Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 4108gl Vlan Help

Netmin
Advisor

Procurve 4108gl Vlan Help

Hi eveyrone,

I have an procurve 4108 gl that im trying to set up with one extra Vlan. I have enabled ip routing, gave the Vlan a IP address, Name, and VID.  I want traffic from this vlan with IP 10.240.16.1 to pass to the default Vlan of the switch which is 10.240.0.30. All the ports are untagged except the 4 i need in the new vlan and I have them tagged for both Vlans. What am I missing? Do i need to add a static route or something else? Any help is greatly appreciated.

21 REPLIES
Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

Hello Netmin,

 

Le me try to ilustrate what is need to have a switch configured with two vlans do the routing between them.

 

Let's say you have vlan 1 with ip network 10.240.16.0/24 and vlan 2 10.240.0.0/24.

The switch vlan 1 interface could have ip  10.240.16.1/24  and vlan 2 ip 10.240.0.1/24 with routing enabled.

One machine connected to a port configured on vln 1, with ip 10.240.16.2/24 and gateway 10.240.16.1 shoul be able to access another machine connected to the switch on a port configured on vlan 2 with ip 10.240.0.2 and gateway 10.240.0.1.

 

If you have something similar to this scenario and it is still not working, please post your switch configuration.

 

Regards

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

I have the switch Ip set to 10.240.0.30 with gatway 10.240.0.8 thats my default Vlan, the Vlan I created is 10.240.16.1. I set up a laptop with ip 10.240.16.2 gateway 10.240.16.1.  In your example that should work right?

Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

That should work if ip 10.240.0.8 and 10.240.16.1 are configured on the switch's respective interface vlan.

 

Those ips are configured on the switch or you have 10.240.16.1 on the switch on the new vlan you created, and 10.240.0.8 on an external device ?

Because if the 10.240.0.8 is an external device you will need to configure a static route on this device for the new vlan you created.

 

Regards.

 

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

10.240.0.8 is our router 10.240.0.30 is the switchs ip, So I need a static route?
Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

Yes, because when the laptop configured with ip 10.240.0.30 sends a packet to 10.240.16.2, the packet will arrive at the router 10.240.0.8 and it does not know how to get to network 10.240.16.0/24.

So you you have to create a static  route on the router instructing it to send any packet for network 10.240.16 to the switch, but you still need to configure an ip adrress on the switch for the old vlan.

 

Let's say you configured ip 10.240.0.9 on the switch for the old vlan, and then you have two options for things to work:

 

1 -  change the default gateway on the clients ont eh old vlan to 10.240.0.9

2 - Create a static route on the router for network 10.240.16.0/24 pointing to ip 10.240.0.9.

 

Regards.

 

Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

I haven't noticed that 10.240.0.30 is the switch IP address on the old vlan.

So all you have to do is to create a static route on the router for network 10.240.16.0 pointign to the switc's ip address 10.240.0.30.

 

regards

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

thanks for your help! The switch has the IP 10.240.0.30 and gateway 10.240.0.8. That is our Watchgueard internal interface for internet. The Vlan I created was 10.240.16.1 Vlan2. I took a laptop and configured it with 10.240.16.2 and default gatway 10.240.16.1. so I need to assign an IP to Vlan1 and add a static route to route between ports on the same switch?

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

thank you now I think were straight.:smileywink:

Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

You just need a static route on the router, because it does know how to get to the new network.

On the switch you don't need to create any router.

 

regards.

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

After reading over our post I think I may have misrepresented my "router" its just a interent firewall not doing any internal routing. I wanted to make the switch route the traffic by turning on ip routing. Any more suggestions? Thanks for the help regardless, documentation is poor at best on setting this up.

EckerA
Respected Contributor

Re: Procurve 4108gl Vlan Help

Hi,

you need a static route at the switch:

 

ip route 0.0.0.0 0.0.0.0 10.240.0.8

 

and you need a route at the device with the ip 10.240.0.8, something like

 

ip route 10.240.16.0 255.255.255.0 10.240.0.30

 

but syntax depends on the device..

hth

alex

Luciano Carvalho
Respected Contributor

Re: Procurve 4108gl Vlan Help

Hello Netmin,

 

If you want to use your switch for routig between the two vlans, all you have to do is make sure the clients use as the default gateway, the ip address configured on the switch for the two vlans. Clients on vlan 1 will use as default gateway ip address 10.240.0.30 and clients on the new vlan will use default gateway 10.240.16.1.

If its not working, there is something not right with the configuration on the switch.

If you want, post the config so we can sugest you some other solutions.

 

regards

 

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

I have the default gateways set as the Vlan IPs for my host I can ping the gateway from Vlan 2 and the Ip of Vlan 1 but nothing else. Heres the config, sorry for the delay we had a long day with down interfaces... Glad its over!!

