5406 config

Jef van Eijk · ‎12-25-2008

Hi,

I have a 5406 and want to configure vlan's but i am not able to route between the vlans.

i have one vlan (standard) with ip adres 192.168.1.254 and one with 192.168.10.254 (server vlan)

From devices in the standard vlan i cannot ping any device in the server vlan and back.

Is it possible that the standard vlan is only for management devices?

I have set ip routing on even tryed static route's etc.

serpel · ‎12-25-2008

hi,
for routing to work each vlan need to have an ip and at least one port in those vlans need to be up. then just enable ip routing. now pinging between the vlans should be able.
you only need a static route if you want to go outside of the vlans the switch knows of.
hope this helps.
happy holidays
alex

cenk sasmaztin · ‎12-25-2008

hi Jef

must be ip routing enable on switch

with
config)#ip routing
command

and check ip address vlan member pc

for server vlan member device

ip address :192.168.10.10
subnet mask :255.255.255.0
ip defaut gateway :192.168.10.254

for standart vlan member device
ip address:192.168.1.10
subnet mask 255.255.255.0
default gateway :192.168.1.254

cenk

Jef van Eijk · ‎12-26-2008

Hi,

The problem is that i can even ping the gateway on the other vlan.

So

Vlan 1
ip adress 192.168.1.254 255.255.255.0

Vlan 10
ip address 192.168.10.254 255.255.255.0

I have a untagged port in each vlan with a ip device in that subnet. Ip routing is on.

If i have a server is vlan 10 with ip nummer 192.168.10.17 i can ping 192.168.10.254 but not 192.168.1.254.

serpel · ‎12-26-2008

Hi,
please attach the show run.
what is the default gateway from the device 192.168.10.17. it needs to be 192.168.10.254.
and of course a device in 192.168.1.0/24 need to be up(other then the switch).
if there are devices up look at the sh ip route. the switch should have made the route to the vlans.
alex

cenk sasmaztin · ‎12-26-2008

check default gateway addrees all device
and you must be carefully read my comment

cenk

Jef van Eijk · ‎12-27-2008

ip routing is ON
All devices in the different vlans has the right gateway.

From the switch itself i can ping to all ip adresses, but from a pc to a other vlan not.

it seems that is must activate something to allow routing between the vlan's.

See the attach for config.

serpel · ‎12-27-2008

Hi,
your vlan 1 is a management vlan:
management-vlan 1
this command prevent it from beeing routed even if routing is enabled.
see :
http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ATG-Jan08-2-VLAN.pdf
page 2-54
Routing between the Management VLAN and other VLANs is not allowed.

alex

cenk sasmaztin · ‎12-27-2008

hi ABE
vlan 1 not managemet vlan vlan 1 is default vlan management vlan to be with

dunyacore(config)# management-vlan (vlan id)

command
when this command with declare managemet vlan this vlan not routing all other vlan

managemet vlan possibly any vlan

jef have incorrect config may be pc may be switch

cenk

cenk sasmaztin · ‎12-27-2008

jef you can write

no managemet-vlan 1 command

cenk

serpel · ‎12-27-2008

cenk ;-)

cenk sasmaztin · ‎12-27-2008

ABE :-) sorry can't see attach folder

cenk

serpel · ‎12-27-2008

you are welcome.
have a nice day.
alex

Jef van Eijk · ‎12-27-2008

Hi,

it was the management vlan option.
But how to access the switch trough http without this option?

cenk sasmaztin · ‎12-27-2008

no need for http or telnet access managemet vlan command

management vlan command for security
for unreachable other vlan users managemet vlan

if you can want managemet vlan routing all other vlan you must be remove management vlan command .

cenk

Jef van Eijk · ‎12-29-2008

Thats what i mean. When i disable management the i can't access the siwtch anymore trough http or telnet, only the console.

EckerA · ‎12-29-2008

Hi,
i'm not sure cos we don't use this feature, but i guess now the configuration:
ip authorized-managers 192.168.1.35 255.255.255.255
ip authorized-managers 192.168.1.2
kicks in.
try removing this optinon and retry to connect to the switch via telnet and http.
Alex

Jef van Eijk · ‎12-29-2008

How are you manage your switch then?

EckerA · ‎12-29-2008

sorry,
what i meant was we don't use ip authorized-managers.
of course we manage our switches via telnet.
but i never had any problems to reach a switch via http or telnet without the management vlan.
Alex

proc_1 · ‎01-02-2009

Hi,
when you have a configuration like

ip authorized-managers 192.168.1.35 255.255.255.255

ip authorized-managers 192.168.1.2

you will be able to telnet or http from only
the device with the above 2 ip addresses.

if you want to manage switch from 192.168.1.*
change the mask to 255.255.255.0 or else
add the ip addresses of all devices you want to
access switch through telnet or http by using

ip authorized-managers 192.168.*.*(replace * with your desired IP)
Always make one vlan as your management vlan
(default vlan 1) and never assign this as a user vlan.(don't assign management vlan ip to any user)
anil

Jef van Eijk · ‎01-04-2009

This problem is solved now, but now i have a other one.

I have one 5406 that connects 10 2610 switches. I must set the port in trunk mode but what is the command for that on a 2610?

5406 config

5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Re: 5406 config

Hewlett Packard Enterprise International