My ramblings on the stuff that holds it all together
How to Configure a Port Based VLAN on an HP Procurve 1810G Switch
I have a new switch for my home lab as I was struggling with port count and I managed to get a good deal on eBay for a 24-port version – it’s also fan-less so totally silent which is nice as it lives in my home office.
I am re-building my home lab again (I’m not sure I ever finish a build before I find something new to try, but anyway – I digress) now I have 3 NICs in my hosts I want a dedicated iSCSI network using a VLAN on my switch.
My NAS(es) are physical devices and I want to map one NIC from each ESX host into an isolated VLAN for iSCSI/NFS traffic, this means nominating a physical switch port to just be part of a single VLAN (103) and take it out of the native VLAN (1) – Cisco call this an access port and other switches call it a Port Based VLAN (PVLAN) – this is the desired configuration
The configuration steps weren’t so intuitive on this switch so I have documented it here;
- 1st create a VLAN – in my case I’m using 103 which will be for iSCSI/NFS
- You need to check the “create VLAN” box and type in the VLAN number
- press Apply
- Check the set name box next to the VLAN you created
- type in a description
- click apply
Then go to VLANs—> Participation/Tagging
- You need to clear the native VLAN (1) from the ports you will be using
- select VLAN 1 from the drop down box
- click each port (in this case 13,14,15,16,17,18 and 21) until it goes from U to E (for Exclude)
- click apply (important!)
- Note 13,15,17 are used for my vMotion VLAN – but the principal is the same)
- select your VLAN from the drop down – in this case 103
- Now allocate each port to your storage VLAN by clicking on it until it turns to U (for Untagged)
- click apply (important!)
Now you should have those ports connected directly to VLAN 103 and they will only be able to communicate with each-other – easiest way to test this is to ping between hosts connected on this VLAN.
You can manually check you have done this correctly by looking at VLANs—>VLAN Ports
- Drop down the Interface box and choose a port that you have put into the PVLAN
- The read-only PVID field should say 103 (or whatever VLAN ID you chose) if it says 1 or something else check your config as it’s in the wrong VLAN.
You won’t be able to get into this VLAN from any other VLAN or the native VLAN (because we excluded VLAN 1 from these ports) if you want to be able to get into this VLAN you’ll need to dual home one of the hosts or add a layer 3 router, I unusually use a Vyatta virtual machine – post on this coming soon.
I’ll also be adding some trunk ports to carry guest network VLANS in a future post.