HPE Community
Switches, Hubs, and Modems
1751712 Members
5752 Online
108781 Solutions
New Discussion юеВ

Re: Procurve VLANs and Routing Issues

 
Nigel Lawson
Occasional Advisor

тАО02-11-2009 04:22 AM

тАО02-11-2009 04:22 AM

Procurve VLANs and Routing Issues

Hi,

I'm new to configuring switches, but am getting to grips with it quickly. I've hit an issue with using VLANs. Here's what I have and what I want to achieve.

I have a procurve 2824 which I'm using as a router to pass traffic to a cisco gateway/router. The cisco box and the 2824 are connected via fibre on port 24 of the 2824. I have a procurve 2524 switch connected to the 2824 also.

On the 2824 I have setup a default route to the cisco box. I have given the 2824 an IP address on a private subnet. If I attach a PC to the switch and assign it an IP address the same subnet as the 2824 and use the 2824 as the PCs default gateway, I have access to the internet and all works fine.

Next I decide to add some VLANs. I set up a VLAN, called VLAN78. I give it an IP address (different subnet to the main IP address of the 2824). Now I find that I can only get a PC on this port to work if set the port to 'Untagged' on the switch (setting the PC IP to the same subnet as VLAN78 and using VLAN78 IP as the gateway).

So next I decide to connect the 2524 and see what I can get working. I've found that the 2524 will only route traffic from machines that are on the same subnet as itself. I have set the connecting ports of the two switches (2824 and 2524) to be tagged on all VLANs within them (the 2824 has 3 VLANs and the 2524 just has the default_vlan). This part seems to be working, but like I say, the 2524 will only route traffic to the same subnet as itself.

What I ideally want is VLANs on the 2824 which can communicate between themselves, and then also work from any connected switches, etc. - basically NOT port-based VLANs - to be able to connect a machine on one of the VLANs defined in the 2824, but on any port without configuring the port as 'Untagged' manually per port.

As I said before, it seems tagging is working on the 2824, but the 2524 will only route PCs that are on the same subnet as itself. If I setup VLANs on the 2524, then I have to manually assign each port to it's relevant VLAN. Not acceptable.

Is there a way to do this on the kit I have?
0 Kudos
14 REPLIES 14
cenk sasmaztin
Honored Contributor

тАО02-11-2009 07:27 AM

тАО02-11-2009 07:27 AM

Re: Procurve VLANs and Routing Issues

please send me 2824 and 2524 switch show run print
cenk

0 Kudos
Nigel Lawson
Occasional Advisor

тАО02-11-2009 07:33 AM

тАО02-11-2009 07:33 AM

Re: Procurve VLANs and Routing Issues

I'll create a new post tomorrow and attach them...
0 Kudos
Nigel Lawson
Occasional Advisor

тАО02-12-2009 02:18 AM

тАО02-12-2009 02:18 AM

Re: Procurve VLANs and Routing Issues

Ok, here's the configs of both switches. Just a quick bit of info. Port 19 of the 2824 is linked to port 1 on the 2524. Port 24 of the 2824 is the fibre link to the cisco box. All other ports are to have PCs attached (if possible).

Cheers,
Nigel
0 Kudos
cenk sasmaztin
Honored Contributor

тАО02-12-2009 03:30 AM

тАО02-12-2009 03:30 AM

Re: Procurve VLANs and Routing Issues

; J4903A Configuration Editor; Created on release #I.10.70
hostname "ProCurve Switch 2824"
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-23
ip address 192.168.77.240 255.255.255.0
no untagged 24
exit
vlan 78
name "VLAN78"
ip address 192.168.78.240 255.255.255.0
tagged 19
ip proxy-arp
exit
vlan 172
name "VLAN172"
untagged 24
ip address 172.17.2.38 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.17.2.37


********************************************************

J4813A Configuration Editor; Created on release #F.05.69

hostname "HP ProCurve Switch 2524"

snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 192.168.77.241 255.255.255.0
exit

********************************************************
you can must be on write cisco box static routing command
192.168.0.0 255.255.255.0 172.17.2.38

*********************************************************
2524 only l2 switch 2824 main routing switch
2524 to 2824 uplink port must be vlan 1 untag member all other vlan tag member

all vlan member ip address must be vlan network range and default gateway address must be vlan ip address 2824 switch

2524 switch vlan 1 ip address for only managemet 2524 switch vlan 1 member pc default gateway address must be 2824 switch vlan 1 ip address

if you want create vlan 78 or 172 on 2524 switch no need ip address this vlan
this vlan member default gateway address must be 2824 vlan 78 and 172 ip address

good luck
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО02-12-2009 03:38 AM

