HPE Community
HPE Aruba Networking & ProVision-based
1823369 Members
2773 Online
109654 Solutions
New Discussion

Test with HP 2920 – Broken Connection

 
andrea_italy
Occasional Contributor

‎05-19-2015 01:39 PM

‎05-19-2015 01:39 PM

Test with HP 2920 – Broken Connection

Hello everyone,

I'm studying and doing some tests with a 2920 that I want to use at home.

I stumbled on a problem which I can not answer  - but as I said I'm studying, so please be compassionate  :-)   

 

I did some tests with this configuration:

1. the 2920 with two VLANs (10 and 99) in two different subnets (192.168.10.0/24 and 192.268.99.0/24)

2. a router with pfSense

3. a PC used to configure the 2920

all connected by another managed switches (this with all vlan enabled in trunk on all ports for simplicity).

 

VLAN 99 is the management VLAN, and the PC goes into vlan 10.

The 2920 is linked to the "intermediate" switch (only for this test) with a single connection on port 19, a trunk with all VLAN.

The 2920 is configured as shown below (end of page) and it works all right. I did the configuration itself using the computer on vlan 10.

The switch is configured as a pure switch, i.e. I do NOT gave the command "ip routing".

 

 

I was about to move on to some more interesting test when something happened that I can not explain.

I wanted to assign an IP to each of the VLANs present in 2920, then in VLAN 10 context I gave the command:

ip address 192.168.10.2/24

 

This worked for a few minutes as before, then suddenly the terminal opened on the PC to configure the 2920 froze: the cursor stops blinking and I was no longer able to type any character.

Opening a new terminal, this work for about ten seconds, then it froze too.

 

These tests I've done with a PC with Ubuntu, but I also tried another PC with Windows Seven and PuTTy and the results were the same. Putty returned the message "Network error: broken connection".

 

Instead reconfiguring the 2920 removing the ip on vlan 10, everything resumed to work well.

 

I do not understand why: in the 2920 user guide is clearly stated that you can give an IP to each VLAN even without enabling routing.

Someone can give me an answer?

It's obviously a non-blocking problem, but I would like to understand because I'm learning.

 

Thank you all.

Bye,

Andrea

 

 

 

; J9727A Configuration Editor; Created on release #WB.15.16.0008
; Ver #06:0c.fc.f3.ff.37.2d:e0

hostname "sw_caldaia"
module 1 type j9727a
trunk 21-22 trk1 lacp
no telnet-server
no web-management
ip default-gateway 192.168.99.1
ip dns domain-name "casaren"
ip dns server-address priority 1 192.168.99.1
snmp-server community "public" unrestricted
oobm
   ip address 192.168.99.20 255.255.255.0
   ip default-gateway 192.168.99.1
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-20,23-24,Trk1
   untagged A1-A2,B1-B2
   no ip address
   exit
vlan 10
   name "Lan"
   untagged 11-16
   tagged 17,19-20,23,Trk1
   no ip address
   forbid 18,24
   exit
vlan 40
   name "Cam"
   untagged 1-10
   tagged 17,19-20,23,Trk1
   ip address 192.168.40.2 255.255.255.0
   forbid 18,24
   exit
vlan 99
   name "Management"
   tagged 17,19-20,23,Trk1
   ip address 192.168.99.2 255.255.255.0
   forbid 18,24
   exit
vlan 333
   name "PppoE"
   untagged 18,24
   no ip address
   exit
spanning-tree Trk1 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
0 Kudos
3 REPLIES 3
Vince-Whirlwind
Honored Contributor

‎05-19-2015 10:12 PM

‎05-19-2015 10:12 PM

Re: Test with HP 2920 – Broken Connection

I'm wondering two things:

 

1. As this is a Layer2 switch without IP Routing configured, why do you want IP addresses on the VLAN interfaces? What use are they?

 

2. What path is your PC taking to reach the switch, and what IP address is it using for managing the switch?

0 Kudos
andrea_italy
Occasional Contributor

‎05-20-2015 01:07 PM

‎05-20-2015 01:07 PM

Re: Test with HP 2920 – Broken Connection

Hello Vince,

thanks for asking .... :-)

 

For your questions:

 

1)

for now it is just to study, as I said I'm studying / learning.

I was able to configure the VLANs and a trunk as I wanted and at that point I intended to start to change the configuration to get to my target, that is having the switch in L3 with an interface in each VLAN (for now without acl).

So I started first thing in setting IP addresses on internal subnets, but occurred almost immediately the problem of connection loss.

At that point I no longer went ahead to enable routing because I wanted to understand the reason for the connection loss.

As I said in my first post, I know that the address on vlan 10 it's now “useless” (i.e. with the current configuration), but since the manual talks about multiple addresses regardless from having enabled the routing I wanted to understand if I misunderstood or whatever.

 

 

2)

my pc has taken address via dhcp on the network 192.168.10.0/24 hence enters on VLAN 10.

Does not enter directly on 2920 but goes in another managed switches (let's call it AAA) that let all VLAN on all ports (tagged).

The router is pfSense and is connected to the switch AAA through a single connection that passes all vlan (router-on-a-stick).

 

 

So back to your question I imagine two paths:

 

a)

at the beginning I configured the 2920 (vlan 99) with my pc on vlan 10. So the path should have been:

from pc (VLAN 10) to the switch AAA (VLAN 10)

from switch AAA (VLAN 10) to pfSense

then pfSense has rotated the packet from interface on VLAN 10 to that on vlan 99

from pfSense on vlan 99 to the switch AAA and then to 2920 always on vlan 99

 

 

b)

when I added the IP 192.168.10.2 to the 2920, the path should have been:

from the PC to the switch AAA (on VLAN 10)

from the switch to the 2920 AAA always on vlan 10.

That is: I think in this case pfSense not come into play because it was all on the same VLAN.

 

But soon after that test my terminal was disconnected..... (and the same happens doing the test with Windows/PuTTy).

 

Thanks again,

Hello,

Andrea

0 Kudos
Vince-Whirlwind
Honored Contributor

‎05-24-2015 08:14 PM - edited ‎05-24-2015 08:14 PM

‎05-24-2015 08:14 PM - edited ‎05-24-2015 08:14 PM

Re: Test with HP 2920 – Broken Connection

OK, so your PC is in VLAN10. Its default gateway is a VLAN 10 address on your router.

Your PC is connecting to the 2920 on its management address in VLAN99.

 

From your PC: target IP address is in a different subnet, therefore the PC does no ARP lookup for the destination IP address, it addresses its frames with the MAC address of the router IP address.

The router has an interface on VLAN99, so it does an ARP lookup, finds the 2920 MAC address, and re-encapsulates your PC packets with the MAC address of the 2920.

The 2920 replies, it has no IP address in the VLAN10 subnet, so it encapsulates its reply packets with frames addressed to the router VLAN99 address. The router re-encapsulates the frames with the PC MAC address.

 

Then, you add an address on the switch in VLAN10.

The PC communicates as before: it is trying to get to the VLAN99 address of the 2920, its IP address is still in a different subnet, so it uses its default gateway to get there.

Where it changes is on the 2920: when the 2920 comes to reply to the PC, it sees the PC IP address is in the same subnet as its VLAN10 interface, so it replies directly to the PC, by first sending an ARP request to find out the PC MAC address.

 

Your console session is targeted at to the 2920 on its VLAN99 IP address, but the reply comes from the 2920 on its VLAN10 address, so the session breaks.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.