HPE Community
Switches, Hubs, and Modems
1751832 Members
5356 Online
108782 Solutions
New Discussion юеВ

Intervlan connection with 4204vl

 
SOLVED
Go to solution
jamalator
Occasional Advisor

тАО04-02-2009 12:37 PM

тАО04-02-2009 12:37 PM

Intervlan connection with 4204vl

Hello iam trying to connect all my vlan to vlan3 exept vlan 110 and vlan 110 to vlan 99 i have 9 swith L2 and a 4204vl: this is the config witjh the dhcp:
=============================================
; J8770A Configuration Editor; Created on release #L.10.23

hostname "ProCurve Switch 4204vl"
max-vlans 25
module 1 type J8768A
module 2 type J9033A
trunk B2 Trk1 Trunk
ip default-gateway 172.16.1.253
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "services"
untagged A2-A20,B9-B17,B19-B24,Trk1
ip address 172.16.1.1 255.255.255.0
no untagged A1,A21-A24,B1,B3-B8,B18
exit
vlan 60
name "adaris_data"
ip address 172.16.60.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 61
name "adaris_voip"
ip address 172.16.61.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 90
name "tarik_data"
ip address 172.16.90.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 91
name "tarik_voip"
ip address 172.16.91.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 70
name "douka_data"
ip address 172.16.70.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 71
name "douka_voip"
ip address 172.16.71.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 80
name "atlas_data"
ip address 172.16.80.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 81
name "atlas_voip"
ip address 172.16.81.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 100
name "sbrahim_data"
ip address 172.16.100.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 101
name "sbrahim_voip"
ip address 172.16.101.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 50
name "agdal_data"
ip address 172.16.50.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 51
name "agdal_voip"
ip address 172.16.51.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 110
name "wifi_data"
untagged B18
ip address 172.16.110.3 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 120
name "wilaya_data"
ip address 172.16.120.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 121
name "wilaya_voip"
ip address 172.16.121.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 3
name "internet"
untagged B1,B3-B8
ip address 172.16.3.1 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 99
name "test"
untagged A21-A24
ip address 172.16.99.1 255.255.255.0
ip helper-address 172.16.1.254
exit
vlan 20
name "aragdal_data"
ip address 172.16.20.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 21
name "aragdal_voip"
ip address 172.16.21.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
ip route 172.16.0.0 255.255.0.0 172.16.1.254
dhcp-snooping
dhcp-snooping authorized-server 172.16.1.254
dhcp-snooping vlan 1-121
interface B16
dhcp-snooping trust
exit
spanning-tree Trk1 priority 4
password manager
password operator

============================================

I am stuck please HELP
0 Kudos
3 REPLIES 3
Pieter 't Hart
Honored Contributor

тАО04-03-2009 01:54 AM

тАО04-03-2009 01:54 AM

Solution

Re: Intervlan connection with 4204vl

better post config in attachment.

with "ip routing" active, "ip default-gateway 172.16.1.253" in the switch config will be ignored , you must use "ip route 0.0.0.0 0.0.0.0 " instead.
(not configure default-gateway but default-route wich does the same thing).

then you have "ip route 172.16.0.0 255.255.0.0 172.16.1.254"
but many adresses from 172.16.0.0 are local
vlan 60 ip address 172.16.60.2 255.255.255.0
vlan 61 ip address 172.16.61.2 255.255.255.0
vlan 90 ip address 172.16.90.2 255.255.255.0
vlan 91 ip address 172.16.91.2 255.255.255.0
vlan 70 ip address 172.16.70.2 255.255.255.0
vlan 71 ip address 172.16.71.2 255.255.255.0

you may want to change "ip route 172.16.0.0 255.255.0.0 172.16.1.254"
to "ip route 0.0.0.0 0.0.0.0 172.16.1.254"

many vlan's are only "tagged A1" and no other ports (untagged or tagged).
what's connected to A1?

but then all vlan's will be able to route.
As the 4202 does not support ACL's you cannot limit access between vlan's.
So what you want cannot be done with the 4202
jamalator
Occasional Advisor

тАО04-03-2009 02:32 AM

тАО04-03-2009 02:32 AM

Re: Intervlan connection with 4204vl

Thank you for your reply, on tagged A1 i have 9 procurve 2810-24g. to the different vlan. So event i if i use a router like 2003 server and trunk all my vlan on a port can't i control the trafic with that ? like using ospf or rip to route all the vlan on vlan 3 and vlan 99 ?

Or if you have an other solution iam open :) THANKS you

0 Kudos
Pieter 't Hart
Honored Contributor

тАО04-03-2009 02:40 AM

тАО04-03-2009 02:40 AM

Re: Intervlan connection with 4204vl

If you use a router (or switch) that CAN use ACL's, then you can control trafic to allow only traffic between given vlan's.
with the current switch it's all or nothing.

The switch can do port-based acces-control
If you put different ports in a different vlan than you can configure if this port may communicate with the trunk (A1).
Wich may do almost what you want.

I've no knowledge about w2k3 routing to answer if it's capable of using ACL's
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.