тАО02-12-2009 03:38 AM

Re: Procurve VLANs and Routing Issues

for example I create vlan 78 on 2524 switch



; J4903A Configuration Editor; Created on release #I.10.70
hostname "ProCurve Switch 2824"
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-23
ip address 192.168.77.240 255.255.255.0
no untagged 24
exit
vlan 78
name "VLAN78"
ip address 192.168.78.240 255.255.255.0
tagged 19
ip proxy-arp
exit
vlan 172
name "VLAN172"
untagged 24
ip address 172.17.2.38 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.17.2.37


********************************************************

J4813A Configuration Editor; Created on release #F.05.69

hostname "HP ProCurve Switch 2524"

snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 11-26
no untagged 1-10
ip address 192.168.77.241 255.255.255.0
exit

vlan 78
name "VLAN78"
untagged 1-10
tagged 19
exit

vlan 78 and vlan 1 member pc default gateway address must be 2824 vlan ip address

**for example 2524 switch vlan 78 member pc

ip address 192.168.78.22 255.255.255.0
default gateway 192.168.78.240
cenk

0 Kudos
Nigel Lawson
Occasional Advisor

тАО02-12-2009 06:00 AM

тАО02-12-2009 06:00 AM

Re: Procurve VLANs and Routing Issues

The configuration you have given me for the 2524 does not work how I would like it to. Basically, if I run that config on my 2524, I find I can put 77 subnet machines on ports 11-26 and they work fine. I can then put 78 subnet machines on ports 1-10 and they work fine. But if I put a 77 machine on ports 1-10 or a 78 machine on ports 11-26, no traffic will flow.

I need to be able to put 77 and 78 machines on ANY port (except the link to the 2824 port) without defining which port belongs to which subnet.

Any more ideas?
0 Kudos
cenk sasmaztin
Honored Contributor

тАО02-12-2009 06:37 AM

тАО02-12-2009 06:37 AM

Re: Procurve VLANs and Routing Issues

my config is static vlan

if I true understand your need dynamic vlan on 2524 switch

for dynamic vlan configuration to be two method

use gvrp config

for gvrp config your need gvrp aware network interface card on pc


use 802.1x dynamic vlan config

needed install radius server on your system
each domain user dynamically appoint own vlan with radius remote active directory roles
cenk

0 Kudos
Nigel Lawson
Occasional Advisor

тАО02-12-2009 06:42 AM

тАО02-12-2009 06:42 AM

Re: Procurve VLANs and Routing Issues

Hmm, so it seems I can't achieve a dynamic vlan with this equipment then?

It's odd as I have a very old Intel router in production that is handling VLANs fine by itself, with a number of HP procurve switches connected to it running just their simple config with one VLAN (default_vlan). And everything works fine there.

This is what I wanted to replicate on the 2824, but it seems it's not built for this.

Thanks for your help.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО02-12-2009 06:47 AM

тАО02-12-2009 06:47 AM

Re: Procurve VLANs and Routing Issues

first thing to understand is the difference between routing and communication between vlan's.
using vlans is a way to sepparate traffic so only devices in the same vlan can communicate.

second
>>> I've found that the 2524 will only route traffic from machines that are on the same subnet as itself. <<<
thats just the point of subnetting, you need an ip-adress in the same subnet to communicate.
To communicate between two subnets, you need two ip-adresses (one in each subnet) or do this using another device (a router).

in your example if the 2524 is in subnet77/vlanX, including all ports, then all devices within subnet77 can communicate
- with eachother
- with the switch
- and the switch can route to the external router.

all subnet78 devices connected to the 2524 are connected to vlanX!!!! (not vlanY) and are able to communicate with eachother but not route to an external subnet.

The function you seem to need, I would describe this as "assigning a vlan based on ip-adress" is not commonly used (if possible at all).

you have the options of assigning a vlan based on
1) map a fixed vlan to a port
2) MAC-adress
3) user-authentication
4) configure the port to assign both tagged vlan's AND find a way to configure the connected host to use vlan"tagged" packets.
this depends on the driver of the networkcard.
this is sometimes an add-on (not in the standard driver)
Broadcomm calls this BACS (Broadcom Advanced Control Suite, which also allows teaming.

you don't need both switches to route.
you can assign one switch as the router between vlan's (and public router) and configure the link between the switches to pass both vlan's! (allready done that)
but you do have to make both vlan's known on the 2524, either port-based (PVID/untagged) or one of the other methods.

hth
Pieter
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.