+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 29
Wired Networks Thread, Inter-VLAN woes between HP5308XL and 2610 in Technical; ...
  1. #1

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5

    Inter-VLAN woes between HP5308XL and 2610

    Hello,

    We're not having much success with implementing VLANs for a test walkthrough, which when proved as successful, will be rolled out to the rest of the network during this summer.

    The main issue is devices in one VLAN not being able to communicate with devices in other subnets. Now, there's a ton of information and queries on the same issue all over the web, mostly relating to different hardware vendors, or dissimilar scenarios.

    We've spent a couple of days troubleshooting everything, and have been through configuration steps many times, so I'll do my best to get down what we have so far (brain a little fried!)

    Firstly, we used a 2610 switch, and divided it up with 2 new VLANs (in addition to the DEFAULT_VLAN) which already resides. We created new new VLANs on the basis of isolation from the existing network.
    So, we issues the following telnet commands to the switch (untagged ports may not be exactly the same here...a lot has happened since we first ran through the config :-);

    config term
    ip routing
    VLAN 100
    untag 10
    ip address 10.50.8.0/24

    VLAN 200
    untag 11
    ip address 10.50.9.0/24
    write mem

    Devices connected to ports 10 and 11 were able to communicate with each other, with no issue. So inter-VLAN comms were good.

    We have also tried the same setup on the 5308XL core (once we had cleared down the 2610, so again, completely operating through one switch)

    This time, the following commands were issues against the 5308XL, as per instructions from http://www.hp.com/rnd/support/config...l_portbase.pdf. NOTE: We never bothered with creating the trunk (Cisco not HP I know) port, as we were just looking to test within the core itself, and to not involve additional switches at this point)

    HP ProCurve Switch 5308XL(config)# ip routing
    HP ProCurve Switch 5308XL(config)# router rip
    HP ProCurve Switch 5308XL(rip)# VLAN 100
    HP ProCurve Switch 5308XL(vlan-100)# untag C6
    HP ProCurve Switch 5308XL(vlan-100)# ip address 10.50.8.0/24
    HP ProCurve Switch 5308XL(vlan-100)# ip rip v1-only

    HP ProCurve Switch 5308XL(vlan-100)# VLAN 200
    HP ProCurve Switch 5308XL(vlan-200)# untag C7
    HP ProCurve Switch 5308XL(vlan-200)# ip address 10.50.9.0/24
    HP ProCurve Switch 5308XL(vlan-200)# ip rip v1-only
    HP ProCurve Switch 5308XL(vlan-200)# write mem

    This too was also successful, when we issued a ping from a device within one VLAN, to a device within the other VLAN.

    Then the fun started, when we decided to involve both the 5308XL and 2610, with the intention of using the core 5308XL for routing duties. We cleared down VLANs on both the core and 2610, and started from scratch with the following commands first being issued to the 2610;

    config term
    VLAN 100
    untag 1
    ip address 10.50.8.1/24
    tag 25

    VLAN 200
    untag 2
    ip address 10.50.9.1/24
    tag 25
    write mem

    With that sorted, we configured the core;

    config term
    VLAN 100
    untag E8 (Port which IT Office PC is directly connected to)
    ip address 10.50.8.2/24
    tag C6


    VLAN 200
    ip address 10.50.9.2/24
    tag C6
    write mem

    We only set one port on the core as being assigned to a VLAN (Port E8 to VLAN 100, as we opted to switch between VLAN 100 and 200 when required.)
    With everything in place, and trunk ports set as being C6 on the core and 25 on the 2610, we assigned the IT Office PC a 10.50.8.X IP address and configured its gateway IP as 10.50.8.2. We also connected a netbook to port 1 on the 2610, so that it was set as being in VLAN 100. We then issued the following from the IT office PC;

    1. Ping the VLAN 100 interface of 10.50.8.2 on the core – Successful.
    2. Ping the VLAN 100 interface of 10.50.8.1 on the 2610 – Successful.
    3. Ping the netbook of 10.50.8.3 – Successful.
    4. Ping the VLAN 200 interface of 10.50.9.1 on the 2610 – Successful.
    5. Ping the VLAN 200 interface of 10.50.9.2 on the core – Unsuccessful.

    We can’t ping the interface of VLAN 200 on the core, despite the IT office being connected directly to the core – why can we successfully ping the VLAN 200 interface on the 2610?

    Can I also ask anyone to confirm, that if we want to use the 5308XL solely for routing, that 'ip routing' only needs to be issued against the core, and not the 2610 (as we have already done). Or do we need to issue the 'ip routing' command on the 2610 as well?

  2. #2
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    The IP routing only needs to be done on the core. It fact you don't even need to set an IP on the 2610 100/200 VLAN. I just setup an IP on the default VLAN to manage it.

    Try having a port untagged on vlan 200 on the core to sort the ping problem.

  3. Thanks to andyrite from:

    MrJDH (27th June 2014)

  4. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,474
    Thank Post
    10
    Thanked 500 Times in 440 Posts
    Rep Power
    114
    The 2610 does not need an ip in vlan 100 or 200

    Are you setting the gateway on the clients to the ip of vlan that is it connected to (on the core)

  5. Thanks to DMcCoy from:

    MrJDH (27th June 2014)

  6. #4

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    Guys, that's great! It's all come to life! Relief...

    VLAN IPs removed from 2610, all good.

