HP Procurve VALNS Help !

[ICTNUT]

Hi Guys,

I am in the process of testing VLAn setups and need some guideance.

The first thing is HP terminology (gah!) hate it....

Secondly here is what I have a HP 2824 L3 Switch (Core) and a Netgear GSM 7248 L2 (Edge). Setup is as follows:

Uplinks from 7248 to 2824 out on Port 48 and in on Port 24 respectively

on the 7248 I have 4 PC's on port 1, 3, 5, 7 with 1 and 3 untagged on VLAN2, 5 untagged on VLAN 1, and 7 untagged on VLAN3

On the 2824 I have DC's, DHCP, File Server and Proxy all untagged on VLAN1

The problem:

All the PC's can logon with out issue
1 - non of them can ping each other ( I would expect this for inter VLAN but thos on the same VLAN should be able to shouldn't they??)
2 - Shares are not mapping on any aprt from the PC in VLAN1 (Port 5)
3 - Non can access the internet apart from PC in VLAN 1 (Port 5)

What am I missing, I am not used to HP stuff as I normally workwith Cisco but hey we have what we have

Do I need to "tag" the uplinks in any way?
My understanding is that each port need only be "untagged" if it is a member of only one VLAN which in most cases is the case?
I would expect pinging to be restricted when trying to ping a pc in vlan 2 from vlan3.

Any help would be great as I am STUCK.......

[spc-rocket]

Hi Guys,

I am in the process of testing VLAn setups and need some guideance.

The first thing is HP terminology (gah!) hate it....

Secondly here is what I have a HP 2824 L3 Switch (Core) and a Netgear GSM 7248 L2 (Edge). Setup is as follows:

Uplinks from 7248 to 2824 out on Port 48 and in on Port 24 respectively

on the 7248 I have 4 PC's on port 1, 3, 5, 7 with 1 and 3 untagged on VLAN2, 5 untagged on VLAN 1, and 7 untagged on VLAN3

On the 2824 I have DC's, DHCP, File Server and Proxy all untagged on VLAN1

The problem:

All the PC's can logon with out issue
1 - non of them can ping each other ( I would expect this for inter VLAN but thos on the same VLAN should be able to shouldn't they??)
2 - Shares are not mapping on any aprt from the PC in VLAN1 (Port 5)
3 - Non can access the internet apart from PC in VLAN 1 (Port 5)

What am I missing, I am not used to HP stuff as I normally workwith Cisco but hey we have what we have

Do I need to "tag" the uplinks in any way?
My understanding is that each port need only be "untagged" if it is a member of only one VLAN which in most cases is the case?
I would expect pinging to be restricted when trying to ping a pc in vlan 2 from vlan3.

Any help would be great as I am STUCK.......

Hi there,

First you need to have the dhcp scopes defined on your dhcp server for each vlan so they pick up the ip addresses from the correct scope/subnet.

Then you need to have a default route on your core switch which will point to the proxy server or your router to outside world. This will take care of the internet access.

You need to enable ip routing in order for it to route packets and also need to have the equivilant of ip-helper command on the core so clients in other vlans can obtain ip address from one dhcp server and also from the correct scope!.

Your uplinks should be "tagged" (i hate HP's terminology as well) because uplinks carry traffic from multiple vlans so the destination switch will look at it and make decision as to which vlan to send the traffic.

The shares part may be the block of netbios traffic so you need to enable this on the core i think.

Sorry i'm not much helpful, my expertise is with Cisco stuff.

Ash.

[ICTNUT]

Ashok: IPs/Subnets have been worked out and i'll put these in place on the DHCP tomorrow

DHCP-Helper Ihave worked out where this is on the procurve so no problems there.

As far as the uplinks are concerned Would I need to ""tag" all vlans?? or just the core, and yes under Cisco "Just Trunk" !!!

Hi there,

First you need to have the dhcp scopes defined on your dhcp server for each vlan so they pick up the ip addresses from the correct scope/subnet.

Then you need to have a default route on your core switch which will point to the proxy server or your router to outside world. This will take care of the internet access.

You need to enable ip routing in order for it to route packets and also need to have the equivilant of ip-helper command on the core so clients in other vlans can obtain ip address from one dhcp server and also from the correct scope!.

Your uplinks should be "tagged" (i hate HP's terminology as well) because uplinks carry traffic from multiple vlans so the destination switch will look at it and make decision as to which vlan to send the traffic.

The shares part may be the block of netbios traffic so you need to enable this on the core i think.

Sorry i'm not much helpful, my expertise is with Cisco stuff.

Ash.

[Sylv3r]

When we were looking at setting up VLANs on our HP kit the support forums over at HP had some really knowledgeable members who helped us loads. If you haven't checked the forum out its worth a quick skim through.

[andyrite]

Are all the VLANS setup on the core? Can you post the config from the hp core?

[sjatkn]

Do I need to "tag" the uplinks in any way?
My understanding is that each port need only be "untagged" if it is a member of only one VLAN which in most cases is the case?

I am no expert on HP kit yet, though the school I work for has got HP Procurve kit in place and are using VLANs. From the config I can see on one of my switches.

