking is the same as Etherchannel or Trunking in the Cisco world.

When I say "Physical VLANS" I'm referring to configuring VLANS on the HP Switches, not thru VMWare (vSwitches).

To clarify, I'm just needing to know what needs to be done on the 2 HP switches before even installing VI3 on the hosts.

Thanks again.

0 Kudos

OK going on the note that the 2 Procurve 2900 are stacked. (Stacking in the Cisco world is neither channeling or trunking, needs a special connection afaik).

Then you can go for ip-hash (802.3ad) load distribution. Which basicly means that you have better balanced network load at the cost of CPU power.

The out-mac method basicly sends each VM out a different port on the server (no switch config needed).

The ip-hash method is more session based which means that the host might communicate with multiple machines through multiple physical adapters (needs LACP/802.3ad configured on the switch).

Then running VLANs over to the ESX server is just a question of configuring trunking (vtp)

Nothing needs to be done on the switches before installing the ESX servers. Everything can be configured afterwards.

0 Kudos

I use Procurve gear as well, so I can probably help out... It sounds like you are doing port-based VLANs, so that makes configuration much simpler.

I am not familiar with the 2900 series, but I bet it's pretty much the same as the 5400 series that I use.

1. Write down what ports you want for each VLAN. Say, VLAN 100 gets ports 1 and 2, VLAN 200 gets port 3 and 4, etc. It always is better to have it written down beforehand! But I am sure you knew this... Smiley Wink

2. In the switch console, go into Switch Configuration, then to VLAN menu.

3. Go to VLAN Names and setup your four VLANs with their VLAN IDs and some descriptive names.

4. Go to VLAN Port Assignments and then, using your notes from step 1, go to each port and change the settings. For non-tagged (port-based) VLANs, change the VLAN setting to "Untagged" for each port/VLAN combination that makes sense, and set all other VLANs to "No". For example, if ports 1 and 2 were VLAN 100, change the Default VLAN to "No", VLAN 100 to "Untagged", and the other VLANs to "No" for ports 1 and 2. Save your work! Smiley Happy

5. Save the switch configuration and log out.

But wait! There is more...

\*********************** BONUS READING BELOW ***********************

Getting it to work via "port channel" virtual switches and trunks is just a matter of adding another layer to the configuration. Instead of "Untagged", use "Tagged" for each VLAN that the port will see. A good example of this is my firewall configuration.

On switch:

Port A1

VLAN 0: Untagged

VLAN 90: Tagged

VLAN 91: Tagged

VLAN 97: Tagged

VLAN 100: No

On firewall:


vlan0: (802.1Q ID 90)

vlan1: (802.1Q ID 91)

vlan2: (802.1Q ID 97)

In this example, I have five VLANs on my switch (0 = default, 90, 91, 97, and 100 being configured as valid IDs) and have three tagged VLANs on the firewall that all egress on eth0 which is connected to port A1 on the switch. The firewall does not need to see VLAN 100, so we've left that the default setting of "No" on the switch.

Now my firewall has access to my internal default network (eth0), and three separate subnets through the tagged interfaces!

On your ESX host, you can make port-channel vSwitches using these IDs. Then allow the VLAN IDs you used on each new vSwitch to egress on each physical switch port as "Tagged" traffic. Now your VMs can talk to all three tagged subnets as well, assuming they are all plugged into the proper vSwitch.

Clear as mud? Smiley Happy

In other words, it's all about layering your configurations...

1. Physical infrastructure -- get your switches stacked, STP setup, etc.

2. ESX host configuration -- configure your trunking and such, make sure it jives with the switch configuration.

3. Network based virtualization -- document your VLAN strategy and prepare your switches.

4. ESX network virtualization -- build your vSwitches!

5. Profit!

Have fun!

Message was edited by:


0 Kudos