vlan ip's?
I have a network with a default vlan01 192.168.3.0 used for data traffic only at present.
The new switch we are going to install for voice also, has 2x vlans 192.168.4.0 and 192.168.3.0 set.
Will this work?
Thanks
The new switch we are going to install for voice also, has 2x vlans 192.168.4.0 and 192.168.3.0 set.
Will this work?
Thanks
ASKER
2910al poe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Th DGW on the switch is the firewall 172.19.10.15 at the moment.
Just tested my machine (currently conencted to HP 1910 switch) with a static ip on the 172.19.0.0 vlan01 with static GW of the vlan01 switch IP 172.19.4.5 and managed to get on the internet.
Just tested my machine (currently conencted to HP 1910 switch) with a static ip on the 172.19.0.0 vlan01 with static GW of the vlan01 switch IP 172.19.4.5 and managed to get on the internet.
ASKER
Tried the same machine conencted into vlan01 and vlan20 with static 172.16.105.81 255.255.0.0 and gw of 172.16.4.5 and couldnt even ping the vlan20 ip of the switch..
again the external firewall stopping this.
i assume until we setup a route/vlan20 on the firewall then this isn't going to work?
again the external firewall stopping this.
i assume until we setup a route/vlan20 on the firewall then this isn't going to work?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Startup configuration:
; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
power-over-ethernet pre-std-detect
ip default-gateway 172.19.10.15
no ip icmp redirects
ip routing
interface 1
name "to HP1910"
no power-over-ethernet
exit
interface 2
no power-over-ethernet
exit
interface 3
no power-over-ethernet
exit
interface 4
no power-over-ethernet
exit
interface 5
no power-over-ethernet
exit
interface 6
no power-over-ethernet
exit
interface 7
name "Shoretel E1k"
speed-duplex 100-full
exit
interface 8
name "Shoretel SG90"
speed-duplex 100-full
exit
interface 9
name "Shoretel SG90Bri"
speed-duplex 100-full
exit
interface 10
name "Oaisys Port Mirror"
exit
interface 48
name "vlan20 to Firewall"
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
name "DEFAULT_VLAN"
no untagged 7-48
untagged 1-6
ip address 172.19.4.5 255.255.0.0
exit
vlan 20
name "Voice"
untagged 7-48
ip address 172.16.4.5 255.255.0.0
ip helper-address 172.19.10.17
exit
no autorun
password manager
HP-E2910al-48G-PoE#
; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
power-over-ethernet pre-std-detect
ip default-gateway 172.19.10.15
no ip icmp redirects
ip routing
interface 1
name "to HP1910"
no power-over-ethernet
exit
interface 2
no power-over-ethernet
exit
interface 3
no power-over-ethernet
exit
interface 4
no power-over-ethernet
exit
interface 5
no power-over-ethernet
exit
interface 6
no power-over-ethernet
exit
interface 7
name "Shoretel E1k"
speed-duplex 100-full
exit
interface 8
name "Shoretel SG90"
speed-duplex 100-full
exit
interface 9
name "Shoretel SG90Bri"
speed-duplex 100-full
exit
interface 10
name "Oaisys Port Mirror"
exit
interface 48
name "vlan20 to Firewall"
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
name "DEFAULT_VLAN"
no untagged 7-48
untagged 1-6
ip address 172.19.4.5 255.255.0.0
exit
vlan 20
name "Voice"
untagged 7-48
ip address 172.16.4.5 255.255.0.0
ip helper-address 172.19.10.17
exit
no autorun
password manager
HP-E2910al-48G-PoE#
I just tested a similar switch.
N-W's comment at fist sounded OK, but, there is a but.
To have the IP-interface come up, there must be a port up in the vlan .
So you must have a live host on vlan 20 to be able to ping 172.16.4.5.
HTH
N-W's comment at fist sounded OK, but, there is a but.
To have the IP-interface come up, there must be a port up in the vlan .
So you must have a live host on vlan 20 to be able to ping 172.16.4.5.
HTH
ASKER
OK the client PC on vlan20 with the static details entered (As it cant get the dhcp IP yet) can ping the vlan20 interface (which is 172.16.4.5) fine.
So now your basic vlan routing is working?
ASKER
Not as i want. I want the DHCP server using IP helper setting configured on the 2910 to work.
ASKER
?
On the DHCP-server
did you apply a
ROUTE ADD statement ?
did you apply a
ROUTE ADD statement ?
