- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- vlan routing advice
Switches, Hubs, and Modems
1752778
Members
6019
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2008 10:29 AM
тАО06-12-2008 10:29 AM
I have a problem where we are not ready to make system wide changes but I want to start with some of the implementation now. I have two 2650's connected to a 2824 and want to route between vlans on the 2824. All the network devices use a pix as their default gateway which would also change eventually to the 2824. In the meantime, we are out of logical interfaces on the pix and I need another vlan setup that needs routing (so the pix cant do this now). I planned to simply add a static route on the desktop that needs access to the vlan and point it to the IP of the 2824 for that applicable vlan.
Currently, there are multiple vlans on the 2824 and ip routing is disabled, and only one vlan has an ip. As far as I understand, I can enable ip routing (which turns off the configured default gateway) and I can add an IP to the new vlan in question.
Once this is done, if the network device on vlan1 has a route to the second vlan pointed to 2824's ip on its vlan, this should work? Is there anything else I need to do, can I also setup ACL's to explicitly allow/disallow certain traffic between the vlans?
Thanks!
Currently, there are multiple vlans on the 2824 and ip routing is disabled, and only one vlan has an ip. As far as I understand, I can enable ip routing (which turns off the configured default gateway) and I can add an IP to the new vlan in question.
Once this is done, if the network device on vlan1 has a route to the second vlan pointed to 2824's ip on its vlan, this should work? Is there anything else I need to do, can I also setup ACL's to explicitly allow/disallow certain traffic between the vlans?
Thanks!
Solved! Go to Solution.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2008 12:25 PM
тАО06-12-2008 12:25 PM
Solution
hi I make two config for you one config ip routing between vlan basic config conf procurve switch and internet router and dhcp scobe
because I think you want different config
routing between vlan via on cisco pix for use acl config between vlan
am I understand ?
there fore you look config secont.
cenk
CONFIG FRIST----------------------------------------------------------------------
*procurve 2848 switch config
web-management support-url "http://www.......
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 2-20,25-48
ip address 10.0.10.1 255.255.255.0
ip-helper address 10.0.40.2
no untagged 1,21-24
exit
vlan 2
name "internet"
untagged 21
ip address 10.0.20.1 255.255.255.0
exit
vlan 4
name "server"
untagged 24
ip address 10.0.40.1 255.255.255.0
exit
vlan 5
name "user2"
untagged 22-23
tagged 47,48
ip address 10.0.50.1 255.255.255.0
ip-helper address 10.0.40.2
exit
vlan 10
name "management"
untagged 1
tagged 47,48
ip address 192.168.1.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.0.20.2
managemet-vlan 10
note:
internet router in vlan 2 (for internet vlan) and lan ip address 10.0.20.2
dhcp server in vlan 4(for server vlan )and ip address 10.0.40.2
connect frist 2650 interface 47
connect second 2650 interface 48
--------------------------------------------------------------------------
*procurve 2650/1 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.2 255.255.255.0
exit
managemet-vlan 10
note :connect to 2848 with interface 50
-----------------------------------------------------------------------------
*procurve 2650/2 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.3 255.255.255.0
exit
managemet-vlan 10
connect to 2848 interface 50
------------------------------------------------------------------------
*internet router or firewall config
you can basic config on router or firewall for internet connetion .
After you make write static route (on router/firewall)for vlans
example:
ip route 10.0.50.0 255.255.255.0 10.0.20.1
ip route 10.0.40.0 255.255.255.0 10.0.20.1
ip route 10.0.20.0 255.255.255.0 10.0.20.1
ip route 10.0.10.0 255.255.255.0 10.0.20.1
--------------------------------------------------------------------------
*dhcp server config
you can create new scobe each user vlan
scobe 1
scobe name :vlan 1
ip pool:10.0.10.10----10.0.10.200
default gateway :10.0.10.1
dns:10.0.20.2(optional)
scobe 2
scobe name:vlan 5
ip pool 10.0.50.10----10.0.50.200
default gateway :10.0.50.1
dns:10.0.20.2(optional)
note:each scobe send dhcp offer packet associate vlan
---------------------------------------------------------------------------
CONFIG SECONT--------------------------------
----------------------------------------------------------------------
*procurve 2848 switch config
web-management support-url "http://www.......
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 3-20,25-48
no untagged 1,3,21-24
tagged 1
exit
vlan 2
name "server"
untagged 24
tagged 1
exit
vlan 5
name "user2"
untagged 22-23
tagged 1,47,48
exit
vlan 10
name "management"
untagged 2
tagged 1,47,48
ip address 192.168.1.1 255.255.255.0
exit
managemet-vlan 10
--------------------------------------------------------------------------
*procurve 2650/1 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 1,11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.2 255.255.255.0
exit
managemet-vlan 10
note :connect to 2848 with interface 50
-----------------------------------------------------------------------------
*procurve 2650/2 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.3 255.255.255.0
exit
managemet-vlan 10
connect to 2848 interface 50
------------------------------------------------------------------------
*internet router or firewall LAN ├Д┬░NTERFACE config
IMPORTANT:THIS DEVICE CONNECT ON 2848 SWICH INTERFACE 1
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.11.1 255.255.255.0
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.0.15.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.110.1 255.255.255.0
!
vlan 1 pc default gateway ip address 10.0.10.1
vlan 2 pc default gateway ip address 10.0.11.1
vlan 5 pc default gateway ip address 10.0.15.1
vlan 10 oc default gateway ip address 10.0.110.1
AND YOU WANT MAKE ACL CONF├Д┬░G THIS NETWORK ADDRESS
because I think you want different config
routing between vlan via on cisco pix for use acl config between vlan
am I understand ?
there fore you look config secont.
cenk
CONFIG FRIST----------------------------------------------------------------------
*procurve 2848 switch config
web-management support-url "http://www.......
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 2-20,25-48
ip address 10.0.10.1 255.255.255.0
ip-helper address 10.0.40.2
no untagged 1,21-24
exit
vlan 2
name "internet"
untagged 21
ip address 10.0.20.1 255.255.255.0
exit
vlan 4
name "server"
untagged 24
ip address 10.0.40.1 255.255.255.0
exit
vlan 5
name "user2"
untagged 22-23
tagged 47,48
ip address 10.0.50.1 255.255.255.0
ip-helper address 10.0.40.2
exit
vlan 10
name "management"
untagged 1
tagged 47,48
ip address 192.168.1.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.0.20.2
managemet-vlan 10
note:
internet router in vlan 2 (for internet vlan) and lan ip address 10.0.20.2
dhcp server in vlan 4(for server vlan )and ip address 10.0.40.2
connect frist 2650 interface 47
connect second 2650 interface 48
--------------------------------------------------------------------------
*procurve 2650/1 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.2 255.255.255.0
exit
managemet-vlan 10
note :connect to 2848 with interface 50
-----------------------------------------------------------------------------
*procurve 2650/2 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.3 255.255.255.0
exit
managemet-vlan 10
connect to 2848 interface 50
------------------------------------------------------------------------
*internet router or firewall config
you can basic config on router or firewall for internet connetion .
After you make write static route (on router/firewall)for vlans
example:
ip route 10.0.50.0 255.255.255.0 10.0.20.1
ip route 10.0.40.0 255.255.255.0 10.0.20.1
ip route 10.0.20.0 255.255.255.0 10.0.20.1
ip route 10.0.10.0 255.255.255.0 10.0.20.1
--------------------------------------------------------------------------
*dhcp server config
you can create new scobe each user vlan
scobe 1
scobe name :vlan 1
ip pool:10.0.10.10----10.0.10.200
default gateway :10.0.10.1
dns:10.0.20.2(optional)
scobe 2
scobe name:vlan 5
ip pool 10.0.50.10----10.0.50.200
default gateway :10.0.50.1
dns:10.0.20.2(optional)
note:each scobe send dhcp offer packet associate vlan
---------------------------------------------------------------------------
CONFIG SECONT--------------------------------
----------------------------------------------------------------------
*procurve 2848 switch config
web-management support-url "http://www.......
