We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

HOW TO CONFIGURE VLANS TO ACCESS THE INTERNET

Medium Priority
2,152 Views
Last Modified: 2013-12-01
Dear All,  I am setting up one hp procurve switch in the network. This switch is 2610 and I have created two valn on it.
                Vlan 1: 10.1.1.250
                Vlan 2: 192.168.1.250
                Gateway: 10.1.1.253 (firewall)
                Dns server : 10.1.1.101

                Now, I am able to ping and access each other vlan but I am not able to browse the internet.

Please check the below configuration and suggest the best way of doing that , and if this is not the right configuration then guide me the best way of doing that.
---------------------------------------------------------
Running configuration:

; J9086A Configuration Editor; Created on release #R.11.04

hostname "ProCurve Switch 2610-24/12PWR"
ip default-gateway 10.1.1.253
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-12,25-28
   ip address 10.1.1.250 255.0.0.0
   no untagged 13-24
   exit
vlan 2
   name "VLAN2"
   untagged 13-24
   ip address 192.168.1.250 255.255.255.0
   exit
---------------------------------------------------------------

Comment
Watch Question

Did you configured the firewall to permit the 192.168.1.x IP's too? And, of course, to "NAT" them?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Also, you will have to configure one port as a trunk:

vlan 2
untagged....
ip add....
tagged 25 - or the number of the port that is connected to the firewall.

The same in vlan 1 (tag the same port).

Author

Commented:
SUPPOSE IF I TAG PORT 25 FOR VLAN 1 AND VLAN2 THEN THAT PORT SHOULD I NEED TO CONNECT TO FIREWALL (10.1.1.253) ?

IF YES, THEN DO I NEED TO CREATE VLAN 1 AND VLAN 2 ON FIREWALL INTERFACE ALSO?
I assumed that you use the firewall to connect to the internet and also for intervlan routing. I have to admit that I don't really know how you can do this. But, if it works like a router, you should create subinterfaces: one in 10.1.1.x and one in 192.168.1.x

Hope this will work!
Assuming the firewall is connected to an access port which is on vlan 1, you do not need to do trunking with the firewall (Subinterfaces).  I am also assuming this switch is a L3 switch, so it will do the routing itself (proven by you being able to ping accross the vlans ).  Can you confirm that you can ping or trace to external host from vlan1 and NOT from VLAN2? if that is the case, you will only need to add a static route on the firewall to route to 192.168.1.0/24 through 10.1.1.250.

To take this one step further, depending on your firewall, you can implement RIP between the FW and the Switch (assuming they both support it)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.