- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Move switch management from one VLAN to anothe...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2013 03:16 AM
тАО03-01-2013 03:16 AM
Move switch management from one VLAN to another
Hi
I have an HP 2510-24 that I'm trying to move from one VLAN with an IP to another VLAN with another IP. Both these subnets are connected to the same firewall but no traffic is allowed to pass between them. Setting the new IP to the new VLAN (VLAN 170 below) is no problem and not changing the default gateway either. After the change I can connect to the switch from VLAN170.
Now my admin PC is located elsewhere over a VPN and I can initially ping the new IP (192.168.170.13) and connect with telnet but after a few seconds the ping and telnet dies, connection on the local VLAN170 is still possible. When I check the upstream switch from the one I'm trying to change IP on I see that the MAC address for the switch is found on both the old VLAN (VLAN 1) and the new one. It's like the switch is still answering MAC-requests on the old VLAN even when that IP has been removed.
Do I have to restart the switch or something for the change to have full effect?
Below is my config before I've removed the old IP (194.111.203.10) and it's default gateway.
Running configuration:
; J9019B Configuration Editor; Created on release #Q.11.17
console inactivity-timer 30
interface 25
speed-duplex 10-full
exit
ip default-gateway 194.111.203.1
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 194.111.203.10 255.255.255.0
exit
vlan 171
name "ServerNet"
tagged 26
exit
vlan 172
name "ClientNet"
tagged 26
exit
vlan 170
name "AdminNet"
ip address 192.168.170.13 255.255.255.0
tagged 26
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
spanning-tree
spanning-tree force-version RSTP-operation
password manager
password operator
- Tags:
- VLAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2013 08:42 AM
тАО03-01-2013 08:42 AM
Re: Move switch management from one VLAN to another
Hi TheH0ff,
Where does the routing take place between the VPN connection and VLAN170? Also, what VLAN config do you have setup on your upstream switch and on the firewall - I am assuming both these switches are between the VLN connection and the switch in question?
Don't forget to mark a post resolved if your question was answered.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2013 03:23 PM
тАО03-01-2013 03:23 PM
Re: Move switch management from one VLAN to another
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2013 10:45 PM
тАО03-03-2013 10:45 PM
Re: Move switch management from one VLAN to another
Fist thing first: Thank you for quick follow ups.
I've included a network drawing of the site showing how the routing is done, switching is all done using VLANs distributed through all switches. What I'm trying to do is to migrate the switches from a transparent network (194.111.203.0/24) with only a router and some access-lists for protection to the Internet and set everything up on a NATed network behind a firewall. My VPN is a site to site VPN terminating at the firewall.
The switch 192.168.170.11 is a fresh installation and that switch has no problem being accessed on the new network either locally from the VLAN or over the VPN.
/Fredrik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2013 02:53 AM
тАО03-04-2013 02:53 AM
Re: Move switch management from one VLAN to another
Hi Fredrik,
There's still one important missing piece: from which address are you trying to reach 192.168.170.13?
- If it is from within your new network, then there's likely a local LAN issue like an IP address conflict.
- If it is from the Internet behind "Firewall", it's probably because you've got asymmetric routing and your switch is trying to send to the Internet via 194.111.203.1. Make sure your switch (or 194.111.203.1) has a route to your VPN address pool via "Firewall"'s address on 192.168.170.0/24.
- If it is from the Internet behind 194.111.203.1, make sure it has a route to 192.168.170.0/24 via "Firewall".
Do you have another system on 192.168.170.0/24 from which you can ssh to 192.168.170.13? If so, i would recommend logging into the switch through that system, removing the default route and the external IP address from the switch, then adding "Firewall" as your default route on the switch. Then you should be able to get to it via your VPN.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2013 02:54 AM
тАО03-06-2013 02:54 AM
Re: Move switch management from one VLAN to another
My though exactly paulgear, I remove the IP for the old public IP and set the default gateway to be the IP of the firewall. Config is now exactly the same as it is on my newly installed switches. VLAN1 being handled by the switch but has no IP, only IP is on VLAN170.
After about a minute I loose connectivity with the switch on the new IP over the VPN, switch should at this point only know about VLAN170 on a L3 level, right?
On an upstream switch I get this when I look up the MAC of the switch. Should be only VLAN170 since the switch should only answer IP request on VLAN170
ELI-HEL-SW001# sh mac-address 002561-dca200
Status and Counters - Address Table - 002561-dca200
Port VLAN
----- ----
25 1
25 170
At this point the switch with the changed IP is only reachable from a computer on VLAN170. If I log in to the switch and ping the firewall interface on VLAN170 the switch becomes rechable over the VPN again but dies a minute later.
It's like it still tries to send answers on the old VLAN1 despite having lost the IP on that VLAN. I wish I could do a reboot just for checks but the switch is in almost constant use.
/Fredrik