Switches, Hubs, and Modems
1748166 Members
3727 Online
108758 Solutions
New Discussion юеВ

5308 VLan Routing

 
ego1138
New Member

5308 VLan Routing

I thought I understood all this, but, judging by my results, I don't! :)

I've got one 5308 in my network. What my goal is, is two Vlans. Vlan 1 will be my main user network. Vlan 2 will be for production equipment on our factory floor.

I want 3 ports on Vlan 1 to be able to talk to the machines on Vlan 2.

The PCs on Vlan 1 access the internet through our cisco router, and it is set as their default gateway. I don't care/want the PC's on Vlan 2 to be able to get outside our own network.

So, what I've done is, set up the two vlans, given them IP addresses on their respective subnets. I've turned on IP routing.

PC's on Vlan1 are fine. They talk to each other, and the internet, but can't see anything on Vlan 2. Pc's on Vlan2 are fine, and can talk to each other, but can't see anything on Vlan 1.

What am I missing? Is it a tagging/untagging issue?

Any help, or direction would be appreciated.

Thanks
3 REPLIES 3
Kevin Richter_1
Valued Contributor

Re: 5308 VLan Routing

I doubt this is a tagging issue. If tagging was misconfigured, you'd likely have some devices within a given vlan unable to talk to one another.

This is almost certainly a default gateway issue.

The PC's in Vlan 1 are asking their default gateway (the cisco) how to get to Vlan 2 (actually, the IP subnet associated with Vlan 2). The cisco has not been informed of this new vlan/subnet and does not have it in its routing table. Either the traffic is dropped (due to no matching entry in the table) or it is forwarded out to the Internet (due to matching the 0.0.0.0 or default route). Either way, even if a packet (say a ping) from vlan 2 is properly routed by the ProCurve 5308xl to the host in vlan 1, the reply is sent to the cisco which does not have instructions for how to successfully return the packet to vlan 2 (through the interface on the ProCurve).

You'll need to either set those PCs in vlan 1 to use the ProCurve as their default gateway (and have a 0.0.0.0 route on the ProCurve pointing back to the cisco for traffic destined for the Internet) or you'll need to ensure the Cisco has a route pointing to the ProCurve as it's path to the IP subnet which resides in vlan 2 of the ProCurve.

If you follow the second option (PCs in vlan 1 point to the cisco as default gateway and the cisco points to the ProCurve as the route to vlan 2) AND you make sure you do NOT configure a 0.0.0.0 default route on the ProCurve, the PC's in vlan 2 will talk to PCs in vlan 1 but will NOT be able to reach the Internet (same routing table logic - if the destination network is not in the routing table, drop the traffic.) For nearly any other (working) configuration of the routers, you may need to explore using ACL's on either the ProCurve 5308xl or the cisco to block the traffic if you really don't want PC's in vlan 2 to be able to get to the Internet.
Check the cabling. Next, check the cabling again.
ego1138
New Member

Re: 5308 VLan Routing

Okay, that makes sense I guess. One thing just to double check on . . . I did try with one of the PC's on VLAN 1 . . . I added a static route to the PC's routing table that said anything in the IP range of VLAN 2, send that to the Procurve, just so I could test.

I can ping the procurve's IP on VLAN 2 from the device on VLAN 1, but, I can't ping any of the devices on VLAN 2 from it.

I'm assuming then that's because those devices don't have a route back????

I don't have access to make any changes to the Cisco, as it belongs to our head office, so then I guess my only option would be to change everyone's gateway to the procurve then.

Well, thanks for quick reply. I can stop banging my head against the wall then I guess! :)
jasonttl
New Member

Re: 5308 VLan Routing

Hi All

I'm new to this forum as well as VLAN. I have a similar setup as ego1138 but my servers in vlan 1 couldn't ping the PCs in VLAN 2 even though the default gateway of the servers in VLAN 1 as configured to the 5308 switch instead to the router. May I know what went wrong?

Thanks