HPE Community
Switches, Hubs, and Modems
1753856 Members
7107 Online
108809 Solutions
New Discussion юеВ

Re: Help with routing VLANS

 
joemagjr
Occasional Contributor

тАО01-28-2011 09:35 AM

тАО01-28-2011 09:35 AM

Help with routing VLANS

I am trying to configure my switch to allow vlan2 (iscsi) to see traffic on the default vlan (vlan1) on the 2910al switch in order to access a NTP & DNS server.

We currently have a HP5406zl switch (connected to the backbone and this gets us out on the internet via a cisco router) configured with only a default vlan.

Default Vlan тАУ all ports untagged (A1-D-24)
This primary switch connects (from port A5) to a HP2010al-48 switch (on port 47) that contains 3 vlans.

Vlan1 Default_vlan
192.168.1.109 (actual ip of the swicth)
Untagged Ports 12,15,17,19,21,23,25-36,38,40,42,44-48
Tagged Ports 2,6,10,41,43 (part of VLAN2)

Vlan2 тАУ ISCSI
10.10.200.1
Untagged 1-12, 37,39,41,43
(ports 2,6,10,41,43 Nodes need to see traffic on VLAN1 in order to see a DNS and NTP server)

Vlan3 тАУ Vmotion (this vlan is fine & needs to continue to be isolated)
10.10.100.1
Untagged 14,16,18,20,22,24

I think I need to turn on тАЬip routingтАЭ on the 2910al switch. How do I disable this ip-routing if this doesnтАЩt work? What is the proper command through the CLi since I cannot do this in the GUI.

If I turn ip routing on, will this allow the assigned ports from VLAN2 to connect to the DNS & NTP servers that reside on the default Vlan in my current configuration? Does this create a huge amount of traffic on the network.

I also think that I need to set each VLANs proper gateway. Is the gateway the ip address that I have assigned to each VLAN? E.g., vlan 2 ip address 10.10.200.1 subnetmask 255.255.255.0 gateway setting (from the IP configuration screen in the GUI) 10.10.200.1

I also think all nodes connecting to itтАЩs VLAN needs to have it's gateway properly assigned;
e.g., ISCSI SAN would have 10.10.200.1 as the gateway under itтАЩs TCPIP settings.

Since VLAN1 is the default vlan on both switches and carry the same gateway settings (as well as all nodes that connect to both default vlans on each switch), do I need to reconfigure anything on the ports that connect the 2 switches (A5 and port 47)? Or do I need to create an whole new vlan on the 2910al and replace the default vlan with a whole new gateway? If I do this, how do I make sure that this new vlan can access the other switch?

I will be scheduling downtime to actually do this since this is all in production. I do not have any layer 3 switches that I can test this on.
0 Kudos
2 REPLIES 2
Pieter 't Hart
Honored Contributor

тАО01-31-2011 02:38 AM

тАО01-31-2011 02:38 AM

Re: Help with routing VLANS

the following information can be found in many posts on this forum:

1) give each vlan an ip address (and put ports untagged in the vlan)
vlan 1
name "DEFAULT_VLAN"
untagged A1-A4
ip address 192.168.168.1 255.255.255.0
vlan 2
name "NEW_VLAN"
untagged A5-A9
ip address 192.168.0.1 255.255.255.0
exit

2) then enable routing
ip routing
(disable = "no ip routing")

3) if an external router is present add a default route
(eg internet router on default vlan with adress ".2")
ip route 0.0.0.0 0.0.0.0 192.168.168.2

4)
this router must also "know" the subnet behind the switch (a route back)
ip route 192.168.0.0 0.0.0.255 192.168.168.1

5)
hosts in default vlan must have 192.168.168.1 as default gateway
hosts in vlan-2 vlan must have 192.168.0.1 as default gateway
(both to the switch)
The switch redirects traffic to the external router if neccessary.

does this help?

(addjust ports and adresses for your situation)
0 Kudos
EckerA
Respected Contributor

тАО01-31-2011 02:41 AM

тАО01-31-2011 02:41 AM

Re: Help with routing VLANS

Hi,

to turn on routing via cli

conf t
ip routing
wr mem

disable routing with

conf t
no ip routing
wr mem



the clients in vlan 2 needs to have the 10.10.200.1 as there gateway
the cisco router needs a route to vlan 2
ip route 10.10.200.0 255.255.255.0 192.168.1.109
whithout that route the dns and ntp server can't answer

caution... then you all systems on vlan 1 and vlan 2 can communicate..


hth
alex
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.