Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Traffic leaks between vlans, procurve 2626

SOLVED
Go to solution
macrocosm
Occasional Visitor

Traffic leaks between vlans, procurve 2626

I'm out of ideas why this happens.

Vlan 2 have subnet 192.168.1.0/24, with a router at 192.168.1.1, and switch configured with ip in this subnet, so it can reach ntp servers.

I first discovered that a dhcp request in vlan 1 reached vlan 2 and got ip from a router in that net. Then I set up a computer with a 192.168.1.x address in vlan 1, and was able to ping all computers etc in vlan 2, _except_ the gateway.

Problem goes away if I unset the ip address the switch have in vlan 2, but then it won't reach the ntp servers any more.

IP routing is turned off after I noticed the problem, but didn't make any difference.

Switch is configured like this (slightly edited and stripped):

ip default-gateway 192.168.1.1
sntp server x.x.x.x
sntp server y.y.y.y
timesync sntp
sntp unicast
snmp-server community "public"
vlan 1
name "vlan1"
forbid 1-8,19-24
untagged 9-18,25-26
ip address 192.168.255.2 255.255.255.0
no untagged 1-8,19-24
exit
vlan 2
name "vlan2"
forbid 9-26
untagged 1-8
ip address 192.168.1.2 255.255.255.0
exit
vlan 3
name "vlan3"
forbid 1-18,25-26
untagged 19-24
ip address 192.168.254.2 255.255.255.0
exit

...>

no stack
primary-vlan 2
management-vlan 2



ProCurve Switch 2626# show ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
192.168.1.0/24 vlan2 2 connected 0 0
192.168.254.0/24 vlan3 3 connected 0 0
192.168.255.0/24 vlan1 1 connected 0 0

7 REPLIES
cenk sasmaztin
Honored Contributor

Re: Traffic leaks between vlans, procurve 2626

hi

you can make forbid port config on vlans
why ??
forbid port for gvrp you can use gvrp
you want use gvrp(dynamic vlan)you make use vlan id aware ethernet card

you can make connect normal ethernet card to forbit port all forbit port be happen vlan 1 member.

*you want make gvrp (dynamic vlan )on your network gvrp enable on your switch and use vlan aware nic.

*you dont make use gvrp(dynamic vlan)remove all forbid port command.

cenk
cenk

cenk sasmaztin
Honored Contributor

Re: Traffic leaks between vlans, procurve 2626

Tagged Allows the port to join multiple VLANs.
Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. The switch allows no more than one untagged VLAN assignment per port.
No No: Appears when the switch is not GVRP-enabled; prevents the port from - or -joining that VLAN. Auto Auto: Appears when GVRP is enabled on the switch; allows the port to dynamically join any advertised VLAN that has the same VID
Forbid Prevents the port from joining the VLAN, regardless of whether GVRP is enabled on the switch.
cenk

macrocosm
Occasional Visitor

Re: Traffic leaks between vlans, procurve 2626

It doesn't matter if you set ports to no or forbid in static vlan config, according to HP's manual. I just experiemented with that setting, and it stuck.

Can it be some arp-protect setting that is missing?
Matt Hobbs
Honored Contributor
Solution

Re: Traffic leaks between vlans, procurve 2626

Sounds like you have a bridge somewhere between the two VLANs, i.e, a cable that is going from one port in one VLAN plugged into another port in the other VLAN.

Try enabling spanning-tree and see if that blocks any ports and solves the problem.
macrocosm
Occasional Visitor

Re: Traffic leaks between vlans, procurve 2626

I'm sorry to have wasted your time on this, it was the ADSL-modem all the time. It connects 3 different networks to this site, feeds it to 3 ethernetports and it was over those 3 connections the leak took place.

The STP suggestion set me in right direction, thanks.
Matt Hobbs
Honored Contributor

Re: Traffic leaks between vlans, procurve 2626

Not a waste of time at all. I'm sure the next person to run into this problem will find this information very valuable.
Matt Hobbs
Honored Contributor

Re: Traffic leaks between vlans, procurve 2626

And thanks for letting us know what solved it for you. Nothing more frustrating when a person solves their own problem but doesn't go back and tell everyone how they did it!