Procurve vlan routing
I realise there is lots of similar threads but as far as I can tell our config is setup 'correctly' to enable inter vlan routing.
What we are trying to achieve is gain internet access from our old subnet 10.120.140.0/22 to our new router 10.120.136.1, I've created a vlan (136) with the IP 10.120.136.2 and ip-helper of our dhcp in the other subnet; we were using the default vlan for the other subnet as we were using dynamic LACP, whilst troubleshooting i've tried to create another vlan but this has not helped!
I can ping the gateways of either vlan within either vlan so I think routing is working? However if I point the machine to the gateway in the 140.0/22 subnet I have no access.
I also don't get a DHCP response from the 136 vlan so that functionality isn't working either.
Any ideas what is going on here? Ignore the somewhat messy vlans as I can't move some of our LACP uplinks yet as the dynamic LACP keeps them in vlan 1.
I realise this switch isn't great on the routing front but I believe it should do this! I'm off to check on firmware now which is almost certainly not the latest, will check back soon.
no ip address
no untagged A1-A8,A11-A24,B1-B19,C1-C12,C15-C22,D13-D24,Trk1
ip address 10.120.136.2 255.255.255.0
ip helper-address 10.120.140.2
ip address 10.120.140.1 255.255.252.0
fault-finder bad-driver sensitivity low
fault-finder bad-transceiver sensitivity low
fault-finder bad-cable sensitivity low
fault-finder too-long-cable sensitivity low
fault-finder over-bandwidth sensitivity low
fault-finder broadcast-storm sensitivity low
fault-finder loss-of-link sensitivity low
fault-finder duplex-mismatch-HDx sensitivity low
fault-finder duplex-mismatch-FDx sensitivity low
ip route 0.0.0.0 0.0.0.0 10.120.136.1
Newer firmware has not solved either problem - should I be able to ping our router (10.120.136.1) from the 140.0/22 subnet? If so this does not work currently, however from the 136 vlan I can.
You need to enable rip in VLAN 136
ip rip 10.120.136.2
It's also strange to have 10.120.136.2 as the routing address, shouldn't that be 10.120.136.1?
Also, have you put the 10.120.136.2 as the default gateway in DHCP for that VLAN range?
On what ports are your new router (gateway) and your DHCP server connected to?
Do you know the config of your router?
The router is 10.120.136.1 hence the vlan has to have a different address (10.120.136.2 was what I chose, this is in the DHCP scope but as I mentioned dhcp leases aren't being handed out currently).
Should I be able to specify the ip for the vlan?
ip address 10.120.136.1 255.255.255.0
10.120.136.1/24 can not be switch IP address and route gateway at the same time.
This switch does not have the 'rip' command, however 'ip routing' is accepted.
As there is currently no IP on the vlan 136 I cannot ping anything from 140.0/22 on 'that side', but from 136 I can still ping 140.1 and also I've still got internet access (from 136)
I've no idea on the router config I'm afraid as its our LBC property; the router is plugged into B7 and the dhcp server is on D20
Sorted access from 140.0/22 to the gateway, vlan needed ip proxy-arp - investigated dhcp etc now.
Ok, have you set up different scopes in your DHCP server?
From what I have read, your old scope (within VLAN100) is working perfectly, except for internet access, correct?
What is your current DHCP server giving out as the clients default gateway? It should be 10.120.140.1 so your VLAN 100 clients contact the switch, then your switch (using the default gateway address) should route the traffic to your RBC router.
Then you need to create a second scope on your dhcp server. Lets say, 10.120.136.5 - 10.120.136.250 for arguments sake. It is the scope your DHCP will use to service requests from the 10.120.136.0 (VLAN 136) clients.
Does that make sense?
Ok some progress! Although my config doesn't require a proxy arp?
Originally Posted by nicklec
I've just re read my last post and it doesn't read very well.. Let me try again.
Your clients on your 136 VLAN are sending out a DHCP request. Your switch sees the request and routes it on to your DHCP server using the ip-helper information.
Your DHCP server receives the request and attempts to service it. However the request came from a subnet it doesn't know about. So it can't service the request.
The client therefore never receives a DHCP response.
If however you create a suitable DHCP scope on your DHCP server, it will be able to service the request because it is aware of the subnet from where the request first came.
On all Our Vlans the Default Gateway is the core Switch (5406ZL), This then routes any unknown traffic to its default gateway (firewall).
Are you setting it up so your router does all the internal routing or are you using the switch for the internal routing and the router for external routing?
Originally Posted by nicklec
You see, you said it without nearly as many words as me.... #KeepItSimpleIrritableTech
Originally Posted by glennda
The dhcp issues were solved with the same setting sorry for the slow update.
This switch is a 4204vl by the way incase anyway finds this info.
I'm not sure if its this switch and/or procurve but all the documentation says 'ip routing' OR default gateway so im not quite sure what you mean by this:
The switch doesn't have a gateway set (but there is a default route) is this what you mean?
Originally Posted by glennda
For example all your vlans have the same address? (Not possible on this switch)
I cannot 'reach' the gateway via our 140/22 vlan so the vlan has the address 10.120.140.1 and this gateway works within this vlan...
Very confusing... but I'm fairly sure some terms should be clarified to avoid further confusion.
Yes default route. we have
Vlan's for each block plus a a couple for printers/voice etc. For all Vlan's with there own range and the default gateway to be xx.xx.xx.1 (which is the Core switch)
B Block 10.1.0.X subnet 255.255.0.0 GW 10.1.0.1
C Block 10.2.0.X subnet 255.255.0.0 GW 10.2.0.1
G Block 10.3.0.X subnet 255.255.0.0 GW 10.3.0.1
D Block 10.4.0.X subnet 255.255.0.0 GW 10.4.0.1
and so on - each gateway is the Main Core Switch on the Vlan interface - the core then routes any traffic that it knows to the other VLans - any unknown traffic (so 0.0.0.0 255.255.255 ip.of.gate.way) This is on an HP 5406ZL
Thanks for clarification yes thats my understanding of the procurve way but we need to use addresses within 10.120.136.0/21 so thats why the first vlan had an address of 10.120.136.2 to avoid clashing with the LAN port on our LBC (LGfL 2.0) firewall (what you refer to as a gateway).
Thanks for input everyone, all is good now hopefully!