Community
Switches, Hubs, and Modems
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Intervlan connection with 4204vl

SOLVED
Go to solution
jamalator
jamalator
Occasional Advisor

‎04-02-2009 12:37 PM

‎04-02-2009 12:37 PM

Intervlan connection with 4204vl

Hello iam trying to connect all my vlan to vlan3 exept vlan 110 and vlan 110 to vlan 99 i have 9 swith L2 and a 4204vl: this is the config witjh the dhcp:
=============================================
; J8770A Configuration Editor; Created on release #L.10.23

hostname "ProCurve Switch 4204vl"
max-vlans 25
module 1 type J8768A
module 2 type J9033A
trunk B2 Trk1 Trunk
ip default-gateway 172.16.1.253
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "services"
untagged A2-A20,B9-B17,B19-B24,Trk1
ip address 172.16.1.1 255.255.255.0
no untagged A1,A21-A24,B1,B3-B8,B18
exit
vlan 60
name "adaris_data"
ip address 172.16.60.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 61
name "adaris_voip"
ip address 172.16.61.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 90
name "tarik_data"
ip address 172.16.90.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 91
name "tarik_voip"
ip address 172.16.91.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 70
name "douka_data"
ip address 172.16.70.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 71
name "douka_voip"
ip address 172.16.71.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 80
name "atlas_data"
ip address 172.16.80.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 81
name "atlas_voip"
ip address 172.16.81.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 100
name "sbrahim_data"
ip address 172.16.100.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 101
name "sbrahim_voip"
ip address 172.16.101.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 50
name "agdal_data"
ip address 172.16.50.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 51
name "agdal_voip"
ip address 172.16.51.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 110
name "wifi_data"
untagged B18
ip address 172.16.110.3 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 120
name "wilaya_data"
ip address 172.16.120.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 121
name "wilaya_voip"
ip address 172.16.121.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 3
name "internet"
untagged B1,B3-B8
ip address 172.16.3.1 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 99
name "test"
untagged A21-A24
ip address 172.16.99.1 255.255.255.0
ip helper-address 172.16.1.254
exit
vlan 20
name "aragdal_data"
ip address 172.16.20.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
vlan 21
name "aragdal_voip"
ip address 172.16.21.2 255.255.255.0
ip helper-address 172.16.1.254
tagged A1
exit
ip route 172.16.0.0 255.255.0.0 172.16.1.254
dhcp-snooping
dhcp-snooping authorized-server 172.16.1.254
dhcp-snooping vlan 1-121
interface B16
dhcp-snooping trust
exit
spanning-tree Trk1 priority 4
password manager
password operator

============================================

I am stuck please HELP
0 Kudos
Reply
3 REPLIES
Pieter 't Hart
Pieter 't Hart
Honored Contributor

‎04-03-2009 01:54 AM

‎04-03-2009 01:54 AM

Solution

Re: Intervlan connection with 4204vl

better post config in attachment.

with "ip routing" active, "ip default-gateway 172.16.1.253" in the switch config will be ignored , you must use "ip route 0.0.0.0 0.0.0.0 " instead.
(not configure default-gateway but default-route wich does the same thing).

then you have "ip route 172.16.0.0 255.255.0.0 172.16.1.254"
but many adresses from 172.16.0.0 are local
vlan 60 ip address 172.16.60.2 255.255.255.0
vlan 61 ip address 172.16.61.2 255.255.255.0
vlan 90 ip address 172.16.90.2 255.255.255.0
vlan 91 ip address 172.16.91.2 255.255.255.0
vlan 70 ip address 172.16.70.2 255.255.255.0
vlan 71 ip address 172.16.71.2 255.255.255.0

you may want to change "ip route 172.16.0.0 255.255.0.0 172.16.1.254"
to "ip route 0.0.0.0 0.0.0.0 172.16.1.254"

many vlan's are only "tagged A1" and no other ports (untagged or tagged).
what's connected to A1?

but then all vlan's will be able to route.
As the 4202 does not support ACL's you cannot limit access between vlan's.
So what you want cannot be done with the 4202
Reply
jamalator
jamalator
Occasional Advisor

‎04-03-2009 02:32 AM

‎04-03-2009 02:32 AM

Re: Intervlan connection with 4204vl

Thank you for your reply, on tagged A1 i have 9 procurve 2810-24g. to the different vlan. So event i if i use a router like 2003 server and trunk all my vlan on a port can't i control the trafic with that ? like using ospf or rip to route all the vlan on vlan 3 and vlan 99 ?

Or if you have an other solution iam open :) THANKS you

0 Kudos
Reply
Pieter 't Hart
Pieter 't Hart
Honored Contributor

‎04-03-2009 02:40 AM

‎04-03-2009 02:40 AM

Re: Intervlan connection with 4204vl

If you use a router (or switch) that CAN use ACL's, then you can control trafic to allow only traffic between given vlan's.
with the current switch it's all or nothing.

The switch can do port-based acces-control
If you put different ports in a different vlan than you can configure if this port may communicate with the trunk (A1).
Wich may do almost what you want.

I've no knowledge about w2k3 routing to answer if it's capable of using ACL's
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.