Solved

VLAN routing on HP Procurve E3800 stack

Posted on 2012-04-12
8
3,446 Views
Last Modified: 2012-04-12
Hello, I am trying to get VLAN's setup, coming from a flat network layout.
We purchased 2 HP e3800-48-POE switches, with stacking modules, and have them stacked. I want these to be my core switches.
We also purchased a 2910al-48-poe, and it is in another closet.

On all the switches, I created VLANS:
1-Default
401-Server
402-Voice
403-Print
404-Workstation
499-Storage (iSCSI for VmWare/SAN)

On the 3800 stack, I gave IP's to these:
1=10.4.3.1/22
401=10.4.91.1/22
402=10.4.7.1/22
403=10.4.11.1/22
404=10.4.15.1/22
I also issued the "ip routing" command

On the 2910, I only gave an IP on vlan 1, so I can manage it. It is 10.4.1.101/22
ip routing is not enabled on the 2910, as I want the 3800's to handle it.

Clients get DHCP which is working. The people on vlan 1 get a gateway of 10.4.3.1, and the people (shoretel phones) on vlan 402 get gateway of 10.4.7.1.

Almost all my ports are setup as being tagged with 402, and untagged 1.
The 3800 stack and the 2910 are linked with a cat6 cable(to be replaced by 10gb fiber tomorrow), and all vlan's are tagged on the ports they are in (is that right?).

default gateway on all switches is set to 10.4.0.253, which is our watchguard firewall. I don't believe I need to do anything on the watchguard for routing to work between the two vlan's, since it comes after the 3800's. I probably do need to do something on it for internet to work on the other vlan's though, which I will worry about later.

So the problem is, clients on vlan 1 and 402 can't talk to eachother (haven't tried the other vlans yet, 1 and 402 are the critical ones). Also People on vlan 1 get internet, people on vlan 402 do not.

Configs are attached.

Any thoughts?
HP2910alConfig1.txt
HPe3800config1.txt
0
Comment
Question by:GreenEnvy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:RKinsp
ID: 37838970
Can you tell me what port connects both networks on the 3800 and the  2910 to further check this?
0
 

Author Comment

by:GreenEnvy
ID: 37838997
Port 48 on the 2910, and port 1/36 on the 3800 stack.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839005
what port is your watchguard configured on? What VLAN?

What IP address and mask are you giving out on your DHCP?

I think it is peculiar that you have no VLAN on the same network as your watchguard. Can you ping your gateway (.0.253) from within the switch (not from computer)?
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 17

Accepted Solution

by:
jburgaard earned 300 total points
ID: 37839032
I would try with:
NO  management-vlan 1
AFAIK management-vlan statement will break your routing.

Agree with you : you will have to make some 'route-back' on firewall for internet to work in other vlans.

HTH
0
 
LVL 6

Assisted Solution

by:RKinsp
RKinsp earned 200 total points
ID: 37839068
So im guessing you probably need to create a new VLAN as a watchguard VLAN - with IP address 10.4.0.x /22.

Also, on your watchguard to make sure everybody gets internet, you will need to create a route for all your networks (10.4.x.x / 24 should work) with next hop to this new IP address.

For your 2910 you can't have the default gateway set to 10.4.0.253 since it doesn't have a VLAN or IP on that network. You need to set the default gateway to 10.4.3.1 - your VLAN 1 on your 3800.

I think the only reason you are reaching the internet from VLAN 1 is because you are going at layer 2 all the way to your watchguard...

Also, agree with jburgaard - you can remove management-vlan 1
0
 

Author Comment

by:GreenEnvy
ID: 37839102
RKinsp,
Watchguard is plugged into 1/38 on the 3800 stack, which is untagged on vlan1.

Not sure what you mean, the watchguard is on the 10.4.0.0/22 subnet, on vlan 1.
DHCP server has 2 nics in it (virtual). One is connected to VLAN 402 and gives out 10.4.5.x IP's, with gateway of 10.4.7.1. subnet 255.255.252.0
Other scope is connected to NIC on VLAN 1, gives out 10.4.0.x, with gateway of 10.4.3.1, subnet 255.255.252.0



jburgaard, I will try moving management to a different VLAN and see if that solves my issue.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839138
Oh wait, got my masking confused... changing the mgmt vlan should work, but you'll still need a route on your watchguard pointing to 10.4.3.1.
0
 

Author Comment

by:GreenEnvy
ID: 37839474
Thanks guys, does look like it was just the management IP causing it it.
My subnets are now communicating!

I will be transitioning everything off VLAN 1 shortly, onto their respective VLAN's.

Changed my subnet on the watchguard to 10.4.0.253/16, so it's supernetted over all the vlan's for now, and is working.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question