New VLAN & Router Setup on 5308xl

Forrest Baker · ‎12-08-2008

I have some gaps in my understanding of how to best accomplish our goals and I hope you can help.
We have have a 5308xl switch that we want to support all our subnet routing instead of our Cisco router. The Cisco router has several networks defined and the first IP of each network assigned to an interface as the default gateway for clients.
The 5308xl switch has all our servers connected to it, a fiber connection from all our outlying desktop switches, and then an uplink connection to our Cisco router for Internet access.
Here is what I think I need to do:
1.) create a separate VLAN for each subnet, 200 thru 209, with the cisco router uplink being it its own subnet.
2.) assign an IP address to each VLAN, the client gateway IP the clients are using.
3.) assign all the VLANs as tagged members to the fiber connection port.
4.) enable IP routing
5.) set a default route pointing to the cisco router.

Does that seem right and the best way to approach this?
I read somewhere it is not possible to have a VLAN with multiple IPs assigned - otherwise I would have the one VLAN with all the network gateway addresses in order to support all clients.

Thank you in advance for your advice.
Forrest

Marco Wessel · ‎12-08-2008

>Does that seem right and the best way to approach this?

Squarely, yes.

> I read somewhere it is not possible to have a VLAN with multiple IPs assigned - otherwise I would have the one VLAN with all the network gateway addresses in order to support all clients.

Nope, what you've described is perfectly ok. In fact, it's the entire point of routing in switches -- to route between VLANs.

As for the default route-- remember to set a route to 0.0.0.0 rather than use ip default-gateway. The former works with routing enabled, the latter does not.

Forrest Baker · ‎12-09-2008

Thanks Marco, but I have a couple other questions as well.

It seems there is a limit of 8 VLANs on the 5308xl switch - so I evidently can't create a VLAN for every subnet. But I did read I can assign up to 8 IP addresses to a VLAN, so I could represent multiple networks on one VLAN right?
Then create a separate VLAN for the Cisco router Internet uplink and a separate VLAN for all the servers directly connected to the 5308 switch.
Maybe I'm making this all too complicated, but I'm a little fuzzy on tagged or untagged VLANs.
If I have a VLAN for the Cisco uplink, a VLAN for the servers using the 200 network, and a third VLAN for all the other client networks of 201 - 209; then do I have the fiber port as an untagged member of the server VLAN? and the client VLAN as a tagged for that port? and no tagging for the Cisco uplink VLAN as that is addressed via the ip route?

Thanks for your help,
Forrest

Marco Wessel · ‎12-09-2008

The 5300 series can handle up to 256 VLANs, in fact. I have no clue why, but this is a setting which, on most switches, defaults to 8. Issue a 'max-vlans 256' command and reboot it. (This is the first thing I do when configuring a new switch, btw.)

With that out of the way, you can do exactly as you described in your first post. Multinetting (more than one subnet per vlan) isn't recommended vor various reasons. The best (and simplest) is just to have one subnet == one vlan.

Probably you indeed do not need to tag your port to the cisco. As for the other ones, that depends on whether or not you have vlans mixed on the switches they connect to. If you do, you must tag, otherwise that isn't required but recommended anyway for possible future requirements.

Just to be sure you understand-- tagging is just a way of sending traffic for more than one vlan over a single connection. It does this by inserting between the ethernet frame header and data an extra header, called a tag, that says 'this frame belongs to this vlan number'.

Forrest Baker · ‎12-18-2008

Okay, thanks. I have increased the max vlans to 256 and will proceed as originally planned with a vlan for each subnet.

All desktop switches connect up to this one 5308 server room backbone switch via a single gig fiber link. We have network clients with IP assignments from the different subnets all connected back to the server room switch. I only have VLANs assigned to this 5308.
I've been doing some testing and the subnet routing seems to be working just fine (meaning I can ping across subnets), but I can't get out to my edge router to access the Internet.

Here is what I have setup for VLANs:

VLAN200 (primary) Ports: A1-A15 untagged (200 is for server and switches)
VLAN186 Ports: A2-A7 untagged
VLAN187 Ports: A8-A14 untagged

VLAN186 and VLAN187 tagged to Port: A16

Port A1 has the connection for the router uplink. Should I have a separate VLAN for it?

