Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

check config and help 2X 5406zl + 17 X 2610

SOLVED
Go to solution
andé
Occasional Visitor

check config and help 2X 5406zl + 17 X 2610

Hello,

We just received our new hp cores and switch.

The configuration must be like this.
2 cores 5406zl(core1 and core2) using:
- Redundancy
- Load balancing
- Radius mac auth to authentificate client pc's.

all our servers got 2 nic (teaming in same ip). One nic connect to core1 and the other one to core2.

2610 are linked to both cores (one link to core1 and the other to core 2.

Description of ports for tests:
A1-A24 unused
B1-B4 Trunk between both cores
B5-B12 used to link switchs
B13-B24 unused
C1-C12 unused
C13 link to windows 2003 (AD, DHCP, DNS, IAS) 30.130.2.21
C14-C16 are servers in vlan 3
C17-C20 are servers in vlan 4
C21-C24 are servers in vlan 5
D1-D12 unused
D13-D24 mac auth radius on client directly connected to cores

we have 11 vlans

This is our platform test environnement.

Here is the configuration i have done for core 1: (core2 is attached to this post)


; J8697A Configuration Editor; Created on release #K.13.51

hostname "COEUR1"
ip access-list standard "1"
10 deny 30.130.3.0 0.0.0.255
20 deny 30.130.5.0 0.0.0.255
30 deny 30.130.6.0 0.0.0.255
40 deny 30.130.7.0 0.0.0.255
50 deny 30.130.8.0 0.0.0.255
60 deny 30.130.9.0 0.0.0.255
70 deny 30.130.10.0 0.0.0.255
80 deny 30.130.12.0 0.0.0.255
90 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "3"
10 deny 30.130.2.0 0.0.0.255
20 deny 30.130.100.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "5"
10 deny 30.130.6.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "6"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "7"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "8"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "9"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "10"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.9.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit

ip access-list standard "12"
10 deny 30.130.100.0 0.0.0.255
20 deny 30.130.2.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit

module 1 type J8706A
module 2 type J8702A
module 3 type J8702A
module 4 type J8702A

trunk B1-B4 Trk1 Trunk

ip default-gateway 30.130.1.1

ip routing

snmp-server community "public" Unrestricted
snmp-server host 30.130.100.10 "public"

vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B13-B24,C1-C12,D1-D24
ip helper-address 30.130.2.21
ip address 30.130.100.1 255.255.255.0
tagged B5-B12,Trk1
no untagged C13-C24
ip access-group "1" out
exit

vlan 2
name "SERVEURINTRA"
untagged C14-C16
ip address 30.130.2.1 255.255.255.0
tagged B5-B12,C13,Trk1
exit

vlan 3
name "SERVEUREXTRA"
ip address 30.130.3.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "3" out
exit

vlan 4
name "SI"
untagged C17-C20
ip helper-address 30.130.2.21
ip address 30.130.4.1 255.255.255.0
tagged B5-B12,Trk1
exit

vlan 5
name "DIRECTION"
untagged C21-C24
ip helper-address 30.130.2.21
ip address 30.130.5.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "5" out
exit

vlan 6
name "DBAT"
ip helper-address 30.130.2.21
ip address 30.130.6.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "6" out
exit

vlan 7
name "NRB"
ip helper-address 30.130.2.21
ip address 30.130.7.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "7" out
exit

vlan 8
name "FH"
ip helper-address 30.130.2.21
ip address 30.130.8.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "8" out
exit

vlan 9
name "SERVICE"
ip helper-address 30.130.2.21
ip address 30.130.9.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "9" out
exit

vlan 10
name "NPH"
ip helper-address 30.130.2.21
ip address 30.130.10.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "10" out
exit

vlan 12
name "WLAN"
ip address 30.130.1.254 255.255.255.0
tagged B5-B12,Trk1
ip access-group "12" out
exit

radius-server host 30.130.2.21
ip dns server-address priority 1 30.130.2.21
router vrrp
aaa port-access mac-based D13-D24

spanning-tree
spanning-tree Trk1 priority 4
spanning-tree config-name "EQUILIBRAGE_CHARGE"
spanning-tree config-revision 8
spanning-tree instance 1 vlan 1-5
spanning-tree instance 1 priority 0
spanning-tree instance 2 vlan 6-10 12
spanning-tree instance 2 priority 1
spanning-tree priority 0

vlan 1
vrrp vrid 1
owner
virtual-ip-address 30.130.100.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 2
vrrp vrid 1
owner
virtual-ip-address 30.130.2.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 3
vrrp vrid 1
owner
virtual-ip-address 30.130.3.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 4
vrrp vrid 1
owner
virtual-ip-address 30.130.4.1 255.255.255.0
advertise-interval 10
priority 255
exit
exit
vlan 5
vrrp vrid 1
owner
virtual-ip-address 30.130.5.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 6
vrrp vrid 1
backup
virtual-ip-address 30.130.6.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 7
vrrp vrid 1
backup
virtual-ip-address 30.130.7.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 8
vrrp vrid 1
backup
virtual-ip-address 30.130.8.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 9
vrrp vrid 1
backup
virtual-ip-address 30.130.9.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 10
vrrp vrid 1
backup
virtual-ip-address 30.130.10.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 12
vrrp vrid 1
backup
virtual-ip-address 30.130.1.253 255.255.255.0
advertise-interval 10
enable
exit
exit

My problem:

1/ Can't do radius mac auth on d1-d24 on core (core1 auth works)


2/ I have to configure switches to suited the authentification and assignement to vlan. ias is configured ans working) and it works when i do this on core 1. i have 17 switches, do you think all must be configured personnaly?

On switche1 ports:
1-46 mac radius auth
47 connected to core 1
48 connected to core 2
49-50 connected to switch 2

If you can start helping me resolving this conf, il will test and post all infos you need.

Thanks in advance for your help. (this forum is a real help for me!)

David

3 REPLIES
nunocosta75
Advisor
Solution

Re: check config and help 2X 5406zl + 17 X 2610

Can you ping the radius server from the core switch? I don't know if it is good politic to enable ip routing and stp at the same time in the core, o think you must either select one or the other. If you have vrrp i suggest that you have the primium license because vrrp comes with the premium license so OSPF comes too, so i suggest that you use OSPF and vrrp for a good redundancy and forget the stp.
andé
Occasional Visitor

Re: check config and help 2X 5406zl + 17 X 2610

for the first point, it's solved, i can do radius authentification on both cores.

But about ospf, can you help me configuring my cores?
I don't know anything about ospf, but i will have a look to the doc.

thanks for your answer

David
nunocosta75
Advisor

Re: check config and help 2X 5406zl + 17 X 2610

Try to use that that documet that i send to you is everything there about OSPF.
Regards.