HPE Community
Switches, Hubs, and Modems
1753798 Members
8168 Online
108805 Solutions
New Discussion юеВ

Router help with 2910al

 
SOLVED
Go to solution
Ken Richmond
Advisor

тАО08-06-2010 01:43 PM

тАО08-06-2010 01:43 PM

Router help with 2910al

Hi all,

I'm struggling with config'ing these switches for my new setup. It's been a long time since I've done any routing work and I can't seem to get this sorted. I'm in need of some help.

This is in a lab environment which needs to go into production soon to support our new VOIP project.

I have 5 2910al switches connected via copper interconnect kits. Each switch has an ip address (192.168.0.11-192.168.0.15). Ive removed all ports from the default-vlan and created four additional vlans.

Vlan4 is data (192.168.0.x), vlan 5 is voice (192.168.3.x). Vlan4 is the primary vlan. Both vlans are tagged.

When I connect a laptop with a 192.168.0 address I am able to connect to the switch interfaces at either 192.168.0.11 AND 192.168.3.11 (or .12,.13, .14 and .15).

When I connect a laptop with a 192.168.3 address I cannot see either of the switch interfaces.

This leads me to believe that it's a routing issue. I thought that enabling local proxy arp would help, but when I try to issue the command I get the error "192.168.0.11 can not be switch IP address and route gateway at the same time".

I think I'm running in circle at this point and am starting to worry that I won't get this config'd in time to meet the next stage of the project despite reading what I can find on config'ing the switches to meet my needs. HELP!!

I'm grateful for any assistance you can offer.

Cheers,
Ken



0 Kudos
22 REPLIES 22
Shadow13
Respected Contributor

тАО08-07-2010 09:15 PM

тАО08-07-2010 09:15 PM

Re: Router help with 2910al

Can you post your config here please "show run"
0 Kudos
Manfred M.
Advisor

тАО08-08-2010 11:06 PM

тАО08-08-2010 11:06 PM

Re: Router help with 2910al

Hi Ken!

1.
What will be the Router between the VLANs?
One of the 2910al or an external Router?
If it's one (and only one!) of the 2910al then you must activate routing on that switch with the command "ip routing".
After that routing takes place between all VLANs that have ip adresses on that switch configured.
Every client in your VLAN should then have the IP Address of that switch in the correspondig vlan. On that switch you will probably have to add a default route to your firewall.

2.
"Both VLANs are tagged":
I hope that only the Copper Uplink Ports between the switches are tagged on both sides in all (wanted) VLANs...
All client ports must be untagged in the correct VLAN - PC clients in vlan4, IP phones in vlan5

3.
"When I connect a laptop with a 192.168.3 address I cannot see either of the switch interfaces."
Seems that the port where you connected your laptop is not untagged in the voice VLAN.

4.
You don't need to enable the Proxy ARP Feature.
The Manual says:
Proxy ARP allows a routing switch to answer ARP requests from devices on one network on behalf of devices in another network. Since ARP requests are MAC-layer broadcasts, they reach only the devices that are directly connected to the sender of the ARP request. Thus, ARP requests do not cross routers.

Good Luck!

Manfred
0 Kudos
Manfred M.
Advisor

тАО08-08-2010 11:10 PM

тАО08-08-2010 11:10 PM

Re: Router help with 2910al

1. is not totally clear:
Every client or phone in your VLAN should then have set the IP Address of that switch in the correspondig vlan AS DEFAULT GATEWAY


0 Kudos
Ken Richmond
Advisor

тАО08-09-2010 07:51 AM

тАО08-09-2010 07:51 AM

Re: Router help with 2910al

Thanks so much for your replies. I'm grateful for your input. The routing will be done by the 2910al.

I've learned a few things from your questions. Most notibly that the ports must be untagged for voice and data and that only one switch will act as a router. I'm going to undo some of the changes that I've made to be more inline with your questions then post the config for review.

Cheers!
0 Kudos
Ken Richmond
Advisor

тАО08-09-2010 09:42 AM

тАО08-09-2010 09:42 AM

Re: Router help with 2910al

Manfred,

I'm confused by this:

"Both VLANs are tagged":
I hope that only the Copper Uplink Ports between the switches are tagged on both sides in all (wanted) VLANs...
All client ports must be untagged in the correct VLAN - PC clients in vlan4, IP phones in vlan5


I reset the switches to factory default and started over. When I tried to set my vlan4 and vlan5 as untagged, I get an error saying that only one vlan can be untagged. I'm not sure where to go as this seems to contradict your advice. Suggestions?
0 Kudos
Ken Richmond
Advisor

тАО08-09-2010 11:52 AM

тАО08-09-2010 11:52 AM

Re: Router help with 2910al

Ok... The learning continues.

I've discovered that you can indeed only have one untagged vlan per port to answer any untagged traffic that's generated by devices that cannot tag packets. What was unclear from my original post is that there will only be one port available to each desk for both ip phone and desktop/laptop, so I have untagged vlan4 (data) and tagged vlan5 (voice). Is this the appropriate thing to do?

