Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Routing between VLAN's on HP Procurve switches

Hi,

We have a number of HP Procurve switches installed.  There is 1x 3500YL core switch, and a number of layer 2 2600 series switches.  We have 5 VLANs within the switches, and trunk ports between each of the switches.
VLAN 100, 110, 120, 130 and VLAN 1.

If I connect a device to any switch in one of the VLANs, lets say 110 for example, I can happily communicate with this device from any other switch within VLAN 110.  Exactctly as I want it.

The issue arises when I want to talk between VLAN's.  So, if I connect the same device at one of the switches with VLAN 110, I cannot connect to any device within VLAN 120.  However, if the device in VLAN 120 happens to be connected to the Core switch, it is OK.

Here is the core switch configuration:
hostname "1-3500YL"
module 1 type J86xxA
trunk 22 Trk1 Trunk
trunk 23 Trk2 Trunk
trunk 24 Trk3 Trunk
trunk 19 Trk4 Trunk
trunk 21 Trk5 Trunk
ip default-gateway 192.168.100.1
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 3
   ip address 192.168.100.1 255.255.255.0
   tagged Trk1-Trk5
   no untagged 1-2,4-18,20
   ip igmp
   exit
vlan 100
   name "100"
   untagged 1-2,4-11,14-16,18,20
   ip address 172.22.28.1 255.255.255.0
   tagged Trk1-Trk5
   ip igmp
   exit
vlan 110
   name "110"
   untagged 12-13,17
   ip address 172.22.22.254 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 120
   name "120"
   ip address 172.22.23.1 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 130
   name "130"
   ip address 172.22.24.1 255.255.255.0
   tagged Trk1-Trk5
   exit

And this is from one of the other switches (they are all the same, except the port VLAN memberships)

hostname "2620-48-1"
trunk 49 trk1 trunk
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-48
   untagged 50-52
   tagged Trk1
   ip address 192.168.100.5 255.255.255.0
   exit
vlan 100
   name "100"
   tagged Trk1
   no ip address
   ip igmp
   exit
vlan 110
   name "110"
   untagged 47-48
   tagged Trk1
   no ip address
   exit
vlan 120
   name "120"
   untagged 1-46
   tagged Trk1
   no ip address
   exit
vlan 130
   name "130"
   tagged Trk1
   no ip address
   exit

Any help, greatly appreciated!
0
Samantha Smith
Asked:
Samantha Smith
  • 11
  • 7
  • 4
  • +2
1 Solution
 
Daniel BlackmoreCommented:
It sounds like there is an IP routing issue somewhere. I'm assuming that your routing for VLANS are being handled by your Core? Are you able to ping the VLAN IP addresses on your Core Switch from your Access switches or does that fail as well?
0
 
Samantha SmithAuthor Commented:
Hi Daniel,
The core switch is the router, and there is no other router connected.  There is no internet connections.  So the VLANs are the extent of the entire setup.

I CANNOT ping those interfaces from any other switch unless I am in the correct VLAN.  I cannot ping any of the interfaces if I am am at the switches CLI.

Thank you.
0
 
LHT_STCommented:
Can you provide the output from the command "show ip route"
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Daniel BlackmoreCommented:
Does pinging through the devices work with VLAN1? Connect 2 devices on 2 switches on VLAN to see if that works

Do a sh ip route as well please
0
 
Samantha SmithAuthor Commented:
Hi, yes, ping though VLAN1 is good.  I can also connect to all the switches via telnet etc using the VLAN1 addresses.

destination         gw        vlan    type             subtype    metric    dist.

127.0.0.0/8          reject              static                               0            0
127.0.0.1/32        lo0                  connected                      1            0
172.22.22.0/24   110     110      connected                      1            0
172.22.23.0/24   120     120      connected                      1            0
172.22.24.0/24   130     130      connected                      1            0
172.22.28.0/25   100     100      connected                      1            0
192.168.100.0/24          1           connected                      1            0

Thank you.
0
 
Daniel BlackmoreCommented:
Is that a ip route from your core? Can you do the same for 1 of the access switches as well please?
0
 
Samantha SmithAuthor Commented:
That is indeed from the Core.  Access switch as follows, much smaller.....

127.0.0.0/8             reject                     static             0   0
127.0.0.1/32           lo0                         connected    1   0
192.168.100.0/24  DEFAULT_VLAN   connected   1   0
0
 
Daniel BlackmoreCommented:
On the access switches do ip default-gateway 192.168.100.1 then try to ping the core's from the access switches CLI again.

With the client devices, I assume you are changing the IP addresses to match the VLAN's subnets? Can you show a ipconfig from a device in say VLAN 120 on an access switch?
0
 
Samantha SmithAuthor Commented:
I will test that line in a moment.  Thank you.
The client devices are each configured with an IP address and mask from the associated subnet, and use the interfaces addresses from that VLAN as the default gateway.
0
 
Samantha SmithAuthor Commented:
Hi Daniel,
From within the CLI of an edge switch, if I add the ip default-gateway 192.168.100.1 line you suggested, each of those interfaces from the Core switch become reachable.
0
 
Daniel BlackmoreCommented:
Well, atleast were moving forward :)

Can you show an IPconfig from one of the devices in VLAN 120?

Thanks
0
 
Samantha SmithAuthor Commented:
These are not Windows devices (they are not actually computers at all).  But a device in VLAN 120 shows as follows:

IP Address:      172.22.23.56
Subnet Mask:  255.255.255.0
Def G/W:          172.22.23.1
DNS 1:              not specified
DNS 2:              not specified
0
 
Daniel BlackmoreCommented:
Can you try to give one of the access switches an IP address for VLAN 120 then try to ping that from the Core?
0
 
Don JohnstonCommented:
Can a host on VLAN 120 ping the 172.22.23.1 address?

If so, can that host ping 172.22.22.1? Or 172.22.24.1?
0
 
Samantha SmithAuthor Commented:
Hi Don,
Can a host on VLAN 120 ping 172.22.23.1 - Yes
Can that host ping 172.22.22.1 or 172.22.24.1 - Only if connected directly to the Core switch!!
Thanks
0
 
Don JohnstonCommented:
But the VLAN 120 host can ping 172.22.23.1 from any switch?
0
 
Samantha SmithAuthor Commented:
Hi Don, yes, that is correct.
0
 
Samantha SmithAuthor Commented:
Daniel, we have added the address to VLAN 120 on an edge switch and we can ping this from the core switch.
0
 
Don JohnstonCommented:
That makes no sense at all. :-(
0
 
Samantha SmithAuthor Commented:
Don, I am so pleased!  We have reached the same conclusion - no sense whatsoever.
0
 
Daniel BlackmoreCommented:
Can you do some trace route equivalents from the devices to the core switch when they are plugged into an access switch?
0
 
Don JohnstonCommented:
Don, I am so pleased!
Well, as long as you're happy. ;-)

Is the VLAN interface configs you posted complete?  Are there any ACLs applied to any of the VLANs?
0
 
Samantha SmithAuthor Commented:
no acl's  configs are complete.  tracert to follow.
0
 
jburgaardCommented:
I cannot see the purpose or the harm for that matter of the Trunk statements.
So i would try in both end of a link to revert to the more simple
no trunk 49 trk1 trunk
and for all the vlans instead of 'Tag trk1'
tag 49  
-and as part of this experiment also do same type of change on uplink-port (tagging port directly instead of tagging trunk of one port)

Hope this makes some sense
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 11
  • 7
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now