HP 2920 switch VLAN routing

Hi all,

I have a stack of 4 x new HP 2920-24 switches that are connected using the HP stacking modules.

I now see 96 ports on my stack plus the ports on the 10GB modules in the back of each switch.

I have untagged all of the odd numbered ports and assigned them to VLAN25 and assigned ip to the VLAN.

I have also tagged all of the even numbered ports and assigned them to VLAN30 and then assigned ip to that VLAN.

I now want to set up routing between the two VLANs but cannot for the life of me work out how.

Originally I had tagged ALL of the ports but found I could not connect to the web interface of the stack using the url.  This is why I have now untagged them.

Could someone please advise me on what I need to do here?  There appears to be very little in the way of documentation available for this feature.

Many thanks.
Who is Participating?
Daniel HelgenbergerConnect With a Mentor Commented:
This is the reason why VLAN - routing is switched off by default. I do not like it either and do all the routing through my firewall - but this may not be feasible in your case.

You do not need 6 IPs:
The preferred method would be to have only one switch do the routing and letting the other sacked switches do only Layer2. I just looked it up, you only need ip routing enabled on the routing switch in this case. This keeps management in check; but in the end you might be better of using one firewall.

Still looking to see if there is something I can set on the switches to say go to next hop if not the same VLAN.
If you turn on ip routing, the default gateway setting is ignored. But, to enable internet routing, you need to add a route to your firewall:
ip route <ip address of routable firewall>

Open in new window

Did you mean that?
Daniel HelgenbergerCommented:

you need to enable ip routing gloabally and set the subnets for each VLAN (please double check the subnets, I assumed /24):
ip routing
vlan 35
ip address
vlan 30
ip address
show ip route

Open in new window

The VLANs should be shown as 'connected' now.
This should do the trick for inter-vlan routing...
HowcoAuthor Commented:
Hi Helge,

That is exactly what I have done already.  At least you have confirmed this.

The only other thing I can think of is, is it not correct that I have tagged all of the ports in VLAN30?  I had to mark the ports in VLAN25 as untagged or I lost connection to the web interface.

Should I mark all of the ports as untagged?  How have you got yours set?

Also, if they are all set as untagged and they do connect from one subnet to the other and vice-versa, is this proper routing i.e. broadcasts will not be routed; which is what I am trying to achieve?

Thanks for your reply.  I was starting to bang my head on the wall :o)
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

HowcoAuthor Commented:
BTW - They did say connected. I forgot to add that at the beginning of my reply.  So tagged or untagged they still say connected.
Daniel HelgenbergerCommented:
How do you test inter vlan routing in your setup?

I would suggest to untag one port for each VLAN. Connect a device, set the IP, and as gateway set the IP of the switch VLAN 192.168.[25|30].242 in your case.

Can you now ping the device from the other VLAN?

Note: to my knowledge you need to enable ip routing on every switch as well as set VLAN IPs.
HowcoAuthor Commented:
Hi Helge,

I tried that yesterday and yes it does prove that the routing works.  However, this means we would need to put the 6 IP addresses of the 2 x Vlan, 3 x stacks as gateways for ALL of the devices on the network including DHCP and static devices.

Should I really need a GW setting?  I thought that as the first hop was the switch, the switch would then automatically work out where to send the next hop.  

Thanks again.  Still looking to see if there is something I can set on the switches to say go to next hop if not the same VLAN.

HowcoAuthor Commented:
You were most of the way there.  I have finally managed to get someone at HP to assist and they say that if not using a router (which I want to avoid in order to reduce failure points) then the only way is to use multiple gateways on devices.  These can be provided using DHCP providing the IP Helper-address command is used for each VLAN.

This means that I will need two DHCP servers, one on each subnet/vlan, or both vlans will try to get the same range.

Many thanks, you pointed me most of the way there.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.