 

 

 

 

Running configuration:

hostname "HP ProCurve Switch 4108GL"

snmp-server contact

snmp-server location

time timezone -300

cdp run

module 3 type J4862B

module 4 type J4862B

module 5 type J4862B

module 6 type J4862B

module 7 type J4862B

module 2 type J4908A

module 1 type J4908A

module 8 type J4908A

exit

ip default-gateway 10.240.0.8

sntp server 192.43.244.18

ip routing

timesync sntp

sntp unicast

snmpv3 enable

snmp-server community "public" Unrestricted

snmp-server host 10.240.0.25 "public" Not-INFO

snmp-server host 10.240.0.78 "public" Not-INFO

snmp-server host 10.211.55.4 "public"

vlan 1

name "DEFAULT_VLAN"

untagged A1-A22,B1-B22,C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,H3-H22

ip address 10.240.0.30 255.255.240.0

no untagged H1-H2

ip igmp

exit

vlan 2

name "vmkernel"

untagged H1-H2

ip address 10.240.16.1 255.255.255.0

ip igmp

exit

fault-finder bad-driver sensitivity high

fault-finder bad-transceiver sensitivity high

fault-finder bad-cable sensitivity high

fault-finder too-long-cable sensitivity high

fault-finder over-bandwidth sensitivity high

fault-finder broadcast-storm sensitivity high

fault-finder loss-of-link sensitivity high

 

Bottom of Form 0

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

Anyone see anything wrong with the config?

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

The device 10.240.0.8 is just a watchguard firewall, I am only routing internally on the same switch.

Mark Wibaux
Trusted Contributor

Re: Procurve 4108gl Vlan Help

As has been previously mentioned you don't have a default route set on the switch so any device pointing at the switch as a default gateway will not be able to get beyond your network.

The command you need to run on the switch is

 

ip route 0.0.0.0 0.0.0.0 10.240.0.8

 

You also need to make sure that in your watchguard configuration you setup a route to your 10.240.16.0/24 network.

Open up your watchguard in Policy Manager. Go to the "Network" menu and choose "Routes..."

Click add. Set the Type to Network IP. Set the Route to: 10.240.16.0/24. Set the Gateway to 10.240.0.30. Leave the metric as 1.

Save the configuration back to your Watchguard and you are done.

 

Once this is done it wont matter which default gateway you gear is pointing at (either watchguard or 4108gl), both devices know how to get to all of your networks and where to go to get beyond your network.

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

Mark,

The watchguard is just my internet gateway. I am trying to use the switch to route traffic between the two Vlans. Both vlans are one the same switch. Will that configuration allow me to see all devices on both Vlans? I thought by enabling ip routing on the switch it would route the traffic. Is that incorrect?

Mark Wibaux
Trusted Contributor

Re: Procurve 4108gl Vlan Help

Yes IP routing must be enabled so the switch will "route" between vlans. However your host devices need to know how to get to each network. Instead of having to configure every host with every network you generally work with "default gateways" on the device side.

 

I would expect your devices in vlan 2 will be pointing at the switch (10.240.16.1) for their default gateway. They have no worries about getting to the subnet in VLAN 1 because the switch knows both networks. However with your current config they would not be able to get to the internet as the switch doesn't have a "default route". This is why I sugest adding the 0.0.0.0 route to the switch.

 

I would imagine that your devices in vlan 1 are probably set with a default gateway of the watchguard (10.240.0.8). The watchguard is not directly attached to the subnet in VLAN 2 so it doesn't know how to get to it unless you tell it how, which was what I described in my previous post.

 

NOTE: the "ip default-gateway 10.240.0.8" in your switch config only applies to the management interface of the switch. If you enable routing on the switch you must set a default route which is the command I gave you. If you are going to have IP routing enabled you should really remove the ip default-gateway from the config.

Netmin
Advisor

Re: Procurve 4108gl Vlan Help


Mark Wibaux wrote:

Yes IP routing must be enabled so the switch will "route" between vlans. However your host devices need to know how to get to each network. Instead of having to configure every host with every network you generally work with "default gateways" on the device side.

 

I would expect your devices in vlan 2 will be pointing at the switch (10.240.16.1) for their default gateway. They have no worries about getting to the subnet in VLAN 1 because the switch knows both networks. However with your current config they would not be able to get to the internet as the switch doesn't have a "default route". This is why I sugest adding the 0.0.0.0 route to the switch.

 

I would imagine that your devices in vlan 1 are probably set with a default gateway of the watchguard (10.240.0.8). The watchguard is not directly attached to the subnet in VLAN 2 so it doesn't know how to get to it unless you tell it how, which was what I described in my previous post.

 

NOTE: the "ip default-gateway 10.240.0.8" in your switch config only applies to the management interface of the switch. If you enable routing on the switch you must set a default route which is the command I gave you. If you are going to have IP routing enabled you should really remove the ip default-gateway from the config.



HI Mark my first problem I described earlier is that I can't route between Vlans on the same switch. I can't ping any devices from Vlan 1 when im in Vlan 2 or vice versa. I added the routes you suggested but it still wont work.

Mark Wibaux
Trusted Contributor

Re: Procurve 4108gl Vlan Help

Be methodical in your testing.

First start with a device in VLAN 2. Make sure it's default gateway is set to the VLAN 2 IP address assigned to the switch.

Then from that device ping the VLAN 2 IP address on the switch. This should work.

Next ping the VLAN 1 IP address of the switch. If this works then the switch is routing between the VLANs. If it doesn't then there is an issue with the routing on the switch.

Next ping a device in VLAN 1. If you choose to ping the Watchguard make sure that it allows pings from the Trusted interface. If this fails check the default gateway on the device you are pinging. If it is current set to the watchguard temporarily change it to the VLAN 1 IP address of the switch and try the ping again. If this fixes the fault then you have an issue with your routing configuration on the Watchguard.

 

See how some of this goes and let us know the outcome.

Netmin
Advisor

Re: Procurve 4108gl Vlan Help

Sorry for the long delay.... The problem turned out to be I had created the Vlans before i turned on ip routing and for what ever reason the routing didnt work until i blew the config away and enabled ip routing first before I created the Vlans. Thanks for all your help!!