HPE Community
Switches, Hubs, and Modems
1753907 Members
8765 Online
108810 Solutions
New Discussion юеВ

VLAN Setup/Issue

 
SOLVED
Go to solution
Tom Hardy
Frequent Advisor

тАО02-14-2008 09:26 AM

тАО02-14-2008 09:26 AM

VLAN Setup/Issue

Hello Everyone,

I am not an expert when it comes to vlans so here i am. My question is how do i get outside to the internet on vlan4? I tired plugging in my computer on A3 but cant access the internet. Also the vlan 1 show 2 different subnets. How do i remove it?

Thanks for all the help in advance. Here is my config and route information.

==========================
Startup configuration:

; J8697A Configuration Editor; Created on release #K.11.11

hostname "vmdCore"
snmp-server location "nocRack"
module 1 type J8702A
module 2 type J8702A
module 3 type J8702A
mirror-port C11
interface A9
power Critical
exit
ip default-gateway 192.168.30.1
snmp-server community "public" Unrestricted
vlan 1
name "dataVlan"
untagged A1-A8,A10-A24,B2-B21,B23-B24,C1-C24
qos priority 5
ip address 192.168.30.2 255.255.255.0
ip address 192.168.250.2 255.255.255.0
no untagged A9,B1,B22
exit
vlan 2
name "voiceVlan"
untagged B1
qos priority 7
ip address 192.168.0.254 255.255.255.0
tagged B2-B23,C1-C24
exit
vlan 3
name "dataVlan2"
untagged A9
qos priority 0
ip address 192.168.200.1 255.255.255.0
ip address 10.10.10.1 255.255.255.0
ip address 192.168.50.254 255.255.255.0
tagged A12
exit
vlan 4
name "trixbox"
ip address 192.168.10.1 255.255.255.0
tagged A1-A7
exit
interface A24
monitor
exit
qos device-priority 204.x.x.x priority 7
qos type-of-service diff-services
spanning-tree force-version RSTP-operation
ip route 204.x.x.x 255.255.255.255 192.168.0.1
password manager
password operator
============================

sh ip route
------------

vmdCore# sh ip route

IP Route Entries

0.0.0.0/0 trixbox 4 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 connected 1 0
192.168.0.0/24 voiceVlan 2 connected 1 0
192.168.10.0/24 trixbox 4 connected 1 0
192.168.30.0/24 dataVlan 1 connected 1 0
192.168.250.0/24 dataVlan 1 connected 1 0
204.14.39.36/32 192.168.0.1 2 static 1 1
0 Kudos
8 REPLIES 8
Jeff Carrell
Honored Contributor

тАО02-14-2008 11:30 AM

тАО02-14-2008 11:30 AM

Solution

Re: VLAN Setup/Issue

the ports in vlan 4 are all set for tagged, unless the computer you plug into on of those ports can speak in tagged mode, you'll need to change those ports to untagged:

in config, in vlan4:
'no tag a1-a7'
'untag a1-a7'

to remove one of the ip addr in vlan 1:
'no ip addr x.x.x.x/y


hth...jeff
0 Kudos
Tom Hardy
Frequent Advisor

тАО02-14-2008 03:54 PM

тАО02-14-2008 03:54 PM

Re: VLAN Setup/Issue

Thanks for the reply.

So i untagged A1-A7 but when i connect my laptop to A5 and set the following tcp/ip settings i cant get out.

ip: 192.168.10.10
subnet: 255.255.255.0
gateway: 192.168.30.1 or 192.168.10.1
dns: 4.2.2.1

Is there something else that i need to do?

Thanks
0 Kudos
Jeff Carrell
Honored Contributor

тАО02-14-2008 05:10 PM

тАО02-14-2008 05:10 PM

Re: VLAN Setup/Issue

well, on those vlan 4 ports, the config should be:
ip: 192.168.10.10
subnet: 255.255.255.0
gateway: 192.168.10.1
dns: 4.2.2.1

can the laptop ping 192.168.10.1? i'm guessing it will...


i missed this the last time i replied - your config does not show any local routing on, which means all the vlans are separate, but vlan 1 will get out to 192.168.30.1...

this switch is basically operating in layer 2 only mode (from what you shown in the config listing)...

so if you want the other vlans to be able to get out, you will need local routing enabled...

then you'll need a route of last resort, defined as a static route in order for the other vlans to be able to get to the 192.168.30.1 device....then you may need a static route in that device in order to get back to the vlans 2-4 networks of this switch (there has been a thread going in the last day or so about this topic too)...

at this point, you need to decide which networks need to go where...and then decide what to route, and perhaps what not to route (which could be adding acl's to block traffic from routing in or out)...

hth...jeff
0 Kudos
Tom Hardy
Frequent Advisor

тАО02-14-2008 09:45 PM

тАО02-14-2008 09:45 PM

Re: VLAN Setup/Issue

got it.