ASKER
not on the dhcp server, no.
i have the ip helper setup on the hp switch .
i have the ip helper setup on the hp switch .
For your DHCP-server to work, the basic routing must be in place.
Only after that it is time to look at DHCP-funktions like IP-helper addess.
test of basic routing:
Set up a PC with static IP-settings the same way you want it to be by means of DHCP:
Untagged port in vlanx, IP-adress in vlanx, netmask of vlan x, dgw of vlanx=IP of switch in vlanx.
Verify you can ping both way: thisPC---DHCP-server.
If not basic routing is not in place.
Bring basic routing in place could include
-apply a ROUTE ADD statement to DHCP-server to vlanx-IP-range
-apply static route-back on firewall
HTH
Only after that it is time to look at DHCP-funktions like IP-helper addess.
test of basic routing:
Set up a PC with static IP-settings the same way you want it to be by means of DHCP:
Untagged port in vlanx, IP-adress in vlanx, netmask of vlan x, dgw of vlanx=IP of switch in vlanx.
Verify you can ping both way: thisPC---DHCP-server.
If not basic routing is not in place.
Bring basic routing in place could include
-apply a ROUTE ADD statement to DHCP-server to vlanx-IP-range
-apply static route-back on firewall
HTH
ASKER
we dont have a traditional dhcp server (windows), but using the firewall to serve ips to vlan1 and vlan20..
When the basic routing is in place, you can focus on DHCP.
dhcp-relay / IP helper address will let DHCP-packets (in nature broadcast) pass from one vlan to an other. Normaly a L3-switch/router would keep broadcast-packets within the broadcast-domains.
If routing is supposed to take place at firewall, then perhaps a dhcp-relay is needed here.
dhcp-relay / IP helper address will let DHCP-packets (in nature broadcast) pass from one vlan to an other. Normaly a L3-switch/router would keep broadcast-packets within the broadcast-domains.
If routing is supposed to take place at firewall, then perhaps a dhcp-relay is needed here.
ASKER
well i can ping between the vlans now.
and getting ip from dhcp ip from asa on machines on vlan20 but gw is wrong (using its local IP)
and getting ip from dhcp ip from asa on machines on vlan20 but gw is wrong (using its local IP)
With this setup: if the firewall is responsible for routing, you do not need the switch doing routing.
For the switch in L2 mode you still need the
ip default-gateway .. -statement for management of switch.
HTH
For the switch in L2 mode you still need the
ip default-gateway .. -statement for management of switch.
HTH
ASKER
I tried without ip routing and still not working.
How do I get the switch in l2 mode?
Should I use the vlan interface as the Dgw for the clients?
My managed co supporting the Ada think all is correct from their side.,....
How do I get the switch in l2 mode?
Should I use the vlan interface as the Dgw for the clients?
My managed co supporting the Ada think all is correct from their side.,....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, i have then tried this as L2 mode...
Not configured the switch as the DGW for the clients though, they are set to go via the cisco fe0/1 and fe0/2 (vlan1 and vlan20) interfaces...
If the switch is used as DGW for the clients on vlan1 and vlan20 then will this be able to route out through the cisco, as the switch only seems to be able to have one DGW configures in the GUI, and this is the vlan1 interface. Can i add a second DGW on the switch and will this work/route the traffic out on vlan20?
Not configured the switch as the DGW for the clients though, they are set to go via the cisco fe0/1 and fe0/2 (vlan1 and vlan20) interfaces...
If the switch is used as DGW for the clients on vlan1 and vlan20 then will this be able to route out through the cisco, as the switch only seems to be able to have one DGW configures in the GUI, and this is the vlan1 interface. Can i add a second DGW on the switch and will this work/route the traffic out on vlan20?
There can only be one Dgw at a time on the switch.
In that setup there must exist routes back on firewall for the network(s) not directly connected.
In that setup there must exist routes back on firewall for the network(s) not directly connected.
ASKER
Ok.
I did manage to add a second GW to the switch though.. Still didn't make any difference though.
If the routing is done at the switch, can the cisco be configured to allow both vlan traffic and prioritise?
I did manage to add a second GW to the switch though.. Still didn't make any difference though.
If the routing is done at the switch, can the cisco be configured to allow both vlan traffic and prioritise?
Most managed switches allow you to configure multiple VLANs and to run multiple subnets, as you've described.
If it's a Layer 3 switch, you will be able to route between the subnets directly off the switch. If it's only a Layer 2 switch, you will need a router to perform the inter-VLAN routing.