Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VLAN routing on HP Procurve E3800 stack

Posted on 2012-04-12
8
Medium Priority
?
3,470 Views
Last Modified: 2012-04-12
Hello, I am trying to get VLAN's setup, coming from a flat network layout.
We purchased 2 HP e3800-48-POE switches, with stacking modules, and have them stacked. I want these to be my core switches.
We also purchased a 2910al-48-poe, and it is in another closet.

On all the switches, I created VLANS:
1-Default
401-Server
402-Voice
403-Print
404-Workstation
499-Storage (iSCSI for VmWare/SAN)

On the 3800 stack, I gave IP's to these:
1=10.4.3.1/22
401=10.4.91.1/22
402=10.4.7.1/22
403=10.4.11.1/22
404=10.4.15.1/22
I also issued the "ip routing" command

On the 2910, I only gave an IP on vlan 1, so I can manage it. It is 10.4.1.101/22
ip routing is not enabled on the 2910, as I want the 3800's to handle it.

Clients get DHCP which is working. The people on vlan 1 get a gateway of 10.4.3.1, and the people (shoretel phones) on vlan 402 get gateway of 10.4.7.1.

Almost all my ports are setup as being tagged with 402, and untagged 1.
The 3800 stack and the 2910 are linked with a cat6 cable(to be replaced by 10gb fiber tomorrow), and all vlan's are tagged on the ports they are in (is that right?).

default gateway on all switches is set to 10.4.0.253, which is our watchguard firewall. I don't believe I need to do anything on the watchguard for routing to work between the two vlan's, since it comes after the 3800's. I probably do need to do something on it for internet to work on the other vlan's though, which I will worry about later.

So the problem is, clients on vlan 1 and 402 can't talk to eachother (haven't tried the other vlans yet, 1 and 402 are the critical ones). Also People on vlan 1 get internet, people on vlan 402 do not.

Configs are attached.

Any thoughts?
HP2910alConfig1.txt
HPe3800config1.txt
0
Comment
Question by:GreenEnvy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:RKinsp
ID: 37838970
Can you tell me what port connects both networks on the 3800 and the  2910 to further check this?
0
 

Author Comment

by:GreenEnvy
ID: 37838997
Port 48 on the 2910, and port 1/36 on the 3800 stack.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839005
what port is your watchguard configured on? What VLAN?

What IP address and mask are you giving out on your DHCP?

I think it is peculiar that you have no VLAN on the same network as your watchguard. Can you ping your gateway (.0.253) from within the switch (not from computer)?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Accepted Solution

by:
jburgaard earned 1200 total points
ID: 37839032
I would try with:
NO  management-vlan 1
AFAIK management-vlan statement will break your routing.

Agree with you : you will have to make some 'route-back' on firewall for internet to work in other vlans.

HTH
0
 
LVL 6

Assisted Solution

by:RKinsp
RKinsp earned 800 total points
ID: 37839068
So im guessing you probably need to create a new VLAN as a watchguard VLAN - with IP address 10.4.0.x /22.

Also, on your watchguard to make sure everybody gets internet, you will need to create a route for all your networks (10.4.x.x / 24 should work) with next hop to this new IP address.

For your 2910 you can't have the default gateway set to 10.4.0.253 since it doesn't have a VLAN or IP on that network. You need to set the default gateway to 10.4.3.1 - your VLAN 1 on your 3800.

I think the only reason you are reaching the internet from VLAN 1 is because you are going at layer 2 all the way to your watchguard...

Also, agree with jburgaard - you can remove management-vlan 1
0
 

Author Comment

by:GreenEnvy
ID: 37839102
RKinsp,
Watchguard is plugged into 1/38 on the 3800 stack, which is untagged on vlan1.

Not sure what you mean, the watchguard is on the 10.4.0.0/22 subnet, on vlan 1.
DHCP server has 2 nics in it (virtual). One is connected to VLAN 402 and gives out 10.4.5.x IP's, with gateway of 10.4.7.1. subnet 255.255.252.0
Other scope is connected to NIC on VLAN 1, gives out 10.4.0.x, with gateway of 10.4.3.1, subnet 255.255.252.0



jburgaard, I will try moving management to a different VLAN and see if that solves my issue.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839138
Oh wait, got my masking confused... changing the mgmt vlan should work, but you'll still need a route on your watchguard pointing to 10.4.3.1.
0
 

Author Comment

by:GreenEnvy
ID: 37839474
Thanks guys, does look like it was just the management IP causing it it.
My subnets are now communicating!

I will be transitioning everything off VLAN 1 shortly, onto their respective VLAN's.

Changed my subnet on the watchguard to 10.4.0.253/16, so it's supernetted over all the vlan's for now, and is working.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question