A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. VLANs are used to segregate networks or traffic, each VLAN has its own collision domain and broadcast domain. Using VLANs can reduce network collisions and improve performance.

Create a VLAN

To create a VLAN on a HP Procurve switch – connect to the device using putty and enter privileged mode (see “Connecting to a HP ProCurve Switch Using a Console cable & Putty“)

1. To see what VLANS currently exist on the switch, In privileged mode issue

#show vlan

We can see from the list we have the following VLANS:

1 Default

100 Curric

150 Management

2. We now want to add a VLAN called “VPN”  to do this first enter Global Configuration Mode

#config t

Then issue the following command

#vlan 101 name VPN

#Exit

“vlan” indicates we want to configure a VLAN,

“101” indicates a VLAN ID which can be anything of your choice, but this must meet the requirements of the switch VLAN ID policy, it’s a good idea to keep them uniform.

“Name VPN” indicates a name of the new VLAN.

“Exit” indicates that we want to leave the global configuration mode and return to privileged mode.

If we now issue a #show vlan command, we can verify the new VLAN is now listed.

3. Although there wont be any ports associated with the new VLAN yet, we can issue a #show vlan 101 command to see if there are any ports associated.

As expected nothing is listed.

Assign a port to a VLAN

1. To Assign a port to a VLAN we need to enter global configuration mode again,

#Config t

then we need to attach the port we want to the new VLAN

#vlan 101 untagged 21

#exit

“vlan 101” indicates we want to make a configuration change to this vlan

“untagged” indicates that we want to untag a port to the vlan specified – an untagged port in a VLAN is a physical member of that VLAN, ie. when you plug your host into that port it is physically connected to that VLAN (also known as an “access port” in Cisco terminology).

“21” indicates physical port 21 of the switch

2. #show vlan 101 now verifies that port 21 is now untagged onto the VPN VLAN.

The status is “down” due to the fact this port has nothing plugged into it.

Untag a range of ports

#Config t

#vlan 101 untagged 21-25

#exit

#show vlan 101 verifies the untagged port range

Tag a port to a VLAN

#config t

#vlan 101 tagged 26

#exit

“tagged” indicates that we want to port to carry traffic for multiple VLANs from the switch to other network devices such as an upstream router or an edge switch (In Cisco terminology this is called trunking, HP have no specific term for it).

#show vlan 101 verifies the port has been tagged to the VLAN.

To save all the changes to the running configuration issue

#wri mem command.