Link to home
Start Free TrialLog in
Avatar of Hitconsult
Hitconsult

asked on

Single DHCP server for 3 VLAN's on Procurve 2610

Hello,

I'm trying to set up the following configuration.
I have a single DHCP server on a W2K8 server (single NIC) and a Procurve 2610 switch (has layer 3 routing features). I want to create 3 Vlan's, one with the DC, webfilter, router, one for the student network and the third for teachers. the student and teacher network must be able to reach first network but not each other.
How do I set this up?

Thanx
Avatar of ludo_friend
ludo_friend
Flag of Australia image

Hi there

easy :) on the ip interface of each vlan on the procurve, assign an "ip helper-address 1.1.1.1 " (1.1.1.1 being your w2k8 dhcp server)
Avatar of santoso-g
santoso-g

Basically you will need to set up ACL (Access Control List) so that second & third networks (source IP) are permitted to go to first network (destination IP). Second network (source IP) is denied to enter third network (destination IP). Third network (source IP) is denied to enter second network (destination IP).
First network (source IP) can be set either permitted or denied to second and third networks (destination IP) depends on your scenario. In Cisco, there is a parameter "established" to permit first network to go to second or third network only if the IP communication comes from second or third network first.
Avatar of ArneLovius
The HP 2610 has support for access control lists, so you can these to restrict where traffic can flow.

You will also need to setup a helper address on each VLAn that requires DHCP that is not on the same VLAN as the DHCP server, and setup appropriate scopes (or superscope) on the DHCP server.

You may have issues with the capabilities of the 2610 ACLs for what you are trying to achieve. It is better to establish your infrastructure requirements before specifying hardware...
Avatar of Hitconsult

ASKER

Hello,

I will confgure the Vlans, ip helper addresses and the ACL. I will keep you posted on the progress.

Thanx
ASKER CERTIFIED SOLUTION
Avatar of santoso-g
santoso-g

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hello,

I did the configuration of the static routes between vlan's. As long I'm using telnet, I can ping between vlans but when I try to ping using the command prompt it doesn't work. Did I forget something?

Thanx
Hello,

When I try to use the IP address of the vlan as gateway I get an error that the switch IP address must not be the same as the gateway.

example :

VLAN 1 : ip = 192.168.254.1
VLAN 2 : ip = 192.168.253.1
VLAN 3 : ip = 192.168.252.1

ip route 192.168.253.0/24 192.168.253.1 (says that 192.168.253.1 can't be used as gateway and Switch IP address)

What am I doing wrong??

Thanx
after a few modifications I am able to ping some devices in other Vlans but not all. For example there is a server on 192.168.254.200 and a client PC at 192.168.254.190, I can ping the client 2 from a PC on Vlan 20 but not the server (server and client 2 are on vlan 10).

This is my show run

hostname "ProCurve Switch 2610-24"
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1
   ip address 192.168.250.1 255.255.255.0
   no untagged 2-28
   exit
vlan 10
   name "Main"
   untagged 21-28
   ip address 192.168.254.1 255.255.255.0
   exit
vlan 20
   name "Leerlingen"
   untagged 2-12
   ip address 192.168.252.1 255.255.255.0
   exit
vlan 30
   name "Secretariaat"
   untagged 13-20
   ip address 192.168.251.1 255.255.255.0
   exit
ip route 0.0.0.0 0.0.0.0 192.168.254.221
Hello,

I found the answer to the  ping problem, Every device needs the ip address from its Vlan as gateway. Problem is the webfilter and cable router, I can't change their gateway. If I don't change the gateway settings, no PC can reach the webfilter or cablerouter.

Please advise
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi all,

I got the Vlan's working. I'm setting up the ACL's. I'm going to use extended ACL's but can anyone of you tell me if the interface number is in fact the switch IP address of the VLAN? I have three VLAN's, do I use interface 1 for the first VLAN, interface 2 for the second and interface 3 for VLAN 3?

Thx
Thanx everyone