Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

4109GL VLAN setup

SOLVED
Go to solution
Leonard Slebodnik
Occasional Advisor

4109GL VLAN setup

I am trying to setup some VLANs in our network. I have a test ProCurve 4108GL set up connected from port 1 to a linksys router that has an cable modem connection. Out of the box everythign works fine and as expected.

When I try to add VLANS into the picture I get the feeling I am missing something. HEre is what I have for a setup directly from the switch terminal window:

ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24
ip address 192.168.1.10 255.255.255.0
no untagged B1-B24
exit
vlan 2
name "VLAN2"
untagged B1-B24
ip address 192.168.2.10 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.1

With this if I have a PC on VLAN 2 I can ping both VLAN ips but I cannot ping 192.168.1.1 or any PC on the other VLAN. I manually se the IP on the PC to 192.168.2.100 with a gateway of 192.168.2.10. Obviously internet browsing doesn't work either.
12 REPLIES
serpel
Trusted Contributor

Re: 4109GL VLAN setup

hi,
you need a static route at your linksys router.
something like:
ip route 192.168.2.0 255.255.255.0 192.168.1.10

hth
alex
Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

I thought the 4108gl would route between the VLANs if you assigned them an IP Address and turned on routing.
Gerhard Roets
Esteemed Contributor

Re: 4109GL VLAN setup

Hi Leonard

I suspect your PC's in Vlan 1 is pointing to 192.168.1.1 as their default gateway ?

So yes you need to tell 192.168.1.1 how to get to Vlan 2. Since the routes is not automatically redistributed. For that you would need a routing protocol. And well this setup is just to simple to warrant anything except a static route like ABE explained.

HTH
Gerhard
Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

Thanks! That did make it work.

However. I am doing this in preperation for a much larger implementation using multiple switches and VLANS talking to our production 4108GL.

What is needed for the Procurve to do the routing? How would I have to set up my VLANS?
Gerhard Roets
Esteemed Contributor

Re: 4109GL VLAN setup

Hi Leonard

Assuming your production 4108 is the default gateway for all your devices in your lan/lans.

Something similar to the above. You might just need multiple routes, added to your linksys in stead of just the one.

Off course this depends on the scope of the network. :)

You might need to look at the nat settings on you linksys.

HTH
Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

In my prduction enviroment I have a SonicWall as the default gateway for our subnet.

If I wanted the 4108 to be the default gateway and forward to the SonicWall, or Linksys in the case of my test setup, would I add the routes to the 4108? Should they aready be there after I add the VLAN? That is the confusing part for me. If I am going to route with the Sonicwall anyway going through the trouble of VLANing seems like less of a necessity when the firewall is going to be doing all the work.
Gerhard Roets
Esteemed Contributor

Re: 4109GL VLAN setup

Aha

Now on the SonicWall ( I have no idea of the mechanics of how ) that is where you would add the routes back.

Since the SonicWall knows how to get to the internet, but it does not know how to get to the networks in you LAN behind the 4108. So you need to tell the Sonic Wall how.

On the 4108 you would add a default route to the internet via the sonic wall.

Then you point your clients to the 4108 as their default gateway.

Now me personally ... i would put the Sonicwall in its own little vlan to avoid ICMP redirects from the 4108 :) for hosts in the same vlan as the SonicWall.

Again double check the NAT rules and FireWall rules on your SonicWall before implementing it.

Does this help?

Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

Yes, that makes it somewhat clearer. I was just lead to beleive that the 4108 should be able to route between 192.168.1.x and 192.168.2.x without the need for an external router.



So how would the CLI commands differ from what I have above?
Gerhard Roets
Esteemed Contributor

Re: 4109GL VLAN setup

Hi Leonard

The 4108 does route without the need for an external router. But it does not know how to get ourside without you adding a static default route
ip route 0.0.0.0 0.0.0.0 192.168.1.1

The Sonicwall ... you will have to figure that one wihtout my help :) But the same concept as for the linksys.

So basically you are just telling the two devices about the routes behind one another :)
Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

Thanks for your patience with this! As you can see above I entered

ip route 0.0.0.0 0.0.0.0 192.168.1.1

in the switch when I se it up. So I would then need to add the return route to the firewall for each subnet correct? I think i understand now that the Linksys box is not going to know where the 2.X subnet is unless I tell it where to look. Someties it takes me a whiel to catch on! ;)
Gerhard Roets
Esteemed Contributor
Solution

Re: 4109GL VLAN setup

Perfect :)
Leonard Slebodnik
Occasional Advisor

Re: 4109GL VLAN setup

added route back to subnet on internet router.