Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1269
  • Last Modified:

VLANs & Subnets

Hello,

I have an HP Procurve environment. 5412s as the core, 2848, 2910s as the distribution switches.

I have 4 floors at our locations and would like to know how I can get this proposal to work.

3rd floor
Servers: vlan 3001: 10.3.1.0/24
Workstations: vlan 3002: 10.3.2.0/24
Printers: vlan 3015: 10.3.15.0/24
etc.

4th floor
Servers: vlan 4001: 10.4.1.0/24
Workstations: vlan 4002: 10.4.2.0/24
Printers: vlan 4015: 10.4.15.0/24
etc.

5th floor
Servers: vlan 5001: 10.5.1.0/24
Workstations: vlan 5002: 10.5.2.0/24
Printers: vlan 5015: 10.5.15.0/24
etc.

6th floor
likewise vlan 6001, 6002, 6015 etc.

Since there are no similar vlans or subnets across the floors, what's my best approach to this problem?

Thanks in advance.
0
netcmh
Asked:
netcmh
  • 10
  • 9
  • 3
  • +2
1 Solution
 
NimadaCommented:
Would you mind if you clarify your question or the problem you are facing...

thanks in advance
0
 
fgasimzadeCommented:
You would need a Layer 3 device to router traffic between subnets/vlan

You already have HP 5412s, I believe it is a layer 3 switch, so you would need to create all vlan on it, assign IP addresses tho these vlans accordingly and enable routing.
0
 
TimotiStDatacenter TechnicianCommented:
You want to do L3 routing on your core switch, or you want L3 access? Most of your switches are capable of L3, so it should work either way.

Note: vlan tags are 12 bit, so you can't have vlan 5001 and 6001, the max is 4094. But you should avoid using the above 4090 range, some firewalls like to use those for failover/other obscure traffic.

Tamas
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
netcmhAuthor Commented:
@fgasimzade:

The 5412s are L3, and I did create all the vlans on them.

So, how does a workstation on vlan 3002, on the 3d floor with an IP 10.3.2.201/24 talk to a workstation on the 4th floor on vlan 4002 with an IP of 10.4.2.76/24?

IP routing is eabled on the switches.

@TimotiSt:

I want L3 routing. Thanks for the range info.

---

Even if I could set up secondary IP Addresses on the vlans on all the floors, how does it work?

eg. 3rd floor workstations vlan 3002 could have the IP address 10.3.2.254/24 and 10.4.2.254/24

The 4th floor workstations vlan 4002 could have the IP address 10.4.2.253/24 and 10.3.2.253/24

But, I've read that this configuration is the least desirable method to get this to work.

Short of NATing, for this to work, I don't see any other option. I NEED HELP!!!

Thanks
0
 
fgasimzadeCommented:
You need to assign ip addresses to vlans
Say:

vlan 3001
ip address 10.3.1.1 255.255.255.0

vlan 3002:
ip address 10.3.2.1 255.255.255.0

etc
0
 
TimotiStDatacenter TechnicianCommented:
You don't need anything fancy to do L3 in the access layer.
Set up your vlans on the access switches, set up vlans (preferably with /30 masks) between your access switches and the core, and set up static routes in your core.

I suggest you read the Routed access layer design guide by Cisco:

http://www.google.hu/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFQQFjAA&url=http%3A%2F%2Fwww.cisco.com%2Fapplication%2Fpdf%2Fen%2Fus%2Fguest%2Fnetsol%2Fns432%2Fc649%2Fccmigration_09186a00805fccbf.pdf&ei=y0MuUMXDPIOFhQe68IC4CQ&usg=AFQjCNEJVjunMD5HKI6uJGryIpMN90oEJA&cad=rja
0
 
netcmhAuthor Commented:
I already have the IPs assigned to the vlans. And, they are setup on the core, distribution and access switches.

But notice that the subnets are class C. So, how does 10.3.2.254/24 on the 3rd floor talk to the 4th floor workstations at10.4.2.253/24?
0
 
fgasimzadeCommented:
Do you have trunks configured between the switches?
0
 
netcmhAuthor Commented:
Yes, I do.
0
 
fgasimzadeCommented:
what are your default gateways on PCs? Is it vlan ip addresses you configured on the switch?
0
 
netcmhAuthor Commented:
Yes, the workstations on the 3rd floor have the 10.3.2.254 as their gateway and the ones on the 4th floor have the 10.4.2.254 as their gw.
0
 
fgasimzadeCommented:
and you can  not ping from pc to pc?
0
 
netcmhAuthor Commented:
correct
0
 
602650528Commented:
The IPs set up on the vlans on the core switch should be the default gateway on the PCs in each vlan. For example of you have setup the IP on vlan 3001 and 3002 as below;

vlan 3001
ip address 10.3.1.1 255.255.255.0

vlan 3002:
ip address 10.3.2.1 255.255.255.0

Then the default gateway on the PC on vlan 3001 should be 10.3.1.1 and on PCs on vlan 3002 should have their default gateway as 10.3.2.1.
So it loks to me like you are using a default gateway on the PCs differentfrom the Vlans IP you have setup on the core switch.
0
 
netcmhAuthor Commented:
It is, and they are.

The def gateway is the IP address on the vlans.
0
 
602650528Commented:
This should be a simple network setup and shouldn't be a problem if you are sure you have
1. trunks up between the distribution and access switches
2.  The vlans are configured with proper Ips on the core
3. Access ports on the access switches are configured properly.

Can you send the config on the core switch and atleast 2 of the access switches ? Something is  not right on that config if you can't ping across the vlans
0
 
netcmhAuthor Commented:
1. yes and verified
2. yes and verified
3. basic config on ports, yes

We've had to get outside help and the company we're dealing with has it's CCIE stumped as well. We're going through all the lines one by one, drawing it out, trying to figure it out.
0
 
fgasimzadeCommented:
I would suggest changing your vlan numbers to 100,200,300 etc

Your vlan numbers look odd to me
0
 
netcmhAuthor Commented:
It helps us identify segments
0
 
fgasimzadeCommented:
Vlan numbers 1001 and higher are not supported usually, I strongly suggest changing them to something less than 1001
0
 
602650528Commented:
So since the company you are dealing with has a CCIE stumped so you do think we don't need to see the config.... so why are you here at all then ?
0
 
fgasimzadeCommented:
The IEEE 802.1Q standard provides for support of up to 1006 VLANs. Everything beyond that up to 4096 is called extended vlan id. It must be supported and configured

Everything more that 4096 is not supported
0
 
netcmhAuthor Commented:
Thanks for your valuable input.
0
 
fgasimzadeCommented:
So what was the problem?
0
 
netcmhAuthor Commented:
Still working on it with the techs. I thought I would not keep you all engaged till I get the solution. I'll post it online when I do, for posterity. Thanks again.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 9
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now