  7. #5

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    Andyrite, DMcCoy, thank you for all of your help the other day. I never actually thanked you at the time.

    I was hoping that you may be able to assist further, now that we have the VLAN basic down for a couple of switches.

    We use a Smoothwall box for filtering of internet traffic, which is set as the DG for all LAN PCs, with the exception of the IT office machines.

    Would anyone be able to take a look at the image I have below, to help us resolve some of the new issues, please?

    http://www.thedash.org.uk/VLANQuestions.png

    Many thanks.

  8. #6
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    What's your subnet masks?

  9. #7
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    You should have a ip-route 0.0.0.0 0.0.0.0 10.50.4.24 on your core. If it doesn't know what to do with the traffic(ie not a local IP) it will send it to the smoothwall. You need to have your vlans setup in your smoothwall too.

  10. Thanks to andyrite from:

    MrJDH (27th June 2014)

  11. #8

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    Hi @andyrite,

    Thanks for this! So I was correct with implementing a static from the core to the SmoothWall box then...things are slowly starting to sink in!

    So the command is saying 'any IP, with any subnet mask, route to 10.50.4.24'?

    With regard to having the VLANs setup within SmoothWall, should we go along with the advice seen in this post, as simply dialling in the VLAN IPs, etc, as opposed to creating new interfaces?
    Internet router / VLANS

    Many thanks.

  12. #9
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    Networking » Routing » Subnets

    Example
    Network
    10.20.1.0
    Subnet
    255.255.255.0
    Gateway (This is always 10.50.4.1 is your case)
    10.0.0.1

  13. Thanks to andyrite from:

    MrJDH (27th June 2014)

  14. #10

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    Am I correct in thinking that this solves the issue of devices in the 100 & 200 VLANs not being able to reach the internet, but not the issue of PCs using the 10.50.4.1 DG being unable to contact devices in VLANs 100 & 200?

  15. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,941
    Thank Post
    519
    Thanked 2,500 Times in 1,941 Posts
    Blog Entries
    24
    Rep Power
    840
    You should have all machines use the core switch as the DG, and then the rule that @andyrite has mentioned as the default rule on your core.

  16. #12
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    Yes. The smoothwall wouldn't know what to have done with the traffic.

    but not the issue of PCs using the 10.50.4.1 DG being unable to contact devices in VLANs 100 & 200

    The pc won't know how to get to the ip so will send it to you dg (the SA BOX) You'll need to add some static routes to your pc because you are not using the main switch for routing.

    What are you using the SA box for?

  17. Thanks to andyrite from:

    MrJDH (27th June 2014)

  18. #13

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    Quote Originally Posted by andyrite View Post
    but not the issue of PCs using the 10.50.4.1 DG being unable to contact devices in VLANs 100 & 200

    The pc won't know how to get to the ip so will send it to you dg (the SA BOX) You'll need to add some static routes to your pc because you are not using the main switch for routing.
    Result! Added a persistent route to the table on my PC, using the core as the next hop, and BOOM! Hello VLANs!!

    That's wonderful for now. I'll no doubt be back once it comes to adding the subnets in SmoothWall.. Thanks both @andyrite and @localzuk

  19. #14

    Join Date
    Sep 2012
    Posts
    57
    Thank Post
    9
    Thanked 4 Times in 2 Posts
    Rep Power
    5
    We've got a spare bit of time this morning, to pick up on some VLAN work. So, after confirming with Smoothwall that adding the VLAN IP ranges into the Routing >> Subnets section is the way to go, we're running through how devices on either of the VLANs will be able route traffic through to the Smoothwall box on the DEFAULT_VLAN.

    The Smoothwall box is jacked straight into the core, which is obviously aware of the VLANs and their respective gateway IPs. Now referring to my previous query, where the IT office PCs were unable to ping any VLAN device, due to our DG being the SA box of 10.50.4.1, after adding persistent routes to our machines with the core IP of 10.50.6.14 as the next hop, we were in business.

    Do I now need to apply the same concept to the SW box, and create that link between itself and the core? I'm a bit confused, as doesn't adding the VLAN IP ranges into SW achieve the same thing? I know obviously not, as we still can't ping the SW box from a VLAN device. Does this routing within SW only come into play after we've created that initial static route to the core?

    Now, if this is the case, do I need to begin looking up equivalent Linux commands to add a persistent route on the SW box (being Linux based), or is there a reverse way to achieve this, say from entering the route on the core?

    Many thanks.
    Last edited by MrJDH; 1st July 2014 at 11:17 AM. Reason: typo

  20. #15
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    414
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    42
    Which Vlan can't your ping the SW from?

    Adding the VLAN ranges into the smoothwall is just creating a static route in the backgroud.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Setting Up VLANs between Netgear and HP Procurve
    By colly72 in forum Wired Networks
    Replies: 4
    Last Post: 2nd October 2013, 12:22 PM
  2. Cut and paste issues between excel and word
    By 17thcpikeman in forum Windows
    Replies: 1
    Last Post: 30th November 2007, 01:42 PM
  3. whats the differance between EMF and PCL 5/6
    By timbo343 in forum Windows
    Replies: 11
    Last Post: 10th January 2007, 09:50 AM
  4. Replies: 20
    Last Post: 23rd December 2006, 09:36 PM
  5. Replies: 2
    Last Post: 22nd February 2006, 12:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •