Web and Unmanaged
1748073 Members
4593 Online
108758 Solutions
New Discussion

Re: problems with intervlans communication

 
seb_p
Occasional Visitor

problems with intervlans communication

hi and sorry for my bad english,

i have some problems of configuration on my new installation.

i have 2 switch (2530 and 1920s) behind a stormshield appliance.

on the old installation we haven't vlan yet, and the old ip configuration is reused in the new configuration for the vlan 1.

i have 3 vlan (1 data, 20 management, 90 visitor), and here is my 1920s configuration :

!Current Configuration:
!
!System Description "HPE OfficeConnect Switch 1920S 48G 4SFP PPoE+ (370W) JL386A, PD.02.06, Linux 3.6.5-a07f8920, U-Boot 2012.10-00118-g3773021 (Oct 11 2016 - 15:39:54)"
!System Software Version "PD.02.06"
!System Up Time "0 days 23 hrs 21 mins 8 secs"
!Additional Packages HPE QOS,HPE IPv6 Management,HPE Routing
!Current SNTP Synchronized Time: SNTP Client Mode Is Disabled
!
network protocol none
network parms 192.168.20.253 255.255.255.0 0.0.0.0
vlan database
vlan 20,90,100
vlan name 20 "MANAGEMENT"
vlan name 90 "INVITE"
vlan name 100 "VOIP"
vlan routing 1 1
vlan routing 20 2
vlan routing 90 3
exit

network mgmt_vlan 20
ip ssh server enable
ip ssh protocol 2
sshcon timeout 30
configure
sntp server "37.187.5.167"
!clock timezone 1 minutes 0
clock timezone id 38
time-range Schedule-1
exit
time-range Schedule-2
exit
ip routing
ip helper enable
ip helper-address 192.168.1.11 dhcp
username "admin" password xxxxxxxxxxxxxxxxxxxxx level 15 encrypted override-complexity-check
no username guest
voice vlan
line console
exit

line telnet
exit

line ssh
exit

port-channel name TRK 1 pont-HP-1920-N1
interface 46
addport TRK 1
exit
port-channel name TRK 2 ROC1
interface 47
addport TRK 2
exit
snmp-server sysname "HP-1920S-N1"
snmp-server location "N1"
snmp-server contact "administrateur"
!
ip access-list DATA
permit ip any any
exit

ip access-list INVITE
permit ip any any
exit

ip access-list MGMT
permit ip any any
exit

ip access-group DATA vlan 1 in 1
ip access-group MGMT vlan 20 in 1
ip access-group INVITE vlan 90 in 1

interface 1
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 2
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 3
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 4
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 5
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 6
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 7
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 8
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 9
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 10
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 11
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 12
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 13
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 14
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 15
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 16
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 17
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 18
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 19
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 20
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 21
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 22
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 23
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 24
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 25
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 26
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 27
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 28
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 29
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 30
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 31
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 32
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 33
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 34
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 35
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 36
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 37
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 38
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 39
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 40
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 41
vlan pvid 100
vlan participation exclude 1,20
vlan participation include 100
exit

 

interface 42
vlan pvid 100
vlan participation exclude 1,20
vlan participation include 100
exit

 

interface 43
vlan pvid 100
vlan participation exclude 1,20
vlan participation include 100
exit

 

interface 44
vlan participation exclude 20
vlan participation include 100
vlan tagging 100
exit

 

interface 45
vlan pvid 90
vlan participation exclude 1
vlan participation include 90
exit

 

interface 48
vlan pvid 20
vlan participation exclude 1
vlan participation include 20
exit

 

interface TRK 1
vlan participation include 20,90,100
vlan tagging 1,20,90,100
exit

 

interface TRK 2
vlan participation include 20,90,100
vlan tagging 1,20,90,100
exit

 

interface vlan 1
bandwidth 10000
routing
ip address 192.168.1.253 255.255.255.0
ip mtu 1500
no ip unreachables
no ip redirects
exit

 

interface vlan 20
bandwidth 10000
routing
ip mtu 1500
no ip unreachables
no ip redirects
exit

 

interface vlan 90
bandwidth 10000
routing
ip address 192.168.90.253 255.255.255.0
ip helper-address 192.168.1.11 dhcp
ip mtu 1500
no ip unreachables
no ip redirects
exit


ip route 0.0.0.0 0.0.0.0 192.168.1.254 10

exit

the ping between vlan1 and 90 work fine but vlan90 won't going out on the web. 

does anyone have some ideas of what i have done wrong?

thanks in advance.

2 REPLIES 2
drk787
HPE Pro

Re: problems with intervlans communication

Hi,

Do you mean you are not able to login from a client in Vlan 90 to the switch web interface?

 

If yes, by default only VLAN 1 clients can login to the switch, you can change the management vlan and management port. Please refer page 19 of the configuration guide for more information.

URL: https://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00003478en_us-6.pdf

 

 

 

 

Thank You!
I am an HPE Employee

 

Was the post useful? Click on the white KUDOS! Thumb below.  Kudos is a way of saying thank you to a post.

To mark a message as a solution, click "ACCEPT AS SOLUTION" on the reply

 

Thank You!
I am an HPE Employee

Accept or Kudo

seb_p
Occasional Visitor

Re: problems with intervlans communication

Hello, not in fact I already restricted access to the switch management via a particular port and another vlan.

the trouble is that the vlan-90 computers are able to communicate with the computers of vlan 1 but fail to access the net.

which is annoying because I intend to restrict the communication to vlan 1 that some IP using ACL and allow access to the net.