[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3916
  • Last Modified:

Procurve 2910al-24G Inter-Vlan routing

Hi,

I am trying to use a Procurve 2910al switch as a core switch to segment a rather large flat network.  Here is what I am running into.  I can create two vlans on the switch, vlan 30 and vlan 10.  I can get traffic to cross these VLANs just as it should after I enable "ip routing".  The problem is I cant seem to route anything over to the default_vlan side.  I am going to be making these changes slowly at the other sites so I need to be able to keep untagged, vlan1 traffic on the swtich.  Is it not possible to go from vlan 30 to vlan 1?
0
tray_jones
Asked:
tray_jones
  • 2
  • 2
1 Solution
 
simon_m_Commented:
It should be possible to route between all VLans.    Each vlan will have it's own "default gateway" address, which you specify in the switch.  What your issue mostprobably is that you already have a defaault gateway set on your default vlan which I guess is something like a firewall or internet router.  So what you need to do is to either :-

Change your default gateway for all PCs / servers etc to be the vlan 1 IP address in the switch, and in the switch add a static route for 0.0.0.0 0.0.0.0 back to your internet router /firewall, or if the switch has an entry for the overall default gateway put it in there.  

So the traffic flow would go like :-

PC on vlan 30 pings a server on vlan 1  -  PC goes to IP address of vlan 30,  switch forwards to server, server goes back to its default gateway ( which is now the HP switch) which forwards back to PC.

PC on vlan 1 tries to go to internet .. sends to HP switch,  switch has an entry for 0.0.0.0 ( it's default gateway) and sends packet onto router.

I've done this on HP switches and it worked just fine.
0
 
tray_jonesAuthor Commented:
That sounds very realistic.  I thought that I might be having a routing issue outside of the switch itself, ie, the VLAN1 clients not knowing how to get back to the other VLANS.  The whole reason I am even messing with this is because of our Barracuda Web Filter 310.  The setup here.  There are about 28 sites around our city, we are a city goverment, all connected with private fiber.  The fiber gets muxed at a remote location inside of a service providers head end.  They dump me one copper port.  I think that they are using a tech called CDWM to multiplex the optical signals over single strands of fiber.  I may have that acronym wrong.  Either way, I was going to use our sonic wall NSA2400 with alot of sub interfaces for the VLANS.  My tesing showed that it was working and easy to manage.  The only hitch is the barracuda sitting between the switched LAN and the NSA.  It seems to be dropping the VLAN tagged packets.  I could go between all of the VLANs just fine but could not hit the internet via port 80, but FTP would work so I am blaming the cuda.  I have read some stuff about it dropping the tagged packets and some that say it "should" pass through.  So i picked up this switch to have the VLAN routing take place before it got to the barracuda.  
I will have to try this in a test enviroment first but it sounds logical.  Do you think that I could add static routes in the NSA back to the VLANS with a gateway of the switches IP?  we have about 480 clients floating out there...

Sorry if that sounds like a ramble, its still early...
0
 
simon_m_Commented:
Adding static routes in the firewall shouldn't be a problem, you only have a couple of vlans, so it would be just at their subnet level.
0
 
tray_jonesAuthor Commented:
Thanks Simon!

I got the static routes added into the NSA and into my Barracuda, it would not work with out it.  Everything is working well.  Now I have a lot ahead of me.

Thanks Again!
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now