• Uplinks: DEFAULT_VLAN - untagged, all other VLANS are tagged.
• All other ports: Appropriate VLAN set to untagged and all others as 'no'.

[spc-rocket]

Ashok: IPs/Subnets have been worked out and i'll put these in place on the DHCP tomorrow

DHCP-Helper Ihave worked out where this is on the procurve so no problems there.

As far as the uplinks are concerned Would I need to ""tag" all vlans?? or just the core, and yes under Cisco "Just Trunk" !!!

Hi Ozan,

Yes you need to tag all the vlans except the vlan which pro curve uses to function itself (the native vlan in cisco terminology). Also make sure that the vlans created on other switches are also present on the core switch as well even if there are no ports allocated to those vlans.

The thing that confuses me is that when you allocate a port to the vlan the same flipping terminology is used "tagged" they should have called this something else because on uplinks the packets do need to be tagged so the recieving switch knows which vlan the packet is for. The recieving switch then strips the vlan info (the tag) and then forwards the frames/packets to the appropriate port on that vlan. I take it the tagging and untagging is the HP equivilent of encapsulation is it?

Ash.

[ICTNUT]

I take it the tagging and untagging is the HP equivilent of encapsulation is it?

I think this is the case...!

OK here is the situation so far.

I have all six VLANs setup on both the switches and I know these work as the servers sit in VLAN 1 and any PC placed into any other VLAN fail to work.

I am not getting DHCP from the server in VLAN 1 for a PC in VLAN 3

I have setup the dhcp helper on the HP switch as follows:

RM77 Core SW1(vlan-1)# ip helper-address 192.168.0.3

and

RM77 Core SW1(vlan-3)# ip helper-address 192.168.0.3

My question is should the ip helper address be different for VLAN 3 as the ip address given is in VLAN1??

Scopes on DHCP server have been setup, see attached image

[andyrite]

The ip address needs to be the actual address of the dhcp server. Post or send me your sh run off your hp core switch and i'll have a look.

[ICTNUT]

as requested:

RM77 Core SW1# sh run

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "RM77 Core SW1"
snmp-server contact "ICT Support Ext 159"
snmp-server location "RM77"
interface 22
name "UPLINK_RM76"
exit
interface 23
name "UPLINK_RSW1"
exit
interface 24
name "UPLINK_RSW2"
exit
ip default-gateway 192.168.0.2
timesync sntp
sntp broadcast
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT"
untagged 1-21
ip address 192.168.0.202 255.255.252.0
ip helper-address 192.168.0.3
tagged 22-24
ip igmp
exit
vlan 2
name "ADMIN"
ip address 192.168.52.1 255.255.252.0
ip helper-address 192.168.0.3
tagged 1-24
ip igmp
exit
vlan 3
name "CURRIC"
ip address 192.168.56.1 255.255.252.0
ip helper-address 192.168.0.3
tagged 1-24
ip igmp
exit
vlan 4
name "WIRELESS"
ip address 192.168.60.1 255.255.252.0
ip helper-address 192.168.0.3
ip igmp
exit
vlan 5
name "VoIP"
no ip address
ip helper-address 192.168.0.3
ip igmp
exit
vlan 6
name "MEDIA"
no ip address
ip helper-address 192.168.0.3
ip igmp
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
spanning-tree

[andyrite]

Have you enabled ip routing? It's not in you sh run.

[andyrite]

Might be worth adding ip route 0.0.0.0 0.0.0.0 192.168.0.2 to deal with any packets it doesn't know what to do with.

[spc-rocket]

I think this is the case...!

OK here is the situation so far.

I have all six VLANs setup on both the switches and I know these work as the servers sit in VLAN 1 and any PC placed into any other VLAN fail to work.

I am not getting DHCP from the server in VLAN 1 for a PC in VLAN 3

I have setup the dhcp helper on the HP switch as follows:

RM77 Core SW1(vlan-1)# ip helper-address 192.168.0.3

and

RM77 Core SW1(vlan-3)# ip helper-address 192.168.0.3

My question is should the ip helper address be different for VLAN 3 as the ip address given is in VLAN1??

Scopes on DHCP server have been setup, see attached image

Hi Ozan,

The ip-helper command will take the ip address of your dhcp server so it should be same for all your vlan.

Make sure that the DG of your server inc. dhcp is set to the IP of the vlan on which your servers are. The you need to have default route on your core to your main router to outside world. So in your case from looking at the config, you need set all your server's DG to 192.168.0.202 with mask of 255.255.252.0 as this is the IP you given you default vlan on which your servers are placed in.

Ash.

[ICTNUT]

Have you enabled ip routing? It's not in you sh run.

Yes I have:

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "RM77 Core SW1"
snmp-server contact "ICT Support Ext 159"
snmp-server location "RM77"
interface 22
name "UPLINK_RM76"
exit
interface 23
name "UPLINK_RSW1"
exit
interface 24
name "UPLINK_RSW2"
exit
ip default-gateway 192.168.0.2
ip routing
timesync sntp
sntp broadcast
snmp-server community "public" Unrestricted

[andyrite]

Assign a port on your hp switch to vlan3. See if you can get an ip address there. It will prove the config on HP switch is correct.