SOLVED
Hi RafaelV, I suggest you another approach: use your first ten VLANs - VLAN 1, 2, 3, 4, 5, 6, 7, 8, 9 and 10 (those related to 10.10.x.0/y subnets where x = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 as per your example and y represents the mask value owned by each subnet). Create the eleventh VLAN and assign to it one of two possible addresses of the Subnet 10.10.255.252/30 (Subnet Mask /30 = 255.255.255.252)...so, as example, assign to VLAN 255 (just to have a matching with the third octect, as above) the IP Address 10.10.255.254 (/30). Once done configure the Route of Last Resort (0.0.0.0/0.0.0.0 to 10.10.255.253) route on your HPE 1920S so it will point to your Router's LAN interface, change your Router's LAN interface in order to tag its packets with the VLAN id = 255 (this would be generally achieved by creating a VLAN subinterface with VLAN id = 255 starting from your Router's LAN and, once done, assign to that subinterface the IP Address 10.10.255.253 with Subnet Mask 255.255.255.252). On your Router define as many static routes as many Switch's subnets it needs to be able to route the traffic back (example: add the static route to 10.10.2.0/y subnet via the VLAN 255 IP address 10.10.255.254...which is the IP Address of your "Core" Switch HPE 1920S seen by your Router on the only one VLAN they can talk through). Basically all this was made to let your HPE 1920S Switch and your Router to speak through a Transit VLAN (here VLAN id 255) which is related to a very tiny subnet that admit only them. Your Switch to speak with the "external" world will use the Last Resort Route to route all non-local traffic to your Router and, viceversa, your Router will do the same back with the help of its static routes (those help your Router to find the way to your Switch's internal VLANs). Hope it is clear.
Now - to cope with what was done on your Router's LAN - on the HPE 1920S Switch configure the uplink port to your Router's LAN to be a tagged member of the very same VLAN id 255 (you could remove any VLAN id 1 untagging membership for that port). That's all. Now your Switch and your Router are one-to-one connected through your uplink using tagged traffic and on that segment there are only them and them only. The Switch knows how to reach your Router for all traffic destinations it doesn't own and your Router knows how to reach back VLANs routed by your Switch.
An host connected to a port untagged member of VLAN ids 1-10 (or 2-10 if you want to exclude VLAN id =1 which is the default) once has proper IP addressing (its default gateway should be the VLAN's IP Address of the VLAN it was landed into) will be able to reach your Router 10.10.255.253 and any network behind it (so potentially Internet if your Router connect you to Internet)....while being able to reach any other host on any other internal VLAN (provided that that remote host has a proper IP address configuration applied).
So to recap:
- HPE 1920S needs to have IPv4 Routing feature enabled
- VLAN ids defined on HPE 1920S need to have their IP Addresses well specified
- a particular VLAN id will be used as Transit VLAN to route traffic between your Switch and your Router
- the Router's LAN need to be configured to match the Switch's uplink port (both in terms of VLAN tagging and IP addressing).
- HPE 1920S will be responsible of all inter-VLAN routing
- a Last Resort Route will route traffic to non local destinations to your Router using its Transit VLAN IP address as next hop
- static routes on your Router will route traffic to your local VLANs through your Switch IP address on Transit VLAN
ACL on your internal VLANs can be deployed over that. It works.
I'm not an HPE Employee
Hi! have you solved?
I'm not an HPE Employee