Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

4104GL core and 5x 2626 edge, VLAN help needed...

SOLVED
Go to solution
Giorgio Dominici
Occasional Advisor

4104GL core and 5x 2626 edge, VLAN help needed...

Hi all, I've been asked to do some "refreshing" of the actual network already in place when I started my job here some weeks ago, setting up initially a basic VLAN infrastructure.

Actually, a 4104GL is our core switch, and 5x procurve 2626 are trunked from their two gigabit ports each on one port of the two gigabit copper ports modules (J4908A), A and B, where all workstations, printers and some unmanaged switches/hubs are coming in, so I already have in conf TRK1 till TRK5 (ports A1+B1,A2+B2,..) and everybody can go everywhere.

All clients are placed on the default_vlan (native), so there's no vlan setup at all at the moment.

Can I put all ports into another VLAN (let's name it vlan 11) other than native, and start some basic routing with a test machine on another port, member of VLAN12?

I'm new to vlans unfortunately, what i've learned so far is:

- all vlans with their own ip addresses need to be defined on my 4104GL for the purpose of my test setup, so

- I have to tag all ports and trunks to VLAN11 and basically all should keep working as it is right now from default_vlan

- issue the "ip routing" command just to enable intravlan routing (?) with my test machine on VLAN12. if i run the command right now (with the configuration pasted below), the 4104GL throws an error like "IP Routing is not allowed with the current trunk (Trk1) configuration". do I have to run this command before defining any trunk?

- issue "route add 0.0.0.0 0.0.0.0 gwaddress" for routing traffic to the internet if i setup the default gateway of my clients to their respective vlan ip address

am I correct until now?


thanks to anyone who can help me facing some (many) doubts I still have and/or provide a very basic config to study on...


Giorgio




-----------------------------------------------
Running configuration:

; J4887A Configuration Editor; Created on release #G.07.70

hostname "CORE"
cdp run
module 2 type J4908A
module 1 type J4908A
module 4 type J4893A
interface B1
no lacp
exit
interface B2
no lacp
exit
interface B3
no lacp
exit
interface B4
no lacp
exit
interface B5
no lacp
exit
interface A1
no lacp
exit
interface A2
no lacp
exit
interface A3
no lacp
exit
interface A4
no lacp
exit
interface A5
no lacp
exit
trunk A1,B1 Trk1 Trunk
trunk A2,B2 Trk2 Trunk
trunk A3,B3 Trk3 Trunk
trunk A4,B4 Trk4 Trunk
trunk A5,B5 Trk5 Trunk
ip default-gateway xx.xx.xx.xx
snmp-server community "public" Unrestricted
snmp-server host 192.168.10.240 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A6-A22,B6-B22,D1-D6,Trk1-Trk5
ip address 192.168.0.254 255.255.0.0
exit
vlan 2
name "VLAN2"
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high

ip authorized-managers 192.168.0.0 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.10.254

ip ssh

spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4
spanning-tree Trk5 priority 4
7 REPLIES
Thomas Joebstl
Frequent Advisor
Solution

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Unfortunately you cant use trunking and ip routing at the same time on the 41xxGL.
Better dump that pos and replace it with something a bit more recent - dont use the 26xx for ip routing either, they have a quite limited routing capacity and will switch to software routing when their limited host table gets full.

Everything else looks ok so far. Just keep in mind that the ports for your clients need to be untagged - only use tagged if you connect another switch or nic which supports tagged vlans.
Giorgio Dominici
Occasional Advisor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Thomas, thanks for answering so fast.

what a bad news... that's why they're so cheap right now! unfortunately the company has been investing lots of money into LX minigbics and minigbic chassis module for GL-only on these past two years, so bad.
what could be the purpose of doing vlans into this switch in your opinion if routing is a no go?

anyway, i've seen around a couple of unused cisco 2821 routers with two copper gigabit ethernet that support tagged trunk ports for sure, could i use one of them to do intervlan routing jumping from 4104gl's to 2821's switch fabric? the drowback is i'll have only a 1 or 2gbit bandwith link handle the whole traffic between vlans, or will they just ask to 2821 "where's who" and then the 4104 will manage alone the traffic (quite impossible though)?

sorry for anything stupid i could have posted here and THANKS
OLARU Dan
Trusted Contributor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

DON'T DO ROUTING ON 4104GL!!!!!

You can use it to concentrate L2 traffic from other switches, but buy some Cisco for inter-VLAN routing purpose which has some 4 SFPs, and link it to the 4104GL. This way you can use the investment in GL transceivers.

I would NOT use HP for routing. Period.
OLARU Dan
Trusted Contributor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Thomas Joebstl
Frequent Advisor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Back when I tested a 2821 with iperf (simple routing, no acls etc.) it managed to achieve ~600MBit/s between two hosts. If you need more bandwidth and have the $ get a cisco switch as dan suggested but otherwise the 2821 should work fine (it's supposed to do 170kpps max. with cef).
You'd have to distribute VLANs wisely between both gbit links to distribute the load evenly (at least I dont think there's a way to trunk both gibt links together on the cisco router) and then create a subinterface for each VLAN.

But if you're really dealing with high bandwidth demands I doubt the 41xxGL series is a smart choice to use as each module only has a 2GBit connection to the backplane so traffic between modules will be rather slow compared to intra-module traffic.

Regards,
Thomas
Giorgio Dominici
Occasional Advisor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Thomas,
thanks again for answering.
Unfortunately i still hadn't time to test the setup in real life, apart from quickly moving everyone out from default_vlan to vlan10, anyway i think all this should work like you suggested.
I just checked if i could etherchannel the two gigabits ports on the 2821, but that's a no go. From your experience, could I run HRSP using both of the spare Cisco 2821s I have to enable redundancy and failover for my intervlan routing needs? that would complicate indeed my learning process..!

and just one last question (i promise), if I decide to assign each of my 2626s a "management only" address, will I lose one port on each switch for this? or issuing "management-vlan [vid/vname]" on all switches where that vlan is defined will be enough and then i could reach all of them from my pc, via trunks dot1Q, whose port is on that management vlan too (with all the necessary ip addresses on my ethernet card)?

thank you *very* much
Thomas Joebstl
Frequent Advisor

Re: 4104GL core and 5x 2626 edge, VLAN help needed...

Dear Giorgio,

you could ofcourse use HSRP or somesuch to achieve redundance. I've unfortunately never had the budget to get a pair of devices to play with that but according to my experience the main issue with cisco routers is a misconfiguration and not a hardware fault. Even our ancient 16xx which are EOS/EOL for quite some time already still work nicely.

For your management VLAN you can use VLAN tagging to each switch so you wont lose a port for the connection between them and your core switch. Only ports you'll 'lose' are the additional ports for your management station(s) - unless you put a (e.g. intel) nic which supports vlan tagging into your management pc.

Regards,
Thomas