michaelsmit
asked on
Routing between 2 VLANS on a procurve 3400 and 2650 switchs
SCENARIO
Router ISP<->Procruve 3400<->Fibre<->Procurve 2650
On switch Procurve 3400 (A) there are 3 VLANs.
VLAN 1: 192.168.10.0
VLAN 2: 192.168.110.0
VLAN 3: 192.168.111.0
Connected to switch B on port 24 Tagged.
Connected to Router ISP on port 20 Untagged.
On switch Procurve 2650 (B) there are 3 VLANs.
VLAN 1: 192.168.10.0
VLAN 2: 192.168.110.0
VLAN 3: 192.168.111.0
Connected to switch A on port 50 Tagged.
The connection to Router ISP have to be tagged?
We need to access internet on Router ISP 192.168.10.1 at all VLANs, but there is no way. We only have access to internet on VLAN 1.
The configuration of them is below
Thanks in advance.
__________________________
Swich 2650
vlan 1
name "VLAN 1"
untagged 1-35,40-48
ip address 192.168.10.252 255.255.255.0
tagged 49-50
no untagged 36-39
exit
vlan 2
name "VLAN 2"
ip address 192.168.110.252 255.255.255.0
tagged 49-50
exit
vlan 3
name "VLAN 3"
untagged 36-39
ip address 192.168.111.252 255.255.255.0
tagged 49-50
exit
ip default-gateway 192.168.10.254
__________________________
Switch 3400
ip access-list extended "23"
deny ip 192.168.110.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.110.0 0.0.0.255 192.168.111.0 0.0.0.255
deny ip 192.168.111.0 0.0.0.255 192.168.110.0 0.0.0.255
permit ip 192.168.111.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "1"
deny ip 192.168.10.0 0.0.0.255 192.168.110.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.111.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.10.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "VLAN 1"
untagged 1-6,8-15,17-21
ip address 192.168.10.254 255.255.255.0
tagged 24
no untagged 7,16,22-23
ip igmp
exit
vlan 2
name "VLAN 2"
untagged 23
ip address 192.168.110.254 255.255.255.0
tagged 20,24
exit
vlan 3
name "VLAN 3"
untagged 7,16,22
ip address 192.168.111.254 255.255.255.0
tagged 20,24
exit
ip route 0.0.0.0 0.0.0.0 192.168.10.1
Router ISP<->Procruve 3400<->Fibre<->Procurve 2650
On switch Procurve 3400 (A) there are 3 VLANs.
VLAN 1: 192.168.10.0
VLAN 2: 192.168.110.0
VLAN 3: 192.168.111.0
Connected to switch B on port 24 Tagged.
Connected to Router ISP on port 20 Untagged.
On switch Procurve 2650 (B) there are 3 VLANs.
VLAN 1: 192.168.10.0
VLAN 2: 192.168.110.0
VLAN 3: 192.168.111.0
Connected to switch A on port 50 Tagged.
The connection to Router ISP have to be tagged?
We need to access internet on Router ISP 192.168.10.1 at all VLANs, but there is no way. We only have access to internet on VLAN 1.
The configuration of them is below
Thanks in advance.
__________________________
Swich 2650
vlan 1
name "VLAN 1"
untagged 1-35,40-48
ip address 192.168.10.252 255.255.255.0
tagged 49-50
no untagged 36-39
exit
vlan 2
name "VLAN 2"
ip address 192.168.110.252 255.255.255.0
tagged 49-50
exit
vlan 3
name "VLAN 3"
untagged 36-39
ip address 192.168.111.252 255.255.255.0
tagged 49-50
exit
ip default-gateway 192.168.10.254
__________________________
Switch 3400
ip access-list extended "23"
deny ip 192.168.110.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.110.0 0.0.0.255 192.168.111.0 0.0.0.255
deny ip 192.168.111.0 0.0.0.255 192.168.110.0 0.0.0.255
permit ip 192.168.111.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "1"
deny ip 192.168.10.0 0.0.0.255 192.168.110.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.111.0 0.0.0.255
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.10.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "VLAN 1"
untagged 1-6,8-15,17-21
ip address 192.168.10.254 255.255.255.0
tagged 24
no untagged 7,16,22-23
ip igmp
exit
vlan 2
name "VLAN 2"
untagged 23
ip address 192.168.110.254 255.255.255.0
tagged 20,24
exit
vlan 3
name "VLAN 3"
untagged 7,16,22
ip address 192.168.111.254 255.255.255.0
tagged 20,24
exit
ip route 0.0.0.0 0.0.0.0 192.168.10.1
Don S.
You can do this a couple of ways. you can enable IP routing on both switches. Doing so will turn on full routing between all of the VLANs. Depending on why you have three VLANs, that might not be desireable. Another way depends on the capabilities of the router. In more advanced routers, you can create sub interfaces on the ehternet port corresponding to each VLAN, essentially creating a virtual connection for each VLAN complete with an address for the router in the VLAN's address range. A host on a particular VLAN would need to have the router's address for that VLAN set as it's default gateway. The port that the router is plugged into would need to be tagged for the sub interfaces to work. routes between VLANs could be controlled within the router with ACLs.
2650 is only a layer 2 switch, you will need a layer 3 to enable routing between vlans.
You can also try a router on a stick setup where the router will to the routing via OSPF or EIGRP.
You can also try a router on a stick setup where the router will to the routing via OSPF or EIGRP.
On switch 3400 enable routing:
config
ip routing
wr mem
exit
config
ip routing
wr mem
exit
forgot to mention :
you also need route back on 192.168.10.1 to vlan 2 & 3
192.168.110.0 255.255.255.0 via 192.168.10.254 and also
192.168.111.0 255.255.255.0 via 192.168.10.254
HTH
you also need route back on 192.168.10.1 to vlan 2 & 3
192.168.110.0 255.255.255.0 via 192.168.10.254 and also
192.168.111.0 255.255.255.0 via 192.168.10.254
HTH
ASKER
we tried added ip route but it shows this error:
"192.168.10.254 can not be switch ip address and route gateway at the same time".
Our problem now is in the Switch B. At Switch A we can acces to Internet without problems. At Swich B, we can only access to Internet with vlan 1. How we can change that?Any suggestion?
Thanks.
"192.168.10.254 can not be switch ip address and route gateway at the same time".
Our problem now is in the Switch B. At Switch A we can acces to Internet without problems. At Swich B, we can only access to Internet with vlan 1. How we can change that?Any suggestion?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Actually an HP 2650 can route, it is not a full layer three switch but it can route if you set your routes manually in it.
ASKER
Good