Solved

Single DHCP server for 3 VLAN's on Procurve 2610

Posted on 2010-09-11
12
1,253 Views
Last Modified: 2012-05-10
Hello,

I'm trying to set up the following configuration.
I have a single DHCP server on a W2K8 server (single NIC) and a Procurve 2610 switch (has layer 3 routing features). I want to create 3 Vlan's, one with the DC, webfilter, router, one for the student network and the third for teachers. the student and teacher network must be able to reach first network but not each other.
How do I set this up?

Thanx
0
Comment
Question by:Hitconsult
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 8

Expert Comment

by:ludo_friend
Comment Utility
Hi there

easy :) on the ip interface of each vlan on the procurve, assign an "ip helper-address 1.1.1.1 " (1.1.1.1 being your w2k8 dhcp server)
0
 
LVL 1

Expert Comment

by:santoso-g
Comment Utility
Basically you will need to set up ACL (Access Control List) so that second & third networks (source IP) are permitted to go to first network (destination IP). Second network (source IP) is denied to enter third network (destination IP). Third network (source IP) is denied to enter second network (destination IP).
First network (source IP) can be set either permitted or denied to second and third networks (destination IP) depends on your scenario. In Cisco, there is a parameter "established" to permit first network to go to second or third network only if the IP communication comes from second or third network first.
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
The HP 2610 has support for access control lists, so you can these to restrict where traffic can flow.

You will also need to setup a helper address on each VLAn that requires DHCP that is not on the same VLAN as the DHCP server, and setup appropriate scopes (or superscope) on the DHCP server.

You may have issues with the capabilities of the 2610 ACLs for what you are trying to achieve. It is better to establish your infrastructure requirements before specifying hardware...
0
 

Author Comment

by:Hitconsult
Comment Utility
Hello,

I will confgure the Vlans, ip helper addresses and the ACL. I will keep you posted on the progress.

Thanx
0
 
LVL 1

Accepted Solution

by:
santoso-g earned 200 total points
Comment Utility
And do not forget to make sure the routing works well (any network can ping to other networks) before applying ACL. If the routing does not work well in the first place, you'll have terrible time to troubleshoot your ACL.
Step to configure your HP Procurve:
- Create 3 VLANs.
- Put at least one IP device (PC or laptop) in each VLAN with static IP addresses. Two devices per VLAN are recommended. You can also move device from one network to another for testing.
- Make sure you can only ping devices in the same VLAN. You should not be able to ping device in other VLAN.
- Create routing in HP Procurve to make all devices ping each other even they are not in the same VLAN.
- Remove static IP addresses in all your devices (PC or laptop) and make their IP configuration to automatic IP from DHCP. NOTE: Make sure your DHCP server has static IP address and put in the first VLAN.
- Configure ip helper-address in HP Procurve and make sure all your devices (PC or laptop) get IP address from DHCP server
- Test ping again from one VLAN to another and make sure the devices (PC or laptop) can ping each other since you have not configured ACL.
- Configure ACL one by one and test each ACL. Do not try to configure all ACL in one time since it will make testing time much longer.
0
 

Author Comment

by:Hitconsult
Comment Utility
Hello,

I did the configuration of the static routes between vlan's. As long I'm using telnet, I can ping between vlans but when I try to ping using the command prompt it doesn't work. Did I forget something?

Thanx
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Hitconsult
Comment Utility
Hello,

When I try to use the IP address of the vlan as gateway I get an error that the switch IP address must not be the same as the gateway.

example :

VLAN 1 : ip = 192.168.254.1
VLAN 2 : ip = 192.168.253.1
VLAN 3 : ip = 192.168.252.1

ip route 192.168.253.0/24 192.168.253.1 (says that 192.168.253.1 can't be used as gateway and Switch IP address)

What am I doing wrong??

Thanx
0
 

Author Comment

by:Hitconsult
Comment Utility
after a few modifications I am able to ping some devices in other Vlans but not all. For example there is a server on 192.168.254.200 and a client PC at 192.168.254.190, I can ping the client 2 from a PC on Vlan 20 but not the server (server and client 2 are on vlan 10).

This is my show run

hostname "ProCurve Switch 2610-24"
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1
   ip address 192.168.250.1 255.255.255.0
   no untagged 2-28
   exit
vlan 10
   name "Main"
   untagged 21-28
   ip address 192.168.254.1 255.255.255.0
   exit
vlan 20
   name "Leerlingen"
   untagged 2-12
   ip address 192.168.252.1 255.255.255.0
   exit
vlan 30
   name "Secretariaat"
   untagged 13-20
   ip address 192.168.251.1 255.255.255.0
   exit
ip route 0.0.0.0 0.0.0.0 192.168.254.221
0
 

Author Comment

by:Hitconsult
Comment Utility
Hello,

I found the answer to the  ping problem, Every device needs the ip address from its Vlan as gateway. Problem is the webfilter and cable router, I can't change their gateway. If I don't change the gateway settings, no PC can reach the webfilter or cablerouter.

Please advise
0
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 50 total points
Comment Utility
What platform is the webfilter running on ?

I would hope that it would be able to have static routes added to it...

0
 

Author Comment

by:Hitconsult
Comment Utility
Hi all,

I got the Vlan's working. I'm setting up the ACL's. I'm going to use extended ACL's but can anyone of you tell me if the interface number is in fact the switch IP address of the VLAN? I have three VLAN's, do I use interface 1 for the first VLAN, interface 2 for the second and interface 3 for VLAN 3?

Thx
0
 

Author Closing Comment

by:Hitconsult
Comment Utility
Thanx everyone
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now