Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

VLAN routing on HP Procurve E3800 stack

Posted on 2012-04-12
8
3,423 Views
Last Modified: 2012-04-12
Hello, I am trying to get VLAN's setup, coming from a flat network layout.
We purchased 2 HP e3800-48-POE switches, with stacking modules, and have them stacked. I want these to be my core switches.
We also purchased a 2910al-48-poe, and it is in another closet.

On all the switches, I created VLANS:
1-Default
401-Server
402-Voice
403-Print
404-Workstation
499-Storage (iSCSI for VmWare/SAN)

On the 3800 stack, I gave IP's to these:
1=10.4.3.1/22
401=10.4.91.1/22
402=10.4.7.1/22
403=10.4.11.1/22
404=10.4.15.1/22
I also issued the "ip routing" command

On the 2910, I only gave an IP on vlan 1, so I can manage it. It is 10.4.1.101/22
ip routing is not enabled on the 2910, as I want the 3800's to handle it.

Clients get DHCP which is working. The people on vlan 1 get a gateway of 10.4.3.1, and the people (shoretel phones) on vlan 402 get gateway of 10.4.7.1.

Almost all my ports are setup as being tagged with 402, and untagged 1.
The 3800 stack and the 2910 are linked with a cat6 cable(to be replaced by 10gb fiber tomorrow), and all vlan's are tagged on the ports they are in (is that right?).

default gateway on all switches is set to 10.4.0.253, which is our watchguard firewall. I don't believe I need to do anything on the watchguard for routing to work between the two vlan's, since it comes after the 3800's. I probably do need to do something on it for internet to work on the other vlan's though, which I will worry about later.

So the problem is, clients on vlan 1 and 402 can't talk to eachother (haven't tried the other vlans yet, 1 and 402 are the critical ones). Also People on vlan 1 get internet, people on vlan 402 do not.

Configs are attached.

Any thoughts?
HP2910alConfig1.txt
HPe3800config1.txt
0
Comment
Question by:GreenEnvy
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:RKinsp
ID: 37838970
Can you tell me what port connects both networks on the 3800 and the  2910 to further check this?
0
 

Author Comment

by:GreenEnvy
ID: 37838997
Port 48 on the 2910, and port 1/36 on the 3800 stack.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839005
what port is your watchguard configured on? What VLAN?

What IP address and mask are you giving out on your DHCP?

I think it is peculiar that you have no VLAN on the same network as your watchguard. Can you ping your gateway (.0.253) from within the switch (not from computer)?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Accepted Solution

by:
jburgaard earned 300 total points
ID: 37839032
I would try with:
NO  management-vlan 1
AFAIK management-vlan statement will break your routing.

Agree with you : you will have to make some 'route-back' on firewall for internet to work in other vlans.

HTH
0
 
LVL 6

Assisted Solution

by:RKinsp
RKinsp earned 200 total points
ID: 37839068
So im guessing you probably need to create a new VLAN as a watchguard VLAN - with IP address 10.4.0.x /22.

Also, on your watchguard to make sure everybody gets internet, you will need to create a route for all your networks (10.4.x.x / 24 should work) with next hop to this new IP address.

For your 2910 you can't have the default gateway set to 10.4.0.253 since it doesn't have a VLAN or IP on that network. You need to set the default gateway to 10.4.3.1 - your VLAN 1 on your 3800.

I think the only reason you are reaching the internet from VLAN 1 is because you are going at layer 2 all the way to your watchguard...

Also, agree with jburgaard - you can remove management-vlan 1
0
 

Author Comment

by:GreenEnvy
ID: 37839102
RKinsp,
Watchguard is plugged into 1/38 on the 3800 stack, which is untagged on vlan1.

Not sure what you mean, the watchguard is on the 10.4.0.0/22 subnet, on vlan 1.
DHCP server has 2 nics in it (virtual). One is connected to VLAN 402 and gives out 10.4.5.x IP's, with gateway of 10.4.7.1. subnet 255.255.252.0
Other scope is connected to NIC on VLAN 1, gives out 10.4.0.x, with gateway of 10.4.3.1, subnet 255.255.252.0



jburgaard, I will try moving management to a different VLAN and see if that solves my issue.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 37839138
Oh wait, got my masking confused... changing the mgmt vlan should work, but you'll still need a route on your watchguard pointing to 10.4.3.1.
0
 

Author Comment

by:GreenEnvy
ID: 37839474
Thanks guys, does look like it was just the management IP causing it it.
My subnets are now communicating!

I will be transitioning everything off VLAN 1 shortly, onto their respective VLAN's.

Changed my subnet on the watchguard to 10.4.0.253/16, so it's supernetted over all the vlan's for now, and is working.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question