The 5308 switch has an IP ADDR of 134.39.200.92 and Gateway 134.39.200.96 which is the IP ADDR of the Internet router.

I created a static route: IP ROUTE 0.0.0.0 0.0.0.0 134.39.200.96
but my 186 and 187 clients can't get out.

Here is what the 5308xl switch shows for ip routes:
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 134.39.200.96 1 static 1 1
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
134.39.186.0/24 VLAN186 10 connected 0 0
134.39.187.0/24 VLAN187 20 connected 0 0
134.39.200.0/24 VLAN200 1 connected 0 0

Any ideas?
Thanks, Forrest

KSimpson · ‎12-18-2008

IS interface A1 connected to the router to go out to the internet.

I didnt see A1 tagged. If I understand what you are doing, you need to tagged A1 so the traffic can get out of the 5308 and to the router.

Forrest Baker · ‎12-18-2008

yes, A1 is connected to the Internet router.

I did not have A1 tagged, but do now and still can't get out to the Internet from any subnet.

I think my ip route is correct. Do I need to do anything with RIP?

Also, if I have one physical port on the 5308 that connects clients from all different subnets - don't I need that port untagged in all my subnet VLANs? But I can't have it untagged in more then one VLAN.

My primary goal is to have this 5308 switch handle all subnet routing for the network instead of our Internet router.

Please advise or reference to a really good doc would be very much appreciated.
thank you, Forrest

KSimpson · ‎12-18-2008

Also, if I have one physical port on the 5308 that connects clients from all different subnets - don't I need that port untagged in all my subnet VLANs? But I can't have it untagged in more then one VLAN.

-- Yes. A port can only be untagged on 1 vlan and then any uplink ports will need to be tagged.

My primary goal is to have this 5308 switch handle all subnet routing for the network instead of our Internet router

-- Are you using RIP? Go to each vlan and assign it and IP Address and enable RIP on each vlan.

Vlan XXX
ip address "your IP"
ip rip "your IP"

Ip routing is enabled and an vlan has a ip, the traffic on that vlan will route.

When I said tagged A1, i though the 5308 was doing layer 2. So I dont think A1 will need to be tagged since the 5308 will have a route out that port the the internet router ip address.

Marco Wessel · ‎12-18-2008

Your IP route is correct and you don't necessarily need RIP (though it might help out a bit, more on why later.)

Probably you can even get to the edge router, but the dge router has no idea how to get back: after all, it is the know-all-end-all routing resource and if it doesn't know about a destination, it should forward it onto the interwebs.

So on your cisco, you should add a route back to the network through the 5308.

RIP might help you with this because it'll set those routes for you. Though really in a static situation it's not very necessary to use it.

Having the cisco in your VLAN 200 with your servers is ok, putting it in a vlan of its own is fine too. I do this stuff in separate VLANs, but really it's essentially a matter of preference.

Forrest Baker · ‎12-18-2008

Okay, the routing makes more sense now - and I'll add the route on the Cisco back to the 5308. If I do create a separate VLAN for the cisco-uplink A1 port, all the other subnet VLANs would need to tag that port right?

The routing between subnets seems to be working well in my test environment - I have the default gateway IP for each subnet assigned to the appropriate VLAN and now have RIP running as well. But I don't understand how port-based VLANs will work on the 5308 (our server room backbone switch) when all network connections from our LAN connect to the 5308 by a single fiber link. I can't physically connect network clients from each subnet to the appropriate VLAN ports. They all connect through the same fiber port. How do I have the 5308 serve as the gateway and subnet router for all networks?
Forrest

Forrest Baker · ‎12-18-2008

A little more information on our network topology, the 5308 server room switch has a trunked fiber connection down to our basement MDF 4208 switch.

All desktop switches connect back to this 4208vl switch. There is currently no port or switch control over IPs within a subnet for lab computers connect to a certain switch. It is a mixed environment.

Forrest

Marco Wessel · ‎12-18-2008

No, the A1 port can be simply untagged in all cases. In the separate vlan case, just put in in vlan 201 (or something that makes more sense for you) and make it the only port in that vlan. Then, assign an IP to the vlan and set the default route to the cisco.

Unless you enable RIP on the cisco as well, you need not run RIP on the 5308. Running RIP on both will make sure that all routes are available on both boxes. If you make the cisco originate a default route you don't even need to tell the 5308 about that.

