HPE Community
Switches, Hubs, and Modems
1752311 Members
5483 Online
108786 Solutions
New Discussion юеВ

Re: Routing between VLANs on 4208VL

 
SOLVED
Go to solution
Slainte
Occasional Visitor

тАО01-24-2012 03:15 AM

тАО01-24-2012 03:15 AM

Routing between VLANs on 4208VL

hi, 

 

I'm having trouble configuring routing between VLANs on a 4208VL


show run:

 

; J8773A Configuration Editor; Created on release #L.11.20

hostname "HP_CORESWITCH 4208VL"
module 3 type J8768A
module 4 type J8768A
module 2 type J8776A
module 1 type J8776A
ip default-gateway 10.2.32.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
  untagged A1-A4,B1-B4,C1-C24,D1-D24
  ip address 10.2.32.4 255.255.240.0
  exit
vlan 2000
  name "vMotion"
  tagged C19-C24,D19-D24
  exit
vlan 2
  name "PROD_FTS"
  ip address 10.2.48.1 255.255.240.0
  tagged C19-C24,D19-D24
exit
ip route 0.0.0.0 0.0.0.0 10.2.32.1
management-vlan 1
ip ssh

 

 

Hosts on vlan 1 CANNOT ping Hosts on vlan 2 and vice versa.

Hosts on vlan 1 and vlan 2 CAN ping the IP of the switch

Hosts on vlan 1 and vlan 2 CAN ping the default Gateway (10.2.32.1)

I CAN ping the default gateway from the Switch

 

I tried to move the management vlan to a separate vlan, but then I cannot connect to the switch anymore.

 

Host configuration hast been triple checked and seems ok,

 

Any hints?

 

Slainte

0 Kudos
2 REPLIES 2
jguse
HPE Pro

тАО01-25-2012 01:56 AM

тАО01-25-2012 01:56 AM

Solution

Re: Routing between VLANs on 4208VL

Hello Slainte,

 

This is a common issue with misunderstanding the purpose of the Management VLAN.

 

Let me paste the description from the Management Guide...

The Secure Management VLAN: This optional, port-based VLAN establishes

an isolated network for managing the ProCurve switches that

support this feature. Access to this VLAN and to the switchтАЩs management

functions are available only through ports configured as members (page

1-49).

 

Important to note is that this feature is intended to ISOLATE THE VLAN. That means no traffic will go in and out, and that is done on purpose so that no network users can capture your management traffic and thus cause a potential security breach!

The Management VLAN should be set up (if deemed necessary) on a separate VLAN used only for Switch Management purposes. For example you could put a single PC/Server in the Server Room into this VLAN so that it has exclusive Management access to the switch, and your users on the network don't even get the opportunity to try to access the management of your switch (and thus fool around where they shouldn't be), since it won't allow them.

 

Does that make sense? I hope it's pretty clear now :)

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
Slainte
Occasional Visitor

тАО01-25-2012 02:56 AM

тАО01-25-2012 02:56 AM

Re: Routing between VLANs on 4208VL

> Does that make sense? I hope it's pretty clear now :)

Yes it is, thanks for the answer - it's working now :)

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.