Solved

Inter VLAN Routing with HP Procurve switches

Posted on 2014-01-09
4
5,631 Views
Last Modified: 2014-01-23
Hi Experts,
I have a project that has been causing me grief for a while.
Basically, we have 10 HP Porcurve switches (9x 24 port L2 switches, and 1x 3500YL).  Each switch has the same VLAN's created, with the following interfaces:

VLAN 1 192.168.100.1 255.255.255.0
VLAN 100 172.22.22.254 255.255.255.0
VLAN 110 172.22.23.1 255.255.255.0
VLAN 120 172.22.24.1 255.255.255.0
VLAN 130 172.22.28.1 255.255.255.0

IP Routing is on.  And therefore, I can connect to VLAN1 and ping all of the above addresses.

However, when I go to another switch and connect to VLAN1, I can ping all of the above, but connect to another VLAN, I can ping only the interface for that particular VLAN.

I think it is likely I have the VLAN or Port Trunking (or whatever HP call it when you link multiple switches together (tagging??)).

My desired result is that all VLAN's will be present on all switches, and that PC's, and other LAN devices should all be able to connect to their designated VLAN, but still be able to access services in all other VLAN.

Heres some of the config from the 3500 and a 2600 switch.  If anyone can spot where I have gone wrong - I'd be most grateful.

You'll see I have used TRK1 etc, this is because we may later connect the switches with multiple ports.  Right now, it's either a single fibre or copper connection.


----3500YL----
trunk 22 Trk1 Trunk
trunk 23 Trk2 Trunk
trunk 24 Trk3 Trunk
ip default-gateway 192.168.100.1
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-21
   ip address 192.168.100.1 255.255.255.0
   tagged Trk1-Trk3
   ip igmp
   exit
vlan 100
   name "CCTV"
   ip address 172.22.28.1 255.255.255.0
   tagged Trk1-Trk3
   ip igmp
   exit
vlan 110
   name "BMS"
   ip address 172.22.22.254 255.255.255.0
   tagged Trk1-Trk3
   exit
vlan 120
   name "EMS"
   ip address 172.22.23.1 255.255.255.0
   tagged Trk1-Trk3
   exit
vlan 130
   name "INTERCOM"
   ip address 172.22.24.1 255.255.255.0
   tagged Trk1-Trk3
   exit
ip route 172.22.22.0 255.255.255.0 vlan 100
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

----2600 series----
trunk 26 trk1 trunk
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-25,27-28
   tagged Trk1
   ip address 192.168.100.2 255.255.255.0
   exit
vlan 100
   name "CCTV"
   tagged Trk1
   no ip address
   ip igmp
   exit
vlan 110
   name "BMS"
   tagged Trk1
   no ip address
   exit
vlan 120
   name "EMS"
   tagged Trk1
   no ip address
   exit
vlan 130
   name "VLAN130"
   tagged Trk1
   no ip address
   exit
no dhcp config-file-update
password manager
0
Comment
Question by:Samantha Smith
  • 2
4 Comments
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 250 total points
ID: 39768102
Okay, so to start. You don't need multiple vlan interfaces on layer 2 switches, they are pretty much non operational. You only need the vlan 1 interface if that is the vlan you use for management.

Secondly, I see no purpose of that static route on the 3500. Its pointed to a connected route. Also, you ip default gateway command points to itself. It needs to point to a next hope such a a wan router or ISP.

The only thing you need on the Layer 2's are one vlan interface for management, create the vlans needed, assign the ports needed, and tag the trunks appropriately.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 39768246
Hi Soulja, thanks for that.
There is no wan router, so that default gw line can just be removed, as can the static route.
Can I confirm - do you mean I should remove VLAN 100-130 from all of the L2 switches?  They have no IP Addresses.  The only IP address is on VLAN1.
If I remove them, how do I assign the ports to the vlan's?  The endpoints are not VLAN aware, so I thought on each switch I would need to add VLAN 100 UNTAGGED 1-10 for example?
Thanks
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39768331
Ah, sorry. I am more Cisco centric so the look of the config looks like vlan interfaces. If that is the way HP assigns vlan, then yes you will need each vlan on the L2.

That being said, the host ports be set to the specific vlan untagged and the ports connected to to 3500 would be set to tag all the vlans.

If the 3500 is the end of your network then yes, no need for a default gateway on it, but you will need the default gateway on the L2's to point to the 3500 vlan 1 interface.
0
 
LVL 16

Accepted Solution

by:
vivigatt earned 250 total points
ID: 39774933
The ProCurve are Layer3 switches...

Basically, you need to have all your inter-switch traffic using tagged VLANs  (a particular ports for a particular VLAN must be tagged) but VLAN 1.
Something else: pinging the VLAN interfaces of a switch is not enough. You need to be able to ping a device connected to a particular VLAN. The reason is that switches know their interfaces and can usually route packets to them even if the configuration is not completely correct.
 
Now, each end-point device connected to each VLAN must have an IP configuration made so that its default gateway will be the VLAN interface of the switches that routes packets (the 3500YL that you describe in your OP) or the routing device.

So what I would do:
configure port 1 and 2 on each switch so that they are members of each VLAN, as a tagged ports (but  VLAN1 that MUST stay untagged). Then, uplink each switch to its neighbor using port 1 and port 2
switch1-port2 <==> switch2-port1
swicth2-port2 <==> switch3-port1
etc
But don't connect a patch between "last switch" and switch1

You can also do it differently by configuring N ports on your "router switch" (switch1 aka 3500YL) so that they are tagged for all VLANs but VLAN 1 and connecting a a patch cable from switch1 to each switch, remembering that the length of each cable should never exceed 75m (even less for better quality) unless there is an Ethernet repeater in use on that cable. This is a "star" wiring and is much better than the "daisy chain" wiring I decribed earlier. Star wiring is better if you can do it.

Now, on each switch assign ports to VLANs accordingly. You can tag each port assigned to VLANs (but VLAN 1) but this is not necessary, unless there are several VLANs assigned to a particular port. In that case, there may be a need to tag the packets from the device connected to the port (for instance a VoIP phone on which a PC is connected. This requires 2 VLANs and the switch must have a way to differentiate packets. ACtually, VoIP phones that can do that do have an internal switch that can tag packets)

The result is that each switch should be able to forward the packets to the routing device on the correct VLAN interfaces. The routing device can then route packets between all your VLANs.

Check this thread for some details:
http://community.spiceworks.com/topic/135597-trouble-with-vlans-on-3-linked-procurve-switches?page=1
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now