Solved: VLAN with HP Procurve and Cisco 2821

Andreas Schmidt_2 · ‎08-20-2006

Hello.

We have a new network infrastructure and want to build nearly 6 VLANs. We have 6 cabinets on 3 stages and uses Procurve 2650 as access-switches and a Procurve 2824 as core. VLAN-Routing and NAT should be done by Cisco 2821. Most of users get their IP-config from DHCP and the way to the internet goes via Cisco 7500. (This router we can not configure by ourselves). I outline the config i think in the attachment. Is this a possible configuration or can i do this much better ?

Thanks
Andreas

Mohieddin Kharnoub · ‎08-20-2006

Hi

No config attached.
Anyway, what you need is a Router-on-Stick for inter-vlan routing, and thats done on Cisco router by using Sub-interfaces, each one has an ip in the same subnet of each vlan, and all sub-interfaces related to one physical Interface doesn;t have an IP.
But, the disadvantages for this solution are:
Â - Single point of failure if only one router used
Â - Single traffic path can become congested
Â - Network topology can cause performance issues

And the other solution is to enable Routing between the Vlans on the Core Switch 2800, and also enable ip-helper address for each vlan, so any client in any vlan can get an IP from a Common DHCP server which has multiple scopes, each vlan one scope.

And then you can NAT on the Cisco router between Inside and Outside.

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

Sorry, i forgot the attachment.

Yes, i know that the Procurve-Core-Switch can rooting too, but without rules i think. And we want to declare some restrictive rules.

Mohieddin Kharnoub · ‎08-21-2006

Hi

In the attached file i can see your network map, it seems fine, and most of the configuration should be done on the Cisco Router and that includes:
1- Enable Inter-Vlan routing
2- Enable access control lists ACLs to control traffic between Vlans and the Network.

You should tag (Trunk) the port between the 2800 switch and the cisco router 2821, and on the Cisco router use the Standard 802.1q not the Cisco's ISL one.

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

Thanks for your answer.

I have configured the VLAN on switches and router and can ping all switches and the router from my notebook in the default vlan. But my clients cannot ping each other and get no ip address from dhcp. I'm sure i have enabled dhcp-relay and the ip-helper address. Any other ideas ?

Thanks in advance
Andreas

Mohieddin Kharnoub · ‎08-21-2006

Hi

If you joined a Vlan other than the default and assigned a static IP on your notebook and gateway , can you ping the router ? or the 2800 default-Vlan Ip address ?
If yes, then it maybe:
1- IP helper address is not enabled on this particular Vlan.
2- Router attribute on the DHCP scope is not configured which points to the IP address of the subinterface of this vlan on Cisco's Router.

If NO, you can;t, then:
- you have to add check your routing between vlans on the cisco Router, and be sure to have a Route back to any vlan other than the default.
- Enable ip default-gateway on all the switches pointing to the Cisco router's IP address of the default-Vlan.

Don;t forget to assign points to the posts that helped you.

Good Luck !!!

Science for Everyone

Mohieddin Kharnoub · ‎08-21-2006

Hi

few more points,
- Be sure to have the Native Vlan of the Cisco router is the same as the ProCurve switch default-vlan.
- I think you should enable the ip helper address in the interface you are using for inter-vlan routing:
Router(config)#interface Ethernet0
Router(config-if)#ip helper-address 171.16.1.2
Router(config-if)#exit

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

That's right. If i joined another VLAN i cannot ping may router as my default gateway. It should be a routing problem, but i only configure a default gateway to our externally router because i think the cisco configure the routing table itself. Don't have configured any ACl for routing, should I ? The attachment ist my actually routing table.

Thanks very much.
Andreas

Mohieddin Kharnoub · ‎08-21-2006

Hi

I want to clarify few points:
- Did you enable ip default-gateway on all switches, with the Cisco's IP address for the native or default-vlan (i assume its 192.168.10.x).
- When you connect by your notebook on another vlan, whats the Gateway ? it should be the IP address of the sub-interface for this vlan on the cisco router ?

Example: if you are in Vlan5, your ip must be in 192.168.60.0/24 range and GW is the Gigabitethernet0/0.5 IP address on the router.

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

I think my problem is understanding default or native vlan on hp or cisco hardware. HP knows default vlan with id 1, which connot deleted but renamed. I have it renamed to network with ip 192.168.1.0. On my cisco router vlan id 1 known as native vlan and bound to interface 0/0 which have no ip-address. I can not create a subinterface with vlan id 1 too and make it to native vlan. So is there a mismatch which could be result in my problems, or ???

Thanks in davance
Andreas

Mohieddin Kharnoub · ‎08-21-2006

Hi

Or, in the last attached file for your routing table, it shows you have assigned an IP for vlan1 subinterface giga0/0.1 with 192.168.10.0 network, this one should have the same range of your ProCurve default-vlan (192.168.1.0) ,
and one more thing, you should have all procurve switches default-gateway to this sub-interface ip address.

