Switches, Hubs, and Modems
1748051 Members
5206 Online
108758 Solutions
New Discussion

HP 2520G Separate 2 vlan with internet browsing ability

 
Chrismo
Occasional Visitor

HP 2520G Separate 2 vlan with internet browsing ability

I set up a 2 two vlan which is below:

Defatult_Vlan: vlan ID 1, 192.168.0.0/24 192.168.0.1 main router gateway IP.

untagged 9

vlan10: vlan ID 10, 192.168.10.0/24 

untagged 1-4

vlan20: vlan ID 20, 192.168.20.0/24

untagged 5-8

Quesiton is how to let vlan10 and vlan20 client pc visit internet but cannot communciate each other?

What is client pc default gateway IP in vlan10 and vlan20 in order to allow them to surf internet?

Thanks.

4 REPLIES 4
akg7
HPE Pro

Re: HP 2520G Separate 2 vlan with internet browsing ability

Hello,

Is the device acting as layer 2 or layer 3 switch?

Can you try to enable 'ip routing'?

Thanks!

 

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Chrismo
Occasional Visitor

Re: HP 2520G Separate 2 vlan with internet browsing ability

Hello, 

Thanks for your reply.

As I know, I can use ip route command.

I have already tried ip route 0.0.0.0/0 192.168.0.1 but in vain. How come? 

Thanks 

akg7
HPE Pro

Re: HP 2520G Separate 2 vlan with internet browsing ability

Hello @Chrismo ,

Is the device acting as layer 2 or layer 3 switch?

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
parnassus
Honored Contributor

Re: HP 2520G Separate 2 vlan with internet browsing ability

I don't believe the HP ProCurve 2500G Series (2510/2520) has required Layer 3 capability thus forget about trying to enable "IP Routing".

Edit: routing should happen at Firewall/Router level (Router should have the SVI paternity)...and there ACL between VLANs should be applied too.

The port to Firewall/Router should be tagged member of  both VLAN 10 and 20. Access port on the switch should be untagged members of VLAN 10 or 20. The client's gateway should point to the SVI on the Firewall/Router.


I'm not an HPE Employee
Kudos and Accepted Solution banner