Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VLAN routing on HP Procurve E3800 stack

Posted on 2012-04-12
8
Medium Priority
?
3,487 Views
Last Modified: 2012-04-12
Hello, I am trying to get VLAN's setup, coming from a flat network layout.
We purchased 2 HP e3800-48-POE switches, with stacking modules, and have them stacked. I want these to be my core switches.
We also purchased a 2910al-48-poe, and it is in another closet.

On all the switches, I created VLANS:
1-Default
401-Server
402-Voice
403-Print
404-Workstation
499-Storage (iSCSI for VmWare/SAN)

On the 3800 stack, I gave IP's to these:
1=10.4.3.1/22
401=10.4.91.1/22
402=10.4.7.1/22
403=10.4.11.1/22
404=10.4.15.1/22
I also issued the "ip routing" command

On the 2910, I only gave an IP on vlan 1, so I can manage it. It is 10.4.1.101/22
ip routing is not enabled on the 2910, as I want the 3800's to handle it.

Clients get DHCP which is working. The people on vlan 1 get a gateway of 10.4.3.1, and the people (shoretel phones) on vlan 402 get gateway of 10.4.7.1.

Almost all my ports are setup as being tagged with 402, and untagged 1.
The 3800 stack and the 2910 are linked with a cat6 cable(to be replaced by 10gb fiber tomorrow), and all vlan's are tagged on the ports they are in (is that right?).

default gateway on all switches is set to 10.4.0.253, which is our watchguard firewall. I don't believe I need to do anything on the watchguard for routing to work between the two vlan's, since it comes after the 3800's. I probably do need to do something on it for internet to work on the other vlan's though, which I will worry about later.

So the problem is, clients on vlan 1 and 402 can't talk to eachother (haven't tried the other vlans yet, 1 and 402 are the critical ones). Also People on vlan 1 get internet, people on vlan 402 do not.

Configs are attached.

Any thoughts?
HP2910alConfig1.txt
HPe3800config1.txt
0
Comment
Question by:GreenEnvy
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:RKinsp
ID: 37838970
Can you tell me what port connects both networks on the 3800 and the  2910 to further check this?
0
 

Author Comment

by:GreenEnvy
ID: 37838997
Port 48 on the 2910, and port 1/36 on the 3800 stack.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839005
what port is your watchguard configured on? What VLAN?

What IP address and mask are you giving out on your DHCP?

I think it is peculiar that you have no VLAN on the same network as your watchguard. Can you ping your gateway (.0.253) from within the switch (not from computer)?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 17

Accepted Solution

by:
jburgaard earned 1200 total points
ID: 37839032
I would try with:
NO  management-vlan 1
AFAIK management-vlan statement will break your routing.

Agree with you : you will have to make some 'route-back' on firewall for internet to work in other vlans.

HTH
0
 
LVL 6

Assisted Solution

by:RKinsp
RKinsp earned 800 total points
ID: 37839068
So im guessing you probably need to create a new VLAN as a watchguard VLAN - with IP address 10.4.0.x /22.

Also, on your watchguard to make sure everybody gets internet, you will need to create a route for all your networks (10.4.x.x / 24 should work) with next hop to this new IP address.

For your 2910 you can't have the default gateway set to 10.4.0.253 since it doesn't have a VLAN or IP on that network. You need to set the default gateway to 10.4.3.1 - your VLAN 1 on your 3800.

I think the only reason you are reaching the internet from VLAN 1 is because you are going at layer 2 all the way to your watchguard...

Also, agree with jburgaard - you can remove management-vlan 1
0
 

Author Comment

by:GreenEnvy
ID: 37839102
RKinsp,
Watchguard is plugged into 1/38 on the 3800 stack, which is untagged on vlan1.

Not sure what you mean, the watchguard is on the 10.4.0.0/22 subnet, on vlan 1.
DHCP server has 2 nics in it (virtual). One is connected to VLAN 402 and gives out 10.4.5.x IP's, with gateway of 10.4.7.1. subnet 255.255.252.0
Other scope is connected to NIC on VLAN 1, gives out 10.4.0.x, with gateway of 10.4.3.1, subnet 255.255.252.0



jburgaard, I will try moving management to a different VLAN and see if that solves my issue.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839138
Oh wait, got my masking confused... changing the mgmt vlan should work, but you'll still need a route on your watchguard pointing to 10.4.3.1.
0
 

Author Comment

by:GreenEnvy
ID: 37839474
Thanks guys, does look like it was just the management IP causing it it.
My subnets are now communicating!

I will be transitioning everything off VLAN 1 shortly, onto their respective VLAN's.

Changed my subnet on the watchguard to 10.4.0.253/16, so it's supernetted over all the vlan's for now, and is working.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question