- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Procurve 2650 - VLAN routing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 12:48 AM
тАО08-20-2007 12:48 AM
Procurve 2650 - VLAN routing
I've setup 2 VLAN's (one for office users-192.168.0.0/24 and one for guests-10.0.0.0/24). I've setup the guest network to get DHCP addresses from the Office DHCP server and I am routing between the two. My router out to the internet is currently on 192.168.0.1.
Everything is working as it should except i dont want to route traffic between the office and guest VLAN's but I do want the guest VLAN to be able to access the internet. I realise that I should probably change the internet router ip onto another VLAN, but when I did that I screwed up the VLAN routing totally. (The router does not respond to TAGGED VLAN requests).
Attached is my current config if it helps.
==================================
Running configuration:
; J4899B Configuration Editor; Created on release #H.08.98
hostname "ProCurve-1"
max-vlans 3
ip default-gateway 192.168.0.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "OFFICE"
ip address 192.168.0.251 255.255.255.0
tagged 50
no untagged 1-49
exit
vlan 2
name "GUEST"
untagged 1-50
ip address 10.0.0.251 255.255.255.0
exit
vlan 3
name "INTERNET"
no ip address
exit
ip route 0.0.0.0 0.0.0.0 192.168.0.1
stack join 0019bb7d1f00
==================================
Help.. I'm stuck.
PS. If i put in "no ip routing" and just put a default gateway on the switch it doesn't send the traffic out?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 01:37 AM
тАО08-20-2007 01:37 AM
Re: Procurve 2650 - VLAN routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 04:05 AM
тАО08-20-2007 04:05 AM
Re: Procurve 2650 - VLAN routing
I suggest you get a proper firewall which either supports VLANs or has more than just one internal interface. Or use a few more of those 20$ soho routers and put each network behind its own NAT gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 05:24 AM
тАО08-20-2007 05:24 AM
Re: Procurve 2650 - VLAN routing
I have 2 of these ProCurve switches. One must be used for the office VLAN (can see all office PC's, printers etc. and access the internet) and one must be used for the guest PC's (no access to office PC's but can access the internet). In the config posted above I am only using the Office and Guest VLANs. Like I said it's working fine except that the guest vlan can route to the office vlan. Do I need to completely redo my config or is there a quick way to block it.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 06:51 AM
тАО08-20-2007 06:51 AM
Re: Procurve 2650 - VLAN routing
There is no way to isolate traffic on the 26xx when ip routing is activated for a particular VLAN (at least I dont know of one), you'd need a more powerfull/capable/expensive switch.
Maybe if your firewall supports at least a DMZ (network, not just a single host) you could (ab)use that for either the office or guest network and disable ip routing on the 2650.
Failing that the cheapest/easiest solution would be to add a soho router inbetween those 2 nets and configure it to block stuff like netbios, maybe the device even allows for more fine grained ip filters.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 04:50 PM
тАО08-20-2007 04:50 PM
Re: Procurve 2650 - VLAN routing
I'm sure about your Firewall capabilities, but most of the firewalls support ACLs.
So your solution is to disable the IP Routing on the 2600 switches, and make both 2600 default gateway is the Firewall.
And on the firewall, you can implement ACLs that allow Guest traffic to Internet only, and whatever you need ....
One more thing, i guess you should delete the Internet Vlan unless you need it for other purpose.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2007 05:31 PM
тАО08-20-2007 05:31 PM
Re: Procurve 2650 - VLAN routing
Wingnut, you may use firewall connected to both VLANs,and no IP routing on switch.Sounds badly, but there is no another way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-04-2007 07:59 PM
тАО09-04-2007 07:59 PM
Re: Procurve 2650 - VLAN routing
Thanks for the tips!