VLAN CONFIGURATION

[cgorms]

Hi,

Im a noob to VLANs and I am having some trouble getting my head around it. Any help would be great, thank you in advance.

I have HP Procurve switches 5412zl in the core and 2650 on the edge. I have setup vlans between switches without any problems. I also have DHCP serving IP Addresses within both VLANs.

My setup:
default VLAN(1) - IP Range 10.2.104.0/21
second VLAN(11) - IP Range 192.168.4.0/22.

My default gateway is 10.2.111.254, how can I get VLAN(11) to access the internet/default gateway?

Here is part of running configuration of the 5412zl:

ip routing
ip irdp
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A1-A23,B1-B24,C1-C24,D1-D24,E1-E24,F1-F4
ip address 10.2.111.210 255.255.248.0
no untagged A24
ip igmp
exit
vlan 11
name "CURRIC_WRC"
untagged A24
ip helper-address 10.2.104.1
ip address 192.168.4.1 255.255.252.0
tagged A12,D5,D7,F2
exit
ip route 0.0.0.0 0.0.0.0 10.2.111.254
spanning-tree

[keithu]

Are your clients in VLAN 11 getting the default gateway 192.168.4.1?

[cgorms]

Yes the clients default gateway is set via DHCP to 192.168.4.1.

192.168.4.1 is the 5412zl Core Switch.

I forgot to mention the Servers and Switches/Router are in the default VLAN(1). When I ping the router 10.2.111.254 from a client on the 192.168.4.0/22 range I get "Request timed out".

[keithu]

It looks like there's a problem with routing on your switch. Can you run 'show ip' and 'ip route' on your core switch and post the result?

[cgorms]

Thanks for getting back so quick:


SW-BRC_LIB-01# show ip

Internet (IP) Service

IP Routing : Enabled


Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

VLAN | IP Config IP Address Subnet Mask Proxy ARP
-------------------- + ---------- --------------- --------------- ---------
DEFAULT_VLAN | Manual 10.2.111.210 255.255.248.0 No No

CURRIC_WRC | Manual 192.168.4.1 255.255.252.0 No No


SW-BRC_LIB-01# show ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 10.2.111.254 1 static 1 1
10.2.104.0/21 DEFAULT_VLAN 1 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.4.0/22 CURRIC_WRC 11 connected 1 0

[keithu]

That looks okay. I thought you were saying you couldn't ping your switch but, now that I've read your question properly ( ), I see what's happening. It looks like you just need to add a route to the device at 10.2.111.254 to tell it how to reach the 192.168.4.0 subnet. Have you got admin access to that router?

[cgorms]

I though it was something to do with the router. No I dont have admin rights, the router was supplied by SWGFL.

Is there any other way round it?

[keithu]

Presumably the gateway router has been configured to route your 10.2.111.210 subnet only, so 192.168.4.0 isn't going to work. I thought perhaps you could use NAT on your switch to translate the addresses into the 10... range, but your switch doesn't seem to support that.

Do you really need routed internet access from that subnet? If you just want web acces you could install a proxy server on VLAN 1.

[MicrodigitUK]

I though it was something to do with the router. No I dont have admin rights, the router was supplied by SWGFL.

Is there any other way round it?

I had exactly the same problem and it is the SWGFL routers IP rules.

With the old ISDN routers the SWGFL didn’t used to block the traffic but when they upgraded everyone to fibber they changed the ACL’s (access control lists) to only allow your designated IP range network traffic through by default.

I have an open Wi-Fi network in a privet IP range routing through my SWGFL network.

If you call them up and explain the situation and give them the IP range they can make the appropriate changes to there routers ACL’s.

[eduabncs]

Is the VLAN on the router and is uplink port trunked?