Switches, Hubs, and Modems
1748235 Members
3496 Online
108759 Solutions
New Discussion

Failed: Multiple VLANs; IP Routing and VOIP using ProCurve 3500s

 
RLSimpson
Occasional Contributor

Failed: Multiple VLANs; IP Routing and VOIP using ProCurve 3500s

I’m a newbie so be kind. New to this job I find a very flat network with sprawl problems. I would like to build a network that is easier to pinpoint where an object or problem is. I have the opportunity now when the network is moving off 4.9 and 2.4 radio onto fiber optics! By assigning a segment to each of the sites, I should be able visually to recognize the traffic easier. Each site gets a new 3500-24-POE layer 3 capable switch. There are 15 sites moving onto the fiber optic tunnel. All switch traffic is transported by a third party and all converge into one link to Port 48 on a ‘core’ ProCurve 3500yl-48 switch which has ip routing enabled. VOIP is also being introduced as well.
Each site has the following VLANs, IPs, GW, Mask, Port membership w/Tagged/Untagged designations:
Vlan 1 (Default_VLAN) 192.168.xxx.6 192.168.xxx.5 255.255.255.0 1-24 Untagged
Vlan 10x (Data10x) DHCP 1-12 Untagged , 24 Tagged
Vlan 201 (VOIP) 192.168.201.xxx 192.168.201.5 255.255.255.0 1, 13-24 Tagged
Vlan 900 (Mgmt) 192.168.15.xxx 192.168.15.5 255.255.255.0 1, 24 Tagged

SAMPLE CONFIG From one site:
; J9471A Configuration Editor; Created on release #K.14.47

hostname "WWP-3500/24-7.6"
module 1 type J94bbA
exit
ip default-gateway 192.168.0.5
vlan 1
name "DEFAULT_VLAN"
untagged 1-23
ip address 192.168.7.6 255.255.255.0
tagged 24
exit
vlan 107
name "DATA107"
untagged 1-12
no ip address
tagged 24
exit
vlan 201
name "VOIP"
ip address 192.168.201.7 255.255.255.0
tagged 13-20,24
voice
exit
vlan 900
name “MGMT”
ip address 192.168.15.7 255.255.255.0
tagged 21-24
exit
dhcp-relay option 82 keep


VLAN 201 and VLAN 900 will span the entire network. The gateways for these two segments were placed on Watchguard firewall (192.0.0.203/24) as secondary networks: 192.168.201.5/24 and 192.168.15.5/24.
I intend for all DATA### vlans to obtain addresses through DHCP. The DHCP server (192.0.0.108/24) is used in the ip helper-address statements.
The routing switch will be replacing a layer 2 HP Procurve 3400cl currently using ports 23 & 24 meshed. The routing switch (192.168.0.5/24) has the following configuration:
Running configuration:
; J8693A Configuration Editor; Created on release #K.14.47
hostname "CHA-3500yl/48-0.5"
time timezone -7
time daylight-time-rule Continental-US-and-Canada
module 1 type J86yyA
module 2 type J86xxA
ip default-gateway 192.0.0.203
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 25-39
tagged 1,48
no untagged 2-24,40-47
no ip address
exit
vlan 100
name "DATA-CW1"
untagged 2-24,48
ip helper-address 192.0.0.108
ip helper-address 192.0.0.109
ip address 192.168.0.5 255.255.255.0
ip address 192.0.0.1 255.255.255.0
tagged 1
exit
vlan 900
name "MGMT"
forbid 40-45
untagged 47
ip helper-address 192.0.0.108
ip address 192.168.15.100 255.255.255.0
tagged 1,48
exit
vlan 201
name "VOIP"
forbid 2-39
untagged 40-46
ip helper-address 192.0.0.108
ip address 192.168.11.5 255.255.255.0
tagged 1,48
exit
vlan 107
name "DATA107"
ip address 192.168.7.5 255.255.255.0
tagged 1,48
exit
ip route 0.0.0.0 0.0.0.0 192.0.0.203
ip route 192.0.0.0 255.255.255.0 192.0.0.203
ip route 192.168.0.0 255.255.255.0 192.168.0.203
ip route 192.168.15.0 255.255.255.0 192.168.15.5
ip route 192.168.201.0 255.255.255.0 192.168.201.5
primary-vlan 100
password manager
password operator

CHA-3500yl/48-0.5#

I am unable to get the VLANs to work. I have one site that needed to be up and running so I plugged into the untagged ports on VLAN 1 to get them working. Is there anything blaringly wrong here? I read that VLAN 1 should be used for network management. I don’t want to build out a nightmare and can really use some advice. Anyone?
1 REPLY 1
Mohammed Faiz
Honored Contributor

Re: Failed: Multiple VLANs; IP Routing and VOIP using ProCurve 3500s

Hi,

Can you provide a bit more information on what the symptoms of your "vlans not working" are?
If you plugged a client into vlan 107 on a remote site the first issue you have is that vlan 107 doesn't have an ip-helper address set so they won't get an IP address.
Your static routes are also a little confused but that shouldn't be causing an issue.