Solved

Single DHCP server for 3 VLAN's on Procurve 2610

Posted on 2010-09-11
12
1,278 Views
Last Modified: 2012-05-10
Hello,

I'm trying to set up the following configuration.
I have a single DHCP server on a W2K8 server (single NIC) and a Procurve 2610 switch (has layer 3 routing features). I want to create 3 Vlan's, one with the DC, webfilter, router, one for the student network and the third for teachers. the student and teacher network must be able to reach first network but not each other.
How do I set this up?

Thanx
0
Comment
Question by:Hitconsult
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 8

Expert Comment

by:ludo_friend
ID: 33652522
Hi there

easy :) on the ip interface of each vlan on the procurve, assign an "ip helper-address 1.1.1.1 " (1.1.1.1 being your w2k8 dhcp server)
0
 
LVL 1

Expert Comment

by:santoso-g
ID: 33653692
Basically you will need to set up ACL (Access Control List) so that second & third networks (source IP) are permitted to go to first network (destination IP). Second network (source IP) is denied to enter third network (destination IP). Third network (source IP) is denied to enter second network (destination IP).
First network (source IP) can be set either permitted or denied to second and third networks (destination IP) depends on your scenario. In Cisco, there is a parameter "established" to permit first network to go to second or third network only if the IP communication comes from second or third network first.
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 33654341
The HP 2610 has support for access control lists, so you can these to restrict where traffic can flow.

You will also need to setup a helper address on each VLAn that requires DHCP that is not on the same VLAN as the DHCP server, and setup appropriate scopes (or superscope) on the DHCP server.

You may have issues with the capabilities of the 2610 ACLs for what you are trying to achieve. It is better to establish your infrastructure requirements before specifying hardware...
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:Hitconsult
ID: 33654883
Hello,

I will confgure the Vlans, ip helper addresses and the ACL. I will keep you posted on the progress.

Thanx
0
 
LVL 1

Accepted Solution

by:
santoso-g earned 200 total points
ID: 33655625
And do not forget to make sure the routing works well (any network can ping to other networks) before applying ACL. If the routing does not work well in the first place, you'll have terrible time to troubleshoot your ACL.
Step to configure your HP Procurve:
- Create 3 VLANs.
- Put at least one IP device (PC or laptop) in each VLAN with static IP addresses. Two devices per VLAN are recommended. You can also move device from one network to another for testing.
- Make sure you can only ping devices in the same VLAN. You should not be able to ping device in other VLAN.
- Create routing in HP Procurve to make all devices ping each other even they are not in the same VLAN.
- Remove static IP addresses in all your devices (PC or laptop) and make their IP configuration to automatic IP from DHCP. NOTE: Make sure your DHCP server has static IP address and put in the first VLAN.
- Configure ip helper-address in HP Procurve and make sure all your devices (PC or laptop) get IP address from DHCP server
- Test ping again from one VLAN to another and make sure the devices (PC or laptop) can ping each other since you have not configured ACL.
- Configure ACL one by one and test each ACL. Do not try to configure all ACL in one time since it will make testing time much longer.
0
 

Author Comment

by:Hitconsult
ID: 33670648
Hello,

I did the configuration of the static routes between vlan's. As long I'm using telnet, I can ping between vlans but when I try to ping using the command prompt it doesn't work. Did I forget something?

Thanx
0
 

Author Comment

by:Hitconsult
ID: 33670828
Hello,

When I try to use the IP address of the vlan as gateway I get an error that the switch IP address must not be the same as the gateway.

example :

VLAN 1 : ip = 192.168.254.1
VLAN 2 : ip = 192.168.253.1
VLAN 3 : ip = 192.168.252.1

ip route 192.168.253.0/24 192.168.253.1 (says that 192.168.253.1 can't be used as gateway and Switch IP address)

What am I doing wrong??

Thanx
0
 

Author Comment

by:Hitconsult
ID: 33672203
after a few modifications I am able to ping some devices in other Vlans but not all. For example there is a server on 192.168.254.200 and a client PC at 192.168.254.190, I can ping the client 2 from a PC on Vlan 20 but not the server (server and client 2 are on vlan 10).

This is my show run

hostname "ProCurve Switch 2610-24"
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1
   ip address 192.168.250.1 255.255.255.0
   no untagged 2-28
   exit
vlan 10
   name "Main"
   untagged 21-28
   ip address 192.168.254.1 255.255.255.0
   exit
vlan 20
   name "Leerlingen"
   untagged 2-12
   ip address 192.168.252.1 255.255.255.0
   exit
vlan 30
   name "Secretariaat"
   untagged 13-20
   ip address 192.168.251.1 255.255.255.0
   exit
ip route 0.0.0.0 0.0.0.0 192.168.254.221
0
 

Author Comment

by:Hitconsult
ID: 33675282
Hello,

I found the answer to the  ping problem, Every device needs the ip address from its Vlan as gateway. Problem is the webfilter and cable router, I can't change their gateway. If I don't change the gateway settings, no PC can reach the webfilter or cablerouter.

Please advise
0
 
LVL 37

Assisted Solution

by:ArneLovius
ArneLovius earned 50 total points
ID: 33675616
What platform is the webfilter running on ?

I would hope that it would be able to have static routes added to it...

0
 

Author Comment

by:Hitconsult
ID: 33711495
Hi all,

I got the Vlan's working. I'm setting up the ACL's. I'm going to use extended ACL's but can anyone of you tell me if the interface number is in fact the switch IP address of the VLAN? I have three VLAN's, do I use interface 1 for the first VLAN, interface 2 for the second and interface 3 for VLAN 3?

Thx
0
 

Author Closing Comment

by:Hitconsult
ID: 33756818
Thanx everyone
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Root STP in Cisco switch maintenance 2 61
Trunk Port 7 55
Disabling SNMP Write-Access on Switches 6 28
2960 port config for both PC & SIP phone using QoS 2 18
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question