Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1634
  • Last Modified:

Procurve & VLAN Routing

I have a customer with a 1000+ node network which is a fully switched, single broadcast domain spread across a large site. As a result, they have major issues with broadcast traffic, collisions and security threats to some critical network services.

I want to set up VLANs to isolate devices by function and/or location. I am au fait with VLANs and will happily work with these. I have a number of VLANs already configured to isolate test networks and things across switches, but I cannot get my head around splitting the main network into VLANs and having one of the switches at the core route traffic between those VLANs.

The basic network infrastructure:
CORE SWITCH: An old, modular Procurve 4108gl
SERVERS: 4 trunked 1Gbps copper connections to a 2910al switch in the server rack. LACP trunks from rack to server. All servers are HP Proliant DL3xx running HP Network software.
EDGE: Edge switches are at most two layers from the core, all Procurve but various models. Not that it matters but all are fed directly from the core on fibre or, for short runs, gigabit copper.

I am aware the core switch is old and will not support IP routing if trunks are also present. We may have financial approval for a switch upgrade as part of this project, or I may be required to use the 2910al in the server rack to do the VLAN routing until such a replacement can be installed.

My real question is:

How do I get started?

So far I have enabled ip routing in the config interface but I still cannot ping between the various subnets on each VLAN.

I am also confused by HP's documentation for most of these switches, which states a maximum of 16 static routes for the majority of models. Do I need to use static routes for this purpose? If so, I presume I am limited to 16 VLANs if that is my static route limit? Or is one of these automated protocols better? I have heard of OSPF.

I am struggling to find documentation on this or understand through experimenting, so I would greatly appreciate a nudge in the right direction. If the 4108gl or 2910al is not capable of doing basic routing between VLANs and I need to use a router "on a stick", please say so.

Thank you!
  • 2
2 Solutions
Don JohnstonInstructorCommented:
>How do I get started?

Assign IP addresses to each vlan.

vlan 8
 ip address
vlan 12
 ip address

>which states a maximum of 16 static routes for the majority of models.

If you are only routing on one switch, you won't need any static routes.  A static route is one that YOU create. If there is internet connectivity, you'll need a static route for that (, but that's it. The other routes (one for each VLAN) are Directly Connected. Those routes appear automatically when you assign an IP address to a VLAN.

>If the 4108gl or 2910al is not capable of doing basic routing between VLANs and I need to use a router "on a stick", please say so.

While the 2910 is not the latest, greatest, fastest switch, it'll do the job. Until you get a better one.


Just to add to to Don's great reply, you will also need to reconfigure all the Default Gateways on your computers to the VLAN IP of the Routing Switch (following the example, computers on VLAN 8 should have as a default gateway).

Good luck,
tigermattAuthor Commented:

Perfect! That works! I was looking into this too deeply. The network I was testing with has its own default gateway within the same VLAN, and I was wonder why the boxes weren't replying to a ping. I thought the issue was misconfigured switches when it was really just the box not being able to respond to the ping as the gateway wasn't set to the switch.

Thanks so much for your help. This is the first time I have been on this side of the Q&A process for a while and as usual, the Experts deliver. :)

tigermattAuthor Commented:
Thanks folks! Excellent responses, as always.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now