HPE Community
Comware Based
1755940 Members
4307 Online
108839 Solutions
New Discussion юеВ

Re: 5500G & 4400 VPN

 
ggl
Occasional Contributor

тАО02-26-2009 11:38 PM

тАО02-26-2009 11:38 PM

5500G & 4400 VPN

Hi there



I'm trying to configure a vlan. I have a 5500G as our backbone, and a 4400 as a distribution switch. I create vlan5 and an interface for vlan5 on the 5500, and create vlan5 on the 4400. I want 3 ports on the 4400 to be in vlan5 and not vlan1, but I also want a few users on other ports on the 4400 to be able to get to vlan5 as well as the default vlan1.

I'm a little unclear as to what type to set the ports, and which ones to tag, and which ones to not tag.

My understanding is:



5500 - Set the port linking to the 440 as a trunk, and leave it untaged in vlan1, and taged in vlan5?



4400 - Set the port linking to the 5500 as a trunk, and leave it untagged in vlan1 and tagged in vlan5?



4400 - The isolated vlan5 ports should be removed from vlan1, and the ports I want to see both vlans should remain untagged in vlan1 and be tagged in vlan5? What should the port type be set to for the isolated vlan5 ports, and the ports in both vlans?



The problem is, from the ports I want to see both vlans, I can ping the vlan5 interface, but I can't ping any of the devices on the isolated vlan5 ports.



Any help would be most appreciated :) Sorry, I said vpn instead of vlan in the title...

This message was edited by ggl on 2-26-09 @ 11:38 PM
0 Kudos
4 REPLIES 4
Shirin
Frequent Advisor

тАО03-01-2009 03:43 AM

тАО03-01-2009 03:43 AM

Re: 5500G & 4400 VPN

on 5500 you create vlan5

Then you make the port going to 4400 a trunk port passing vlan 5 and 1 and add other member ports as access; As an example on 5500G:



vlan 5

port giga 1/0/5 to giga 1/0/6

vlan 2

port giga 1/0/7 to giga 1/0/12

interface giga 1/0/25

undo shutdown

port link-type trunk

port trunk permit vlan 1 2 5



As an example on 4400:



bridge vlan create 5

bridge vlan create 2

bridge vlan modify addport 5

1:25

tagged

bridge vlan modify addport 5

1:1-1:6

untag

bridge vlan modify addport 2

1:25

tagged

bridge vlan modify addport 2

1:7-1:12

unatag



You can browse to http://support.3com.com/infodeli/tools/switches/4400/dha1720-3aaa7 for management syntaxes for the 4400











0 Kudos
ggl
Occasional Contributor

тАО03-01-2009 04:13 PM

тАО03-01-2009 04:13 PM

Re: 5500G & 4400 VPN

Thanks for the reply. I'll give that a go :)

I presume I have to trunk the link port on the 4400 as well?

0 Kudos
ggl
Occasional Contributor

тАО03-01-2009 07:06 PM

тАО03-01-2009 07:06 PM

Re: 5500G & 4400 VPN

Cool, it's working well now. Just for the record, here's how things are configured.



5500

Created vlan5.

Created vlan5 interface with IP 192.168.5.1

Configured link port to 4400 as a trunk.

Tagged link port to 4400 into vlan5.



4400

Created vlan5.

Configured link port to 5500 as a trunk.

Tagged link port to 5500 into vlan5.

For devices required to be accessed by vlan1 devices, joined ports to vlan5 as untagged.

For devices not required to be accessed by vlan1 devices, tagged ports into vlan5.



The IP route to vlan5 is automatically created on the 5500 when the vlan interface is created.



I'm working on ACLs now to filter traffic between vlan1 and vlan5, as it's wide open by default.



Thanks Shirin :)



0 Kudos
jsgilpin
New Member

тАО09-22-2009 02:15 PM

тАО09-22-2009 02:15 PM

Re: 5500G & 4400 VPN

I have this exact scenario with one exception. The gateway to my network is one hop beyond the 5500. I don't have access to configuration on the gateway, only the switches on this side of the it. So my devices on the default vlan are looking at the gateway for routing. How can I get 5500 to route for the rest of the vlans?



I've set up the configuration exactly like ggl's but it doesn't work. On the 5500, I set up a vlan 30 and put made the interface 192.168.30.1 I can't even ping the gateway from a PC hooked directly into the 5500.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.