- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: HP 2626 vlan routing problem
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 12:05 AM
тАО05-13-2007 12:05 AM
HP 2626 vlan routing problem
I have been working a bit with my hp 2626 switch trying to have ip-helper address working but also deny traffic between some vlans and allow between others. My configuration looks as following:
-------------------------------------------
Running configuration:
; J4900B Configuration Editor; Created on release #H.08.106
hostname "ProCurve Switch 2626"
max-vlans 10
ip default-gateway 10.0.254.1
ip routing
snmp-server community "public" Unrestricted
snmp-server host 10.0.1.253 "public"
vlan 1
name "DEFAULT_VLAN"
untagged 25-26
ip address 10.0.254.201 255.255.0.0
ip helper-address 10.0.254.1
no untagged 1-24
exit
vlan 2
name "private"
untagged 1-8
ip address 172.16.0.1 255.255.255.0
ip helper-address 10.0.254.1
tagged 25-26
exit
vlan 3
name "lanparty"
untagged 15-22
ip address 172.16.1.1 255.255.255.0
ip helper-address 10.0.254.1
tagged 25-26
exit
vlan 4
name "servernet"
untagged 9-14
ip address 172.16.3.1 255.255.255.0
ip helper-address 10.0.254.1
tagged 25-26
exit
vlan 5
name "wireless"
untagged 23-24
ip address 172.16.2.1 255.255.255.0
ip helper-address 10.0.254.1
tagged 25-26
exit
ip route 0.0.0.0 0.0.0.0 10.0.254.1
no ip icmp unreachable
no ip icmp echo broadcast-request
spanning-tree
password manager
password operator
---------------------------------------------
The problem is when i deactivate "ip routing" the ip-helper stops working and no dhcp comes out to the clients. Currently i am looking for a way to deny all access from and to the "vlan 5" (wireless) and deny all access to the "vlan 2" (private) and allow access between the others. Any idea on how i get this done ?
Thanks in advance
Rune Ettrup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 04:02 AM
тАО05-13-2007 04:02 AM
Re: HP 2626 vlan routing problem
Another option on the 26xx series would be source-port filters as described in ftp://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap10-Traf-Security-Filts.pdf to prevent the ports in those 2 vlans from communicating with any other port except the one which is connected to the dhcp server.
AFAIK you'd need at least a 3500 series switch to be able to use ACL's based on IP ports/addresses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 04:08 AM
тАО05-13-2007 04:08 AM
Re: HP 2626 vlan routing problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 05:36 AM
тАО05-13-2007 05:36 AM
Re: HP 2626 vlan routing problem
i wrote
filter source-port 1-8 drop 9-24
filter source port 23-24 drop 1-22
port 1-8 is my vlan (private) and port 23-24 is my vlan (wireless). If i understand this correct it should deny all access from any vlan to these two vlans (port 26 is my uplink). But i can still ping computers inside both networks from other vlans, but i can also ping from private til wireless. Any idea what to do
Thanks in advance
Rune Ettrup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 05:51 AM
тАО05-13-2007 05:51 AM
Re: HP 2626 vlan routing problem
----------------------------------------------
C:\Documents and Settings\Administrator>tracert 172.16.0.253
Rute spores til 172.16.0.253 over et maksimum af 30 hop
1 <1 ms <1 ms <1 ms 172.16.1.1
2 <1 ms <1 ms <1 ms 172.16.0.253
Sporing fuldf├Г┬╕rt.
---------------------------------------------
That is from lanparty vlan to private vlan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2007 07:02 AM
тАО05-13-2007 07:02 AM
Re: HP 2626 vlan routing problem
"With routing enabled on the switch, source-port filtering can operate on traffic moving between VLANs as well as within the same VLAN."
first and a few lines below
"Source-port filters have no effect on traffic being routed across VLANs."
so I'm not even sure if it is supposed to work or not.
I hope someone else can shed some more light into that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-14-2007 04:24 PM
тАО05-14-2007 04:24 PM
Re: HP 2626 vlan routing problem
It is only the 2600 that behaves this way - other ProCurve switches with source-port filtering are not affected. I suspect it's a limitation of the chipset used in the 2600.