Solved

VLAN routing on HP Procurve E3800 stack

Posted on 2012-04-12
8
3,384 Views
Last Modified: 2012-04-12
Hello, I am trying to get VLAN's setup, coming from a flat network layout.
We purchased 2 HP e3800-48-POE switches, with stacking modules, and have them stacked. I want these to be my core switches.
We also purchased a 2910al-48-poe, and it is in another closet.

On all the switches, I created VLANS:
1-Default
401-Server
402-Voice
403-Print
404-Workstation
499-Storage (iSCSI for VmWare/SAN)

On the 3800 stack, I gave IP's to these:
1=10.4.3.1/22
401=10.4.91.1/22
402=10.4.7.1/22
403=10.4.11.1/22
404=10.4.15.1/22
I also issued the "ip routing" command

On the 2910, I only gave an IP on vlan 1, so I can manage it. It is 10.4.1.101/22
ip routing is not enabled on the 2910, as I want the 3800's to handle it.

Clients get DHCP which is working. The people on vlan 1 get a gateway of 10.4.3.1, and the people (shoretel phones) on vlan 402 get gateway of 10.4.7.1.

Almost all my ports are setup as being tagged with 402, and untagged 1.
The 3800 stack and the 2910 are linked with a cat6 cable(to be replaced by 10gb fiber tomorrow), and all vlan's are tagged on the ports they are in (is that right?).

default gateway on all switches is set to 10.4.0.253, which is our watchguard firewall. I don't believe I need to do anything on the watchguard for routing to work between the two vlan's, since it comes after the 3800's. I probably do need to do something on it for internet to work on the other vlan's though, which I will worry about later.

So the problem is, clients on vlan 1 and 402 can't talk to eachother (haven't tried the other vlans yet, 1 and 402 are the critical ones). Also People on vlan 1 get internet, people on vlan 402 do not.

Configs are attached.

Any thoughts?
HP2910alConfig1.txt
HPe3800config1.txt
0
Comment
Question by:GreenEnvy
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:RKinsp
ID: 37838970
Can you tell me what port connects both networks on the 3800 and the  2910 to further check this?
0
 

Author Comment

by:GreenEnvy
ID: 37838997
Port 48 on the 2910, and port 1/36 on the 3800 stack.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839005
what port is your watchguard configured on? What VLAN?

What IP address and mask are you giving out on your DHCP?

I think it is peculiar that you have no VLAN on the same network as your watchguard. Can you ping your gateway (.0.253) from within the switch (not from computer)?
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 300 total points
ID: 37839032
I would try with:
NO  management-vlan 1
AFAIK management-vlan statement will break your routing.

Agree with you : you will have to make some 'route-back' on firewall for internet to work in other vlans.

HTH
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Assisted Solution

by:RKinsp
RKinsp earned 200 total points
ID: 37839068
So im guessing you probably need to create a new VLAN as a watchguard VLAN - with IP address 10.4.0.x /22.

Also, on your watchguard to make sure everybody gets internet, you will need to create a route for all your networks (10.4.x.x / 24 should work) with next hop to this new IP address.

For your 2910 you can't have the default gateway set to 10.4.0.253 since it doesn't have a VLAN or IP on that network. You need to set the default gateway to 10.4.3.1 - your VLAN 1 on your 3800.

I think the only reason you are reaching the internet from VLAN 1 is because you are going at layer 2 all the way to your watchguard...

Also, agree with jburgaard - you can remove management-vlan 1
0
 

Author Comment

by:GreenEnvy
ID: 37839102
RKinsp,
Watchguard is plugged into 1/38 on the 3800 stack, which is untagged on vlan1.

Not sure what you mean, the watchguard is on the 10.4.0.0/22 subnet, on vlan 1.
DHCP server has 2 nics in it (virtual). One is connected to VLAN 402 and gives out 10.4.5.x IP's, with gateway of 10.4.7.1. subnet 255.255.252.0
Other scope is connected to NIC on VLAN 1, gives out 10.4.0.x, with gateway of 10.4.3.1, subnet 255.255.252.0



jburgaard, I will try moving management to a different VLAN and see if that solves my issue.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839138
Oh wait, got my masking confused... changing the mgmt vlan should work, but you'll still need a route on your watchguard pointing to 10.4.3.1.
0
 

Author Comment

by:GreenEnvy
ID: 37839474
Thanks guys, does look like it was just the management IP causing it it.
My subnets are now communicating!

I will be transitioning everything off VLAN 1 shortly, onto their respective VLAN's.

Changed my subnet on the watchguard to 10.4.0.253/16, so it's supernetted over all the vlan's for now, and is working.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now