My switches are connected via J9165A interconnect modules in ports A1 in the commander then A1/B1 in four subsequent member switches.

Here is the current config for the commander switch in my stack:

Running configuration:

; J9148A Configuration Editor; Created on release #W.14.38

hostname "SW0"
module 1 type J9148A
module 2 type J9165A
stack commander "2910alStack"
stack member 1 mac-address 0026F1433700
ip routing
vlan 1
name "DEFAULT_VLAN"
forbid 1-48,A1
no untagged 1-48,A1
no ip address
exit
vlan 4
name "Data"
forbid 1-16
untagged 17-48,A1
ip address 192.168.0.11 255.255.255.0
exit
vlan 5
name "Voice"
forbid 1-16
ip address 192.168.3.11 255.255.255.0
tagged 17-48,A1
exit
vlan 2
name "iNetWild"
forbid 9-48
untagged 1-8
no ip address
exit
vlan 3
name "iNetSafe"
forbid 1-8,17-48,A1
untagged 9-16
no ip address
exit
snmp-server community "public" unrestricted
primary-vlan 4

And here's the config for the first member switch in my stack:

Running configuration:

; J9148A Configuration Editor; Created on release #W.14.38

hostname "SW1"

module 1 type J9148A
module 2 type J9165A
module 3 type J9165A
stack join C09134CAA980
vlan 1
name "DEFAULT_VLAN"
forbid 1-48,A1,B1
no untagged 1-48,A1,B1
no ip address
exit
vlan 4
name "Data"
untagged 1-48,A1,B1
ip address 192.168.0.11 255.255.255.0
exit
vlan 5
name "Voice"
ip address 192.168.3.11 255.255.255.0
tagged 1-48,A1,B1
exit
snmp-server community "public" unrestricted
primary-vlan 4

Should I enable Multicast Filtering and STP or RSTP?

I welcome any comments on this setup. If this looks good then I'll proceed with configuring the three remaining switches and move on to the uncharted world of VLAN Priority :)

Cheers!
0 Kudos
Manfred M.
Advisor

тАО08-09-2010 11:40 PM

тАО08-09-2010 11:40 PM

Re: Router help with 2910al

Hi Ken!

So far so good - I think you are very close to the final conig.

1.
"I have untagged vlan4 (data) and tagged vlan5 (voice). Is this the appropriate thing to do?"
YES that's the right way - you will have to set the Voice VLAN ID on your IP-Phones to VLAN ID 5.
2.
You should set the uplink ports between the switches in VLAN 4 also to tagged.
If you need VLAN2 and VLAN3 on other member switches too they must also be tagged on the uplink ports between the switches.
3.
I don't use (like) stacking in my configurations - I prefer to manage the switches individually with their IP adresses. You have to set a unique IP address on each of the member switches in your Data VLAN so that you can also switch off the stacking. Maybe for security reasons you want to use a separate Management VLAN where you can reach all your switches, but that's your own decision.
4.
Are your member switches connected in a star manner to the main switch? You should try to do this and connect all your servers to the main switch because of performance reasons.
5.
Enabling RSTP (don't use STP) or even MSTP is not necessary if you don't have redundant uplinks - but it can also be a kind of security measure against accidentally connected network loops. (MSTP 802.1s is more sophisticated and allows different instances of spanning tree - especially imported with VLANs - but you should not need it)
6.
QoS in VLAN's:
Maybe you don't need it! The voice stream of the IP Phones runs from phone to phone - usually within the department switch. Only the uplinks and the link to your voice gatekeeper, where the breakout lines are installed maybe critical. One phone produces a data traffic of (only) aprox. 80kbit/s with the best quality codec G.711
Maybe it would be generally a good idea to add an additional uplink and form a trunk between the main switch and each of the member switches for performance and redundancy purpose. You should test this in your lab to get operating experience with trunks (bundled uplinks). Trunks (of course) can carry multiple VLANs.
For QoS you should read the Chapter 5 in the Advanced Traffic Management Guide of the 2910al
7.
You will probably need a default route on your main switch to the external gateway/firewall.
You can set this with the command "ip route 0.0.0.0 0.0.0.0 x.x.x.x" where x.x.x.x ist the ip address of your firewall.

Good luck!

Manfred
0 Kudos
Manfred M.
Advisor

тАО08-09-2010 11:49 PM

тАО08-09-2010 11:49 PM

Re: Router help with 2910al

I have overlooked, that you have installed the 10G CX4 modules on all of your switches - forget about the trunking part in my proposal - that's not interesting for you...
(Why did'nt you buy a modular switch with more ports?)

Manfred
0 Kudos
Shadow13
Respected Contributor

тАО08-10-2010 12:23 AM

тАО08-10-2010 12:23 AM

Re: Router help with 2910al

Add the command "Voice" under the voice VLAN, that will enable LLDP-MED and will help the phones configure the VLANs automatically for there config.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.