HPE Community
Switches, Hubs, and Modems
1753386 Members
6476 Online
108792 Solutions
New Discussion

How to join and office net and industrial net, using a 2910al

 
Viniplanet
New Member

‎12-21-2010 03:15 AM

‎12-21-2010 03:15 AM

How to join and office net and industrial net, using a 2910al

Hello, i have the next configuration below. We have 2 big ethernet net, the office one and the industrial one.
In the industrial ring there is a ring wich several switches. The industrial net has ips ( VLANs) from 10.0.0.0/8
( From 10.2.x.x to 10.3.X.x). In the office net there is a 2910al.
My purpose is to create 2 Vlans in the 2910.
One for the office rangem VLAN 1 : 192.168.1.0/24
The other one VLAN 10, for the industrial range is : 10.0.0.0/8

The main purpose, is to see the vlan10 from vlan 1 and viceversa. Obviously, i have to connect a port from Vlan10 to the industrial switch to get deep the industrial net.

Then
- Do i have to enable ip routing? If yes, The way to do that is writing "ip routing" in a telnet session?
- How should configure vlan 1 and vlan 10?
- Show ip address definition for vlan10 like that: 10.0.0.0/8.



Running configuration:

; J9145A Configuration Editor; Created on release #W.14.03

hostname "ProCurve 2910al-24G Switch"
module 1 type J9145A
ip default-gateway 192.168.1.230
vlan 1
name "DEFAULT_VLAN"
untagged 1-7,9-24
ip address 192.168.1.230 255.255.255.0
no untagged 8
exit
vlan 100
name "lan_pri_zvm"
no ip address
exit
vlan 10
name "industrial"
untagged 8
ip address 10.2.0.100 255.255.255.0
exit
snmp-server community "public" Unrestricted
-- MORE --, next page: Space, next line: Enter, quit: Control-C
0 Kudos
1 REPLY 1
Stephen A Swain
Advisor

‎03-20-2011 11:29 PM

‎03-20-2011 11:29 PM

Re: How to join and office net and industrial net, using a 2910al

Did you figure this out?

2910al is not great as intervlan routing, since it's limited to static and rip routes, plus poor ACLs.

You'd also want to not use Default vlan for anything, use a separate vlan each for 192.168.1.0/24 and 10.0.0.0/8.

Your vlan 10 netmask is incorrect, it should be 255.0.0.0 (/8).

Ip default-gateway only affects you in if not in "ip routing" mode.

"ip routing" will turn it on. Use "sh ip" to confirm.

I suggest you change snmp-server community string, and add in "ip authori manager" settings to restrict access.

"sh ip route" will show your routing table.

If you are using another router as gateway in office, you will need to add a default route to that as well.

If there is a need to control access to the industrial ethernet site due to security concerns, then I'd suggest using some other security router instead of a 2910al. It's a layer 3 lite switch only, not designed for routing security (like an IOS or ASA).
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.