- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- VLAN problem
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2007 03:29 AM
тАО06-18-2007 03:29 AM
VLAN problem
Im trying to add a VLAN to an already existing network and changing the speed of fiber transfer between two equipments at the same time. Maybe not the best idea, but it shoudnt be a problem as far as I know. :)
We previously used a 2424M switch connected via a J4112A 100Mb/s fiber module to a 2524 switch which had a 100Mb/s J4853A module plugged-in.
We wanted to use a 2824 instead of the 2424 and have a 1Gb/s link between it and the existing 2524.
To this end, we bought a mini-Gbic tranciever (J4858B) for the 2824, and plugged in a J4131B in our 2524.
The network, so to speak, works ; we got link and traffic.
We had 3 VLANs using private addresses and when trying to add another one, we couldnt get it to work.
This new VLAN is in fact directly connected to our Internet router.
If we remove all the previously existing VLANs and only leave the one we try to add, it works. As soon as we add another one, it ceases to.
Im a bit confused as I dont see what could cause such a behaviour. Apart from the fact we cant use a management adress on this particular VLAN since its using public addressing, I fail to see which specificity it has.
So, we tried reinstalling the 100 mb/s devices and restored the original VLANs hoping to get closer to the solution. This works but once we try to add that particular 'internet' VLAN, the issue resurfaces.
Thanks in advance for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2007 03:31 AM
тАО06-18-2007 03:31 AM
Re: VLAN problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2007 05:48 AM
тАО06-18-2007 05:48 AM
Re: VLAN problem
The 2500 is a layer-2 only switch, so somewhere some device has to handle the routing between the various VLANs. If everything works when you have only one VLAN, its possible that there's no route available to your new VLAN. When you collaps the network to a single VLAN, everything still talks.
The intermediate router that handles the inter-VLAN traffic needs to be on all of the VLANS, including the new one. It either needs a single, tagged interface on all VLANS or multiple interfaces on one VLAN each. It will also need a default route that points it to the internet router.
If the internet router is on multiple VLANs, its possible that the router is not configured with the VLAN information to deal with tagged packets. It will also need to do the tagging on the packets it sends back into your network.
The 2800 can changes the rules somewhat, because it is a layer 3 switch. However, if you are not using the layer 3 features, then the above still applies.
Also, not to belabor the obvious, the interlink between the two switches must always be tagged, and must always be a member of all VLANs on the switches. So when adding the new VLANs, make sure the interlink port is on that VLAN on both ends.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2007 08:41 PM
тАО06-18-2007 08:41 PM
Re: VLAN problem
What i meant by "couldnt get it to work" is that the VLAN is present, and ports are tagged accordingly, but we cant ping anything through it. We addded it to the others but couldnt get anything to pass through it.
I made a little scheme in the attachment so that you can see how our network configuration looks like.
Its very classic and it seems to me that the ports have been tagged the right way.
For for helping.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2007 07:03 AM
тАО06-19-2007 07:03 AM
Re: VLAN problem
I am almost certain that your problem is at layer 3 with the IP routing. (Or whatever layer 3 protocol you are using.) Either your VLAN 1-3 devices don't have the proper routing information to reach VLAN 4, or the router on VLAN 4 does not have the proper routing information to get back to VLANs 1-3. Here are some questions to ponder:
What are the IP subnets assigned to the VLANs?
What is the default gateway on the VLAN 1-3 devices?
What device owns the default gateway IP?
What routing protocols -- if any -- are on the internet router?
Try doing a ping and a traceroute from both directions. That is, going from a VLAN 1 device to the router, and try going from the router back to the VLAN 1 device. Make sure that the router isn't trying to reach the internal networks via the external interface.
For a simple stub configuration, the internet router would not need to run any routing protocols. It would have a default route pointing to the ISP, and one or more static routes pointing to the internal subnets. If the router cannot see the internal gateway to the VLANs, then this would be causing your problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-21-2007 03:07 AM
тАО06-21-2007 03:07 AM
Re: VLAN problem
The VLANs arent supposed to communicate with each other. We're using a router/firewall (a PC with IPCop installed namely) to allow the users to access the internet. So typically you would access that firewall from VLAN 1 and the 'Internet' network would be on VLAN 4. VLANs 2 and 3 are connected to another IPCop machine and this works at the moment.
There are no outbound limitations whatsoever on the firewall itself, its only here to act as a modem and protect the network from external attacks.
Our Internet router, on the top of the scheme is in bridge mode, so its only there to give us web access.
That said i think you're probably right, routing is probably not working properly.
Thanks for the help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2007 09:09 AM
тАО06-22-2007 09:09 AM
Re: VLAN problem
Each internal VLAN 1-3 has its own IPCop server that all systems within that VLAN use that as the default gateway. The external interface of each IPCop server will be on VLAN 4, which also has the internal interface of the internet router. The IPCop servers will only need a default route pointing to the internet router, since they will see their respective VLANs as local (direct-attached) routes. The internet router will have a default route pointing to the upstream ISP, and will need to have static routes for each of the VLANs pointing to the respective IPCop server.
At this point, if you want to isolate your VLANs, you will need to add firewall rules. Otherwise, the internet gateway will bounce traffic from one IPCop server to another with ICMP re-directs. On the other hand, if you *want* inter-VLAN communication, it would be best to add static routes in the IPCop servers to avoid the ICMP re-directs.
From a layer 2 perspective, the IPCop servers' external interface and the internet router internal interface must all be on VLAN 4. If this VLAN is on seperate switches, then the switch interlinks must also be members of this VLAN and tagged. This also implies they must be on the same IP subnet.