So currently my vlan2 has the following static route:

ip route 204.x.x.x 255.255.255.255 192.168.0.1

I want the vlan2 to go out through the default gateway (192.168.30.1). So what i understand from what you told me i need to do the following things to make it go out the default gateway (192.168.30.1):

1. Enable ip routing
2. Change the static route command to read (ip route 192.168.30.1 255.255.255.255 192.168.0.1)


Would i need to mess with any tagging in this case?

Also can you please give me a some sample commands to accomplish this?

Thanks a bunch :)
0 Kudos
Tom Hardy
Frequent Advisor

тАО02-15-2008 09:59 AM

тАО02-15-2008 09:59 AM

Re: VLAN Setup/Issue

I want to keep the vlans seperate for right now (no access to each other) and just want them all to go out to the internet using the default gateway which is 192.168.30.1.

vlan1:192.168.30.0/24
vlan2(voice):192.168.0.1/24
vlan4:192.168.10.0/24

Do the vlan 2 and 3 automatically go out through the default gateway or do i need setup a nat/static route in the switch or my router?

Jeff, with my laptop tcp/ip settings set to:
port A5 (UNTAGGED on vlan4 now)
ip:192.168.10.10
sn:255.255.255.0
gw:192.168.10.1

I was able to ping 192.168.10.1 but not 192.168.30.1. So im guessing i need to setup a NAT/Route in the switch. If so, would it be as simple as

ip route 192.168.30.1 0.0.0.0 192.168.10.1 ??

Please help??

Thanks
0 Kudos
Jeff Carrell
Honored Contributor

тАО02-15-2008 10:30 PM

тАО02-15-2008 10:30 PM

Re: VLAN Setup/Issue

i see from the thread on proxy arp you've enabled routing now...so some of the answer has been done...

you will need a route out...the flow of an ip route statement is destination network and where to go to get there...so the route of last resort (or liken to a def g/w) would be:
ip route 0.0.0.0 0.0.0.0 192.168.30.1

this says, if i (this switch/router) don't have a destination network in my route table, go to my neighbor...

but remember, in order for neighbor to get back to your other vlans on this switch/router, it may also need some static routes that get you back to this switch/router:
ip route 192.168.10.0 0.0.0.255 192.168.30.2

basically this switch/router points to its next hop neighbor to get out, and the neighbor points back to this switch/router to get to networks it knows about...

now if you want to block traffic between the vlans on this switch/router, you'll need to config acl's to do that blocking...

hth...jeff
0 Kudos
Tom Hardy
Frequent Advisor

тАО02-16-2008 12:40 AM

тАО02-16-2008 12:40 AM

Re: VLAN Setup/Issue

Thanks for the reply Jeff.

So here is my latest config on this switch now:

========================
vmdCore(config)# sh conf

Startup configuration:

; J8697A Configuration Editor; Created on release #K.11.11

hostname "vmdCore"
snmp-server location "nocRack"
module 1 type J8702A
module 2 type J8702A
module 3 type J8702A
mirror-port C11
interface A9
power Critical
exit
ip default-gateway 192.168.30.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "dataVlan"
untagged A10-A24,B2-B24,C1-C24
qos priority 5
ip address 192.168.30.2 255.255.255.0
no untagged A1-A9,B1
ip proxy-arp
exit
vlan 2
name "voiceVlan"
untagged B1
qos priority 7
ip address 192.168.0.254 255.255.255.0
tagged B2-B23,C1-C24
ip proxy-arp
exit
vlan 4
name "trixbox"
untagged A1-A9
ip address 192.168.10.1 255.255.255.0
ip proxy-arp
exit
interface A24
monitor
exit
qos device-priority 204.x.x.x priority 7
qos type-of-service diff-services
spanning-tree force-version RSTP-operation
ip route 0.0.0.0 0.0.0.0 192.168.30.1
ip route 192.168.10.0 255.255.255.0 192.168.30.2
ip route 192.168.30.0 255.255.255.0 192.168.10.1
ip route 204.x.x.x 255.255.255.255 192.168.0.1
password manager
password operator

=========================================

So after adding the additional static routes, i still cant communicate from a computer on vlan4 (192.168.10.5) to a computer on vlan1 (192.168.30.94) and vice versa.

My cisco routers lan IP is 192.168.30.1 which is the set to the default gateway on this router.
Computers on vlan1 (192.168.30.x) have internet access where as i cant even ping 192.168.30.1 from vlan4 computer.(can ping 192.168.30.2)

My understanding is that for outgoing traffic (vlan4 ---> internet), the static route i need to set is:

192.168.30.0 255.255.255.0 192.168.10.1

and for imcoming traffic (internet ---> vlan4) static route would be:

192.168.10.0 255.255.255.0 192.168.30.2

If that is right then i am not sure why i still cant access internet from VLAN4 ....
0 Kudos
Tom Hardy
Frequent Advisor

тАО02-17-2008 08:41 PM

тАО02-17-2008 08:41 PM

Re: VLAN Setup/Issue

found the problem
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.