Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Default VLAN untagged Procurve HP

Hello,

I have 3 running networks on a HP Procurve Switch 2 privates (172.16.1.0/24 and 192.168.0.0/16) and a public network. I don't loose traffic on pvt 172.16 and also on public. On the 192.168 I keep loosing packets and btw this is separated by default vlan (untagged) this could be the problem?
0
goncalogirao
Asked:
goncalogirao
  • 11
  • 8
  • 4
1 Solution
 
RKinspCommented:
Hello, the untagged vlan separation should not be a problem. You are loosing packets from where to where? Can you send your config and version?

If you are routing between vlans, make sure you have ip routing enable. I've seen procurve's route some packets but not all when routing is disabled.

-RK
0
 
goncalogiraoAuthor Commented:
I'm loosing packets between my ISP's Router and fibre optics equipment. This is very strange, on my local network (i ping the gateway->ips's router and don't loose anything), but if I ping a public address (the one on the public side of the router I keep loosing.

What config do you need, the Switch?
  Port   DEFAULT_VLAN   VLAN-pbWY    VLAN-pvtL4S
  ---- + ------------  ------------  ------------
  11   | Untagged      No            No    
  12   | Untagged      No            No    
  13   | Untagged      No            No
  14   | Untagged      No            No
  15   | Untagged      No            No
  16   | Untagged      No            No
  17   | Untagged      No            No
  18   | Untagged      No            No
  19   | Untagged      No            No
  20   | Untagged      No            No
  21   | Untagged      No            No
  22   | Untagged      Tagged        Tagged

 Actions->   Cancel     Edit     Save     Help
0
 
RKinspCommented:
It sounds more like your router does not have routes to all your internal VLANs. When you say you loose pings, is it like if you ping from VLAN X you loose all pings or you loose one or two pings and three make it through?

Does your ISP router have firewall active? Can you send a diagram of your network showing which pings you are loosing and which ones you are not?

A stateful firewall could block some packets but not all depending on the connection.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
goncalogiraoAuthor Commented:
When I say I loose pings, I don't loose all. Sometimes the network is ok.

Yes, the router's ISP has a firewall (but I think is manual configured). But like I said sometimes happen, not always, just when everybody is connected. Can be a machine generating bad traffic?
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
This is might be the problem of routing or firewall.This isn't the VLAN issue at all.
You need to check your routers interface statistics,memory and CPU usage and firewall settings.However these features depend on your routers model and brand.

Also please check router's interface.Is it configured Auto,Half Duplex or Full Duplex?
0
 
goncalogiraoAuthor Commented:
I have access to stats (memory, cpu, sessions and policies below 40%) It is configured 100 FDx.

the firewall settings is what keeps me confused.
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Did you try with restarting the interface or reboot the router?
0
 
goncalogiraoAuthor Commented:
several times. We have changed the private lan interface also 0/3 to 0/0.

I'm considering change the router.
0
 
RKinspCommented:
can you see if there are any errors on the Router/Firewall interface? what model equipment is it?
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
It could be the firewall issue.
Did you try ping from WAN side when you encounter problem??

If it is your border router you could try from looking glass sites:
http://lg.level3.net/ping/ping.cgi               

You can use 99 packet count to check if there's any drop.
0
 
goncalogiraoAuthor Commented:
Great tip! Pinging from outside....
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
So, it could be your router feature specially firewall.
0
 
goncalogiraoAuthor Commented:
now its late night here, and no one at office. Tomorrow give feedback
TY
0
 
goncalogiraoAuthor Commented:
Today tested the ping from outside, no problems at all. The router is a Cisco Juniper
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Could you please disable your firewall (for test only) ?
0
 
goncalogiraoAuthor Commented:
I Cannot disable FW because its not configured manually. I'm considering config a LACP for better performance.
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
That would be good.Just go ahead.
0
 
goncalogiraoAuthor Commented:
I've found "A device on port 21 is transmitting packets shorter than 64 bytes or longer than 1518 bytes (longer than 1522 bytes if tagged), with valid CRCs." And many other ports on one switch. Already upgraded the nics driver with no luck. How can I prevent it?

I have about 4000 Rx errors on 8 ports...
0
 
RKinspCommented:
Can you capture the packet to see if it is a valid packet? You might have to enable Jumbo Frames if it is valid (bigger packets, up to 9000 bytes).

-RK
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Check MTU settings of your devices.
0
 
goncalogiraoAuthor Commented:
All errors come from Realtek PCIe Gigabit Family NICs (about 8). Today I asked my collaborators to use wireless instead of cable to check network performance.
0
 
goncalogiraoAuthor Commented:
I enabled jumbo frames on that clan, but was no good. I think i lost even more performance. I'm going to check mtu on devices, they should be at 1500?

You are great with your help!
0
 
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Hello,

MTU vaies based on media.Please check the following link and MTU Table of common media:
http://en.wikipedia.org/wiki/Maximum_transmission_unit
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 11
  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now