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 3-20,25-48
no untagged 1,3,21-24
tagged 1
exit
vlan 2
name "server"
untagged 24
tagged 1
exit
vlan 5
name "user2"
untagged 22-23
tagged 1,47,48
exit
vlan 10
name "management"
untagged 2
tagged 1,47,48
ip address 192.168.1.1 255.255.255.0
exit
managemet-vlan 10
--------------------------------------------------------------------------
*procurve 2650/1 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 1,11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.2 255.255.255.0
exit
managemet-vlan 10
note :connect to 2848 with interface 50
-----------------------------------------------------------------------------
*procurve 2650/2 switch config
web-management support-url "http://www.......
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
name "user"
untagged 1-10,21-50
no untagged 11-20
exit
vlan 5
name "user2"
untagged 11-20
tagged 50
exit
vlan 10
name "management"
tagged 50
ip address 192.168.1.3 255.255.255.0
exit
managemet-vlan 10
connect to 2848 interface 50
------------------------------------------------------------------------
*internet router or firewall LAN ├Д┬░NTERFACE config
IMPORTANT:THIS DEVICE CONNECT ON 2848 SWICH INTERFACE 1
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.11.1 255.255.255.0
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.0.15.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.110.1 255.255.255.0
!
vlan 1 pc default gateway ip address 10.0.10.1
vlan 2 pc default gateway ip address 10.0.11.1
vlan 5 pc default gateway ip address 10.0.15.1
vlan 10 oc default gateway ip address 10.0.110.1
AND YOU WANT MAKE ACL CONF├Д┬░G THIS NETWORK ADDRESS
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 06:34 AM
тАО06-13-2008 06:34 AM
Re: vlan routing advice
Hi,
I appreciate the detailed help.
I was hoping to not use the pix for acl's between vlans. It only has 10meg interfaces and a small allowable amount of interfaces. I would like to do everything in the 2824.
So to clarify a few things I don't see any routes in the 2650's, is this ok? I suppose clients will recieve a default gateway of the 2824's ip in that vlan which will provide routing?
Thanks again!
I appreciate the detailed help.
I was hoping to not use the pix for acl's between vlans. It only has 10meg interfaces and a small allowable amount of interfaces. I would like to do everything in the 2824.
So to clarify a few things I don't see any routes in the 2650's, is this ok? I suppose clients will recieve a default gateway of the 2824's ip in that vlan which will provide routing?
Thanks again!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 07:40 AM
тАО06-13-2008 07:40 AM
Re: vlan routing advice
hi
frist or secont example config routing operation
-----------------------------------------------
example config frist
all pc default gateway 2824 vlan interface address
and make routing operation
ip routing
*command on switch
ip route 0.0.0.0 0.0.0.0 10.0.20.2
*command on switch
ip route 10.0.50.0 255.255.255.0 10.0.20.1
ip route 10.0.40.0 255.255.255.0 10.0.20.1
ip route 10.0.20.0 255.255.255.0 10.0.20.1
ip route 10.0.10.0 255.255.255.0 10.0.20.1
*ip route command on firewall
-----------------------------------------------
exampel config second
I can create interface fastaehernet0/0 in sub interface
this device already router and make subinterface between
routing each vlan connect sub interface and routing between vlan's
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.11.1 255.255.255.0
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.0.15.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.110.1 255.255.255.0
cenk
frist or secont example config routing operation
-----------------------------------------------
example config frist
all pc default gateway 2824 vlan interface address
and make routing operation
ip routing
*command on switch
ip route 0.0.0.0 0.0.0.0 10.0.20.2
*command on switch
ip route 10.0.50.0 255.255.255.0 10.0.20.1
ip route 10.0.40.0 255.255.255.0 10.0.20.1
ip route 10.0.20.0 255.255.255.0 10.0.20.1
ip route 10.0.10.0 255.255.255.0 10.0.20.1
*ip route command on firewall
-----------------------------------------------
exampel config second
I can create interface fastaehernet0/0 in sub interface
this device already router and make subinterface between
routing each vlan connect sub interface and routing between vlan's
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.11.1 255.255.255.0
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.0.15.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.110.1 255.255.255.0
cenk
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 07:42 AM
тАО06-13-2008 07:42 AM
Re: vlan routing advice
note for second config:pc default gateway address vlan associate subinterface address
cenk
cenk
cenk
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP