Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Need help... Can give internet connection

Jimmy de leon
Occasional Advisor

Need help... Can give internet connection


my company is using hp 3400cl. i created 4 vlans including vlan1. the problem is i cant give the 4 vlans internet connection. please help.

heres my config.

hostname "ProCurve Switch 3400cl-24G"
ip access-list extended "vlan2"
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
deny ip 192.168.18.0 0.0.0.255 192.168.19.0 0.0.0.255
exit
ip access-list extended "vlan3"
deny ip 192.168.19.0 0.0.0.255 192.168.18.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
interface 1
access-group "vlan2" in
no lacp
exit
interface 2
access-group "vlan2" in
no lacp
exit
interface 3

-- MORE --, next page: Space, next line: Enter, quit: Control-C
access-group "vlan2" in
no lacp
exit
interface 4
access-group "vlan3" in
no lacp
exit
interface 5
access-group "vlan3" in
no lacp
exit
interface 6
access-group "vlan3" in
no lacp
exit
ip default-gateway 192.168.15.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 7,24
ip address dhcp-bootp
no untagged 1-6,8-23

-- MORE --, next page: Space, next line: Enter, quit: Control-C
exit
vlan 2
name "asiaselect"
untagged 1-3
ip address 192.168.18.1 255.255.255.0
ip helper-address 192.168.15.1
exit
vlan 3
name "ZMG"
untagged 4-6
ip address 192.168.19.1 255.255.255.0
ip helper-address 192.168.15.1
exit
vlan 4
name "webserver"
untagged 8-23
ip address 192.168.17.1 255.255.255.0
ip helper-address 192.168.15.1
exit
11 REPLIES
Mohammed Faiz
Honored Contributor

Re: Need help... Can give internet connection

Hi,

I'm assuming that 192.168.15.1 is your route out to the internet?
You'll need to set a default route on your switch pointing to it:

"ip route 0.0.0.0 0.0.0.0 192.168.15.1"

Also your ACL called "vlan 2" is a bit confused. You have a 'permit any any' followed by a deny statement. That won't actually deny anything so you might want to look at that too.
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection


ok, ill try to do that. thanks...

bout that vlan to acl. ill fix it.

ill post again what will happen
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection

still not working. :( what are the steps you will to have internet sharing?
Shadow13
Respected Contributor

Re: Need help... Can give internet connection

try to ping 192.168.15.1 from the switch if it's working, then try to ping from a client the gateway on that subnet, if working then try to ping the ip address in another subnet, if working fine then i think you need to add routes in the device that has the ip 192.168.15.1 pointing to the vlans, you can configure rip in the switch and the device that is the gateway for the internet coz what's happining now is that the traffic goes to the device (192.168.15.1) but that device doesn't know how to send the traffic back since these subnets are not known to it.

What is that device with the ip address 192.168.15.1 ??
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection


192.168.15.1 is a router.
Shadow13
Respected Contributor

Re: Need help... Can give internet connection

then as i mentioned, you have to options, enable rip on the switch and the router, or just from the router create routes pointing to the vlans on the switch.

One more thing, for this subnet 192.168.15.0 did you configure any ip address on the switch from this range ?? coz from the config you posted i cannot see antyhing.

If you did not then configure an ip address on vlan from that range.

Also where is the router connected ?

if the switch is going to handle routing for the vlans then as mentioned create routes on the router pointing to the vlans on the switch, or you can let the router handle everything by makeing it router on a stick by creating sub-interfaces under the interface that is connected to the switch for each vlan and make that interface trunk, and then tag the switch port connected to the router in those vlans.


Hope this helps
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection


heres my config

i created

vlan 1 webserver port 7-24 192.168.15.0/24
vlan 10 ZMG 192.168.18.0/24 port 1-3
Vlan 20 ASI 192.168.19.0/24 port 4-6

vlan 10 and 20 can connect to vlan 1
vlan 1 can share internet connection to vlan 10 and vlan 20

please help. :(
Shadow13
Respected Contributor

Re: Need help... Can give internet connection

is this new configuration ?

Have you managed to create routes in the router pointing to the vlans on the switch.

Please let me know the exact configuration now on the switch and the router and to which port is the router connected.

Follow the previous recommendation that should work
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection


yeap, i re-configure the hp3400cl switch. heres my config.

hostname "ProCurve Switch 3400cl-24G"
ip access-list extended "vlan10"
deny ip 192.168.18.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "vlan20"
deny ip 192.168.19.0 0.0.0.255 192.168.18.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
interface 1
access-group "vlan10" in
no lacp
exit
interface 2
access-group "vlan10" in
no lacp
exit
interface 3
access-group "vlan10" in
no lacp
exit
interface 4
access-group "vlan20" in
no lacp
exit
interface 5
access-group "vlan20" in
no lacp
exit
interface 6
access-group "vlan20" in
no lacp
exit
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 7-24
ip address 192.168.20.1 255.255.255.0
no untagged 1-6
exit
vlan 10
name "ZMG"
untagged 1-3
ip address 192.168.18.1 255.255.255.0
ip helper-address 192.168.20.13
exit
vlan 20
name "AsiaSelect"
untagged 4-6
ip address 192.168.19.1 255.255.255.0
ip helper-address 192.168.20.13
exit
ip route 0.0.0.0 0.0.0.0 192.168.20.13
Jimmy de leon
Occasional Advisor

Re: Need help... Can give internet connection

i already configure 192.168.18.0/192.168.19.0/192.168.20.0 route
Shadow13
Respected Contributor

Re: Need help... Can give internet connection

Great...

Now to test this, ping from a client to the gateway of that vlan, if sucess then ping to the gateway of another vlan, if success then ping a client on another vlan.

If all working fine then ping the ip address of the router which is 192.168.20.13

If working fine then try the other vlans also.
If not working then the issue with the router not with the switch since intervlan routing is working (if the ping between vlans is working fine as per the tests above)

you can then go to the router and from there try to ping each vlan and check.