ProCurve 2910 basic VLANs

[maestromasada]

Hi fellows,

I’m trying to setup some VLANs on our school network to divide the massive broadcast domain that we have and got to the point where don’t know exactly what to do to make it work. This is my first attempt to VLANs so feeling like walking on a black forest! Sure you can help me out with this.

Have a HP 2910 and have setup 2 x VLANs with this running configuration:


; J9145A Configuration Editor; Created on release #W.14.38

hostname "ProCurve 2910al-24G Switch"
module 1 type J9145A
ip default-gateway 10.8.160.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 9-24
ip address 10.8.163.50 255.255.248.0
no untagged 1-8
exit
vlan 100
name "VLAN100"
untagged 1-4
ip address 10.10.100.1 255.255.255.0
tagged 10
exit
vlan 200
name "VLAN200"
untagged 5-8
ip address 10.10.200.1 255.255.255.0
tagged 10
exit
snmp-server community "public" unrestricted
password manager


The LGfL router is 10.8.160.1 and all I want to achieve is for vlans 100 and 200 to access the internet and the servers on the default vlan, but don’t want the devices on vlans 100 or 200 to be able to communicate to each other.

At present devices on vlan100 and vlan200 cannot talk to each other, which is good, but they cannot talk to LGfL router either!
I would have thought the ip routing command will enable this?

Any help will be great

[twin--turbo]

The LGFL Router will have no knoledge of the routing required to reach the new vlans.

Rob

[Ric_]

For a start, you should stop using the default VLAN now that new VLANs are added.... things will break.

You will need to set up routing tables and ACLs then between each VLAN/IP.

[maestromasada]

Thank you for your great advice.

Have contacted LGfL and they are willing to re-configure their firewall and join it to our L3 switch so that only the L3 switch takes care of the routing between the VLANs. Problem is I don't know exactly how to define the routing tables on the switch. Have been trying to do it whole morning but no joy!

Doing an experiment, I wanted to vlan 100 and 200 to be able to talk to a server on vlan 1, but just cant' do. Please have a look at the attached image to verify my config.

VLANs.jpg

I have a pc on vlan 100 with an ip of 10.8.161.2/24
I have a pic on vlan 200 with an ip of 10.8.162.2/23
I have a server on vlan 1 with an ip of 10.8.164.80/22

In theory, the server should be accessible by both vlans but is not. Vlans 100 and 200 cannot talk to each other which is good,
the pc on vlan 100 is 10.8.161.2
the pc on vlan 200 is 10.8.162.2



See new config in the switch see if you can identify what could be the problem. As you can see the ip routing is enable!


Running configuration:

; J9145A Configuration Editor; Created on release #W.14.38

hostname "ProCurve 2910al-24G Switch"
module 1 type J9145A
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 11-24
ip address 10.8.160.2 255.255.248.0
tagged 5-6
no untagged 1-4,7-10
exit
vlan 100
name "VLAN100"
untagged 1-4
ip address 10.8.161.1 255.255.255.0
tagged 5-6
exit
vlan 200
name "VLAN200"
untagged 7-10
ip address 10.8.162.1 255.255.254.0
tagged 5-6
exit
snmp-server community "public" unrestricted
password manager




IP Routing : Enabled


Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

VLAN | IP Config IP Address Subnet Mask Proxy ARP
-------------------- + ---------- --------------- --------------- ---------
DEFAULT_VLAN | Manual 10.8.160.2 255.255.248.0 No
VLAN100 | Manual 10.8.161.1 255.255.255.0 No
VLAN200 | Manual 10.8.162.1 255.255.254.0 No

[maestromasada]

ups

sorry I posted the wrong pic, this is the right one with the ports on the HP switch configured.

VLANs.jpg

[SYNACK]

I'd setup rip on the core so that you can advertise routes back to the upstream router. That should mean that as long as you stay within the global range that you get from the upstream provider you can divide them any way you see fit internally without having to wait for the upstream people for each change.

I think its ip routing rip
and something to advertise static

you need:

Code:

ip default-gateway (upstream router IP)
ip routing

vlan 53
   name "GuestWireless"
   ip helper-address (DHCP server IP) 
  ip address 192.168.53.1 255.255.255.0
   tagged 2,4,6,8,48
   exit
ip route 0.0.0.0 0.0.0.0 (upstream router IP)
router rip
   default-metric 2
   redistribute static
   exit

vlan 1
   ip rip (advertising port on vlan) 
  exit

Had to set one of these up the other day for a new Ruckus system

you might also want to put in

Code:

timesync sntp
sntp unicast
sntp server priority 1 (Domain Controller) 3

To set the switch up to sync to a time server (domain controller)

[Nodrog]

Hi

I’ve done this a couple of times and the people on the help desk at Atomwide will set you up a stub network to delivery your whole network to your local L3 switch - I know they also have done local config work within schools but that tends to be chargeable. Still if they get you going with a working config and then you take it over it’s a quick and useful lesson to have. HP switch tho … might be a bit entertaining – I’ve only really done this with cisco kit.