As for the multiple vlan deal, this is wat 802.1q, or vlan tagging, is for. As I said before, you can put one port (or aggregated group of ports) in multiple vlans using tags. The switch will, before sending a frame out that port, insert a tag in the frame so the receiving end will know what vlan the frame belongs to. This is what's really called a trunk. (That 'other' trunk is actually called link aggregation, which is the exact opposite of real trunking and a very unfortunate misnomer.)

Think of a vlan trunk as having a really fat cable with, in this case, 256 individual fiber pairs in it. Each of those can be used to carry exactly one vlan. Of course in reality, there's only one fiber pair, the maximum number of vlans is 4096 and with double tagging more than one vlan can be carried per pair, but on a logical level that's essentially what's happening. (And you now see why link aggregation is the /exact/ opposite of trunking: multiple channels over one physical connection vs. one channel over multiple physical connections.)

So as a real-life example, a quick snippet from one of my switches (a 4204vl):
vlan 300
name "BeganeGrond"
no ip address
tagged A19,B23-B24
exit
vlan 500
name "kpnodsl"
untagged B19-B20
tagged A19,B23-B24
exit
vlan 400
name "Z&J"
untagged B5
tagged B23-B24
exit

On port B23 is an Alteon that I use for routing, port B24 connects to a 6108 for servers and A19 is my desktop. Any other ports mentioned have random things on them. Tagged ports don't have any untagged vlans.

Up here I have three VLANs. One, vlan 300, only has tagged ports because really it's only passed through to the other switches (and my desktop, which is a special case) Notice that vlan 500 has exactly the same tagged ports: this vlan is available on the alteon, 6108 and at my desktop as well. Vlan 400 is available on the other switches but not at my desktop. So there be three vlans, each sharing a bunch of ports. (And there are more of those, of course.)

Two of the VLANs also have untagged ports. This is where regular computers and such connect. B5 is in vlan 400 and B19 and B20 are in vlan 500. So if a computer were to be connected to those ports, it'd end up in those vlans. If a computer were to be connected to any of the tagged ports above, not much would happen because I didn't set up any untagged vlans and the computers don't generate frames with tags in them (with, again, the exception of my desktop.)

So you should set the ports that connect your switches to eachother as tagged members of all vlans. Then, set the ports that computers connect to as untagged members of the appropriate vlans.

Treat the cisco as a computer: untagged in its vlan.

Forrest Baker · ‎12-19-2008

Thank you Marco - your explanation and example was a great help. I think the tagging all makes sense now - I'll start testing it.
A couple quick follow-up questions:

- the IP address of the separate cisco VLAN, untagged A1 port, will be from a separate 201 network - the same network as the IP assigned to the cisco router interface. Should I assign 201.1 (as a gateway for that network) to the VLAN201 on the 5308 or to the Cisco router interface? or does it matter?

- then should I set the 5308 default route to the VLAN201 IP address or to the cisco interface IP address?

- and same for the cisco router, should the route go back to the VLAN201 IP or to the 200 IP address of the 5308 switch?

Thanks a million!
Forrest

Marco Wessel · ‎12-19-2008

> the IP address of the separate cisco VLAN, untagged A1 port, will be from a separate 201 network - the same network as the IP assigned to the cisco router interface. Should I assign 201.1 (as a gateway for that network) to the VLAN201 on the 5308 or to the Cisco router interface? or does it matter?

Doesn't matter, really. It's just a number, so whatever makes the most sense to you. I've seen situations where they standardized on having the lowest number the closest to their border routers, or whatever. You might also just want all the .1s on your 5308, etc.

> then should I set the 5308 default route to the VLAN201 IP address or to the cisco interface IP address?

To whatever the ip on the actual cisco is. You're telling it, 'for any destination you don't know, send the packets to this box over here at this IP address'.

> and same for the cisco router, should the route go back to the VLAN201 IP or to the 200 IP address of the 5308 switch?

You should set a route for your entire network (that is, the full subnet you've been allocated) to the HP's 201 addy. So for example if you were to have been allocated an entire /16 out of 10.0.0.0/8, you might tell it that it can reach all of 10.0.0.0/16 at 10.0.201.1. It'll have a more specific route for that 201 subnet which is directly connected, so you don't have to make an exception for it or anything.