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

Yes, but i want to change it to 192.168.1.0, my notebook have 192.168.1.1, my switches have 192.168.1.1x and the router 192.168.1.251. All gateways of the switches (and my notbook) point to 192.168.1.251 and can ping the router. Another client with 192.168.40.123 and gateway 192.168.40.251 can not ping the router ??
And what is with VLAN-ID ? On HP 192.168.1.0 have id 1 and on cisco i can't give the VLAN on the subinterface this id.

A.

Mohieddin Kharnoub · ‎08-21-2006

Hi

See,
Your setup should work fine, but the only thing you should know is that Native Vlan can't carry tagged traffic, as simple as that.
So some people usually change the Native Vlan on Cisco products to accomodate it with their switche's Default-Vlan.

What you need to do it:
- Make the native Vlan on Cisco router=Default-Vlan on procurve switches.
- Create a sub-interface for this native Vlan on the Gigaethernet0/0 port.
- Include this command:
(config)#interface gigabitethernet 0/0.1
(config-subif)#encapsulation dot1q native
- Give this sub-interface an ip address in the same range of the Swithces 192.168.1.0/24
example:
(config-subif)#ip address 192.168.1.240 255.255.255.0

Now, all the 192.168.1.0/24 should have Gateway pointed to sub-interface gigabitethernet 0/0.1 - 192.168.1.240 , not to the router router 192.168.1.251 , because this sub-interface with the others all forms the Inter-vlan Routing in your Network.

Finally, you attached before your network map and i can see one interface between the Cisco router and the Core switch 2825, so whats the router interface ip : 192.168.1.251 ?

Is it for the Gigabitethernet 0/0 that you are using for inter-vlan routing ?
If yes, then it doens't really need an IP address because its SUBINTERFACE gigabitethernet 0/0.1 has an IP.

For me, i understand your network like this, and i hope i'm right so that helped you.
Don;t forget to assing points to posts helped you.

Good luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-21-2006

Sorry,

I'am a little bit confused. The encap-command need a VLAN-Id. It should be 1 to be conform with the Default-VLAN on HP, right ? But ID 1 i can not assign. See attachment.

A.

Mohieddin Kharnoub · ‎08-22-2006

Man, i'm the confused now :)
Can you attach the configuration of the router?

Science for Everyone

Andreas Schmidt_2 · ‎08-22-2006

I think so, i will try it tomorrow. Now it is enough for today.

A.

Andreas Schmidt_2 · ‎08-22-2006

Hello.

Here my router config file. I hope you can see more as i am. Please tell me if you can see other things i should do much better.

thanks
A

Mohieddin Kharnoub · ‎08-23-2006

Hi

Sorry for late reply :)
I checked your config, and it seems fine excpet, you applied a unique VLAN ID (1) to each subinterface with this command :
vlan-id dot1q 1

But we want the sub-interfaces to be in different Vlans.

Just remove the line:vlan-id dot1q 1 under interface gigabitethernet0/0 by:
(config-if)#no vlan-id dot1q 1

Then continue the rest of your configuration.

Hopefully that was a helpful posts from my side, and appreciation can be done by assign points to posts that helped you :)

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-23-2006

Yes, but my original problem still exists.
My notebook has ip 192.168.1.1 (VLAN 1, untagged port), i can ping all switches and the router on all its subinterfaces. DHCP-server has 193.197.34.205 (VLAN 34, untagged port) and can all these ping too. My notebook can not ping the dhcp server and the dhcp server don't see my notebook. But the router don't see my notebook and don't see the server. Because of this problem my dhcp-clients get no address. And i don't know why ! Problem of port-config, routing, ... ?

A.

Mohieddin Kharnoub · ‎08-23-2006

Hi

You have some issues in the network design and configuration because:
" The Native Vlan on the cisco router is 10, and its on Procurve switches is 1 ".

What you can do to solve your problem,:
1- Decide which Vlan should be the Native (default) Vlan.
2- Attach the configuration of the router and ProCurve 2824 core switch, and one of 2650 switches so we can check together.
3- Attach the output of the command: Show vlan on the router to be sure of your sub-interfaces configuration and Vlans.

Now, read this:
http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a00800949fd.shtml

it should help you alot to solve your problem.

Good Luck !!!

Science for Everyone

Andreas Schmidt_2 · ‎08-23-2006

Hello.

I have mismatched something, but no success. I have attached the configuration files of all my componentes. Please look at this and feel free to grumble about my inability.

Andreas

Andreas Schmidt_2 · ‎08-24-2006

Could it be a problem of port trunk between HP switch and Cisco router ?

A.

Mohieddin Kharnoub · ‎08-24-2006

Hi

I checked the configuration, and i have some points:
- You are using a Trunk between the Core switch 2824 and cisco router, this trunk is only one link and it should be at least 2, so i think you are confused by the term TRUNK.
In cisco Trunk is a link carries multiple Vlans and i think that was your target.
All other vendors consider trunk is a Multiple physical lines combined together to form one logical link, for speed and redundancy.

- After you remove the trunk from Port24 on core switch, make it untagged to Vlan1, and tagged to all other Vlans.

And that will be enough for you to start.
Again, this example is very good for better understanding:
http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09
186a00800949fd.shtml

Good Luck !!!

Science for Everyone

VLAN with HP Procurve and Cisco 2821

VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821

Re: VLAN with HP Procurve and Cisco 2821