HPE Community
Switches, Hubs, and Modems
1751735 Members
5402 Online
108781 Solutions
New Discussion юеВ

Re: Trouble with additional VLAN

 
SOLVED
Go to solution
Daniel Friedhoff
Advisor

тАО10-07-2008 11:48 AM

тАО10-07-2008 11:48 AM

Trouble with additional VLAN

I closed a previous thread thinking I had things resolved... Now I'm back to the drawing board and trying to keep things simple.

I have a Sonicwall Pro 2040 enhanced that is my gateway to the internet. Inside, the net is 10.0.0.0/24, and spans across six IDFs. Behind the Sonicwall I have a 2900-24, 2900-48, and several 1800-24's.

My goal is to get each IDF on it's own VLAN.

Presently I have static routes added to the Sonicwall to direct VLAN traffic to the 2900-24. 10.10.1.0/24, .2.0/24, .3.0/24, etc., all point back to 10.0.0.2 (2900-24). The idea was that until I can get everything looking at the switch, at least the traffic isn't dropped...

So with the config below, VLAN 11 works. I have a test port configured as untagged, and when I connect to that port my DHCP server gives me a correct address and I can talk to the GW address for that VLAN, the main switch, the firewall, and hosts inbetween. I can also ping the second VLAN gateway. If I connect to the other test port untagged VLAN 12, I get an IP from the VLAN 11 subnet and can't talk to anything.

It's almost as if my DHCP server, once assigning an address to a VLAN'd PC, can't determine there are additional VLANs in place.


Ideally, the 2900-24 will feed four IDF's, and the 2900-48 will feed the last two. They are not stacked, but do have the two 10Gb connections trunked.


I'm not sure where to look. I've been through these forms and searched the documentation, which has lead me to make a variety of changes to the config both via the CLI and web interfaces (some are CLI only)...


Any help / suggestions would be appreciated. Thanks!


Running configuration:

; J9049A Configuration Editor; Created on release #T.13.23

hostname "MDF-2900-24G"
snmp-server location "MDF-LB-2nd-Floor"
web-management management-url ""
time timezone -400
time daylight-time-rule Continental-US-and-Canada
module 1 type J86xxA
module 3 type J90XXA
trunk A2-A3 Trk1 Trunk
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 1-8,10-15,17-24,A1,A4,Trk1
ip address 10.0.0.2 255.255.255.0
no untagged 9,16
exit
vlan 11
name "IDF-1"
untagged 9
ip helper-address 10.0.0.5
ip address 10.10.1.1 255.255.255.0
exit
vlan 12
name "IDF-2"
untagged 16
ip helper-address 10.0.0.5
ip address 10.10.2.1 255.255.255.0
exit
no stack
no ip ssh
spanning-tree
spanning-tree Trk1 priority 4
password manager
0 Kudos
6 REPLIES 6
Pieter 't Hart
Honored Contributor

тАО10-08-2008 12:32 AM

тАО10-08-2008 12:32 AM

Re: Trouble with additional VLAN

you may look again at the dhcp-config instead of the switch-config
the dhcp-server knows nothing about vlans, and need not to be configured for vlans.
It must know about subnets!
the router ties subnets together.

- for each subnet you need to create a different scope
- each scope provides it subnet a range of adresses
- the gateway in a vlan/subnet is configured a ip-helper (which you did)
- each scope must supply the default gateway within its own subnet to the client.

scope-11
adresses 10.10.1.10-10.10.1.99
default-gateway 10.10.1.1
scope-12
adresses 10.10.2.10-10.10.2.99
default-gateway 10.10.2.1

hope this helps
Pieter
0 Kudos
Daniel Friedhoff
Advisor

тАО10-08-2008 08:06 AM

тАО10-08-2008 08:06 AM

Re: Trouble with additional VLAN

Thanks for the reply, Pieter.

I've re-examined my DHCP setup and feel pretty good about it.

After reviewing documentation again, I reconfigured both switches and seem to have things working. IDF 6 is a new facility, so I brought them up on VLAN 16, and then used a couple PC's to test other VLANs.

I suspect the issue I was having (moving my laptop from VLAN to VLAN for testing) is related to ARP cache and the switch's MAC database - I need to look into that.

My config is attached, and I'd like some feedback about providing routing services on the 2900-48 in addition to the 2900-24.

I'd like to have some redundancy, and I'd like to keep routing for the attached IDF's in the local switch rather than passing the traffic up to the 'main' switch.

2900-24 has four IDFs attached. 2900-48 has two IDFs attached. The two switches are connected via the two 10Gbps ports (trunked).

Thanks!
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-08-2008 11:54 PM

тАО10-08-2008 11:54 PM

Solution

Re: Trouble with additional VLAN

ok so the dhcp-question is resolved?

and you have a new question about routing locally?

this should be no great problem.
to change the routing function for a single vlan from one switch to the other you simply have to exchange the "ip adress ..." and "no ip adress" rules for a vlan. (also move the "ip helper to the new router)

after that you need the routers to communicate. So on the second switch
add "ip routing" and add a default-route to reach the other subnets. (the 10.0.0.1 should allready know about all subnets).
Pieter 't Hart
Honored Contributor

тАО10-09-2008 12:59 AM

тАО10-09-2008 12:59 AM

Re: Trouble with additional VLAN

i forgot to add something in my example
if you move the routing function of vlan13/10.10.3.0 to the other switch
the the default gateway 10.0.0.1 also needs to know about this
it now probably routes all trafic for vlan13/10.10.3.0 to 10.0.0.2 (switch-1)
this should be changed to 10.10.0.3 (switch-2 as the new router for the subnet).
Daniel Friedhoff
Advisor

тАО10-11-2008 03:27 AM

тАО10-11-2008 03:27 AM

Re: Trouble with additional VLAN

Pieter,

Thanks again for your reply.

I've adjusted my config as you suggested and all seems to be well.

I appreciate your assistance!
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-12-2008 05:38 AM

тАО10-12-2008 05:38 AM

Re: Trouble with additional VLAN

Glad to be of help, and thanks for the points.
Pieter
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.