Forrest Baker · ‎12-19-2008

Thanks again Marco - that's cleared up then.

However, I now have my test environment running to mirror our production environment and I'm not able to route between subnets. Here is the config of my 5308:

; J4819A Configuration Editor; Created on release #E.11.03

hostname "HP Procurve Switch 5308XL"
max-vlans 256
vlan 1
name "VLAN200"
untagged A2-A15,B1-B24,C1-C4,D1-D24,E1-E24,F1-F24,G1-G4,H1-H24
ip address 134.39.200.1 255.255.255.0
tagged A16
no untagged A1
exit
vlan 10
name "VLAN186"
ip address 134.39.186.1 255.255.255.0
tagged A16
exit
vlan 20
name "VLAN187"
ip address 134.39.187.1 255.255.255.0
tagged A16
exit
vlan 100
name "Cisco-Uplink"
untagged A1
ip address 134.39.201.1 255.255.255.0
exit
qos protocol IP priority 7
ip route 0.0.0.0 0.0.0.0 134.39.201.2

********************
The 5308 port A1 is the Cisco uplink and port A16 is tagged for the multiple VLANs. I have a HP 4000 switch with a 200 IP address connected to 5308 port A7. The switches can ping each other, both in the 200 network, but the 186 and 187 computers connected to the 4000 cannot ping each other or the switch or the VLAN ip. What am I missing?

When the VLAN routing worked before, I believe the 186 and 187 networks showed in the route table. Here is what I show for ip routes:

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
134.39.200.0/24 VLAN200 1 connected 0 0

******************
Thanks again

Marco Wessel · ‎12-19-2008

The 4000M is connected to A7? According to your config that should be A16. And IP routing isn't enabled in that bit of the config at least.

Marco Wessel · ‎12-19-2008

Also, if the VLAN doesn't have any ports that are up, the vlan itself will be down also. So if A16 isn't connected to anything and it's the only port in a vlan, the vlan will be down.

Forrest Baker · ‎12-19-2008

That's true, I had the 4000M connection to A16 but couldn't ping anything - when I moved it to the untagged VLAN200 port A7, I could. But, it is back in A16 and that port is up.
What is a good way to test subnet routing?
Because I have have a 186 computer and 187 computer connected to the 4000M switch and I can't ping the 4000M 200 IP address, and I can't ping the 186 gateway address on the 5308 switch.

From the 5308 switch I can ping all the subnet VLAN IPs of course, but not the 4000M switch or any computer.

Do I need more then the one static route out to the Cisco configured on the 5308 to handle subnet routing?

Forrest Baker · ‎12-19-2008

I do see all the ip routes now with the 4000M connected to A16 on the 5308 and all VLANs tagging that port:

134.39.200.0/24 VLAN200 1 connected
134.39.186.0/24 VLAN186 1 connected
134.39.187.0/24 VLAN187 1 connected

But clients from the various subnets connected to the 4000M cannot see anything else on the network.

Marco Wessel · ‎12-19-2008

the 4000M of course needs the port with which it is connected to the 5308 to be set with the same vlan tags as the 5308. If you had been connecting it to an untagged port before and that worked, it likely isn't configured correctly.

Forrest Baker · ‎12-19-2008

Ahhhh...I wondered about needing VLANs on all the other switches. I currently only have the VLANs setup on the 5308. So....I basically need the same VLAN config on all network switches.
Is there a way I can just have the 5308 serve as the gateway and router for all the networks without VLANs?
Forrest

Marco Wessel · ‎12-19-2008

Not really, no. You can only assign addresses to vlans.

Forrest Baker · ‎12-22-2008

Over the weekend I successfully tested VLAN routing from clients in our 4000M desktop switches that connect back to the 5308xl backbone switch. This required VLANs configured on each 4000M switch and devices connected in untagged VLAN ports.

In order to actually roll this out - this requires a log of port and device management that we currently do not have through out our network. Meaning multiple devices with different network IPs connect to all the switches.

Is there an easier way of implementing VLAN routing? Would GVRP help in this scenario?

Thanks, Forrest

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

New VLAN & Router Setup on 5308xl

New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl

Re: New VLAN & Router Setup on 5308xl