?
Solved

Routing between VLAN's on HP Procurve switches

Posted on 2014-08-01
24
Medium Priority
?
214 Views
Last Modified: 2015-03-18
Hi,

We have a number of HP Procurve switches installed.  There is 1x 3500YL core switch, and a number of layer 2 2600 series switches.  We have 5 VLANs within the switches, and trunk ports between each of the switches.
VLAN 100, 110, 120, 130 and VLAN 1.

If I connect a device to any switch in one of the VLANs, lets say 110 for example, I can happily communicate with this device from any other switch within VLAN 110.  Exactctly as I want it.

The issue arises when I want to talk between VLAN's.  So, if I connect the same device at one of the switches with VLAN 110, I cannot connect to any device within VLAN 120.  However, if the device in VLAN 120 happens to be connected to the Core switch, it is OK.

Here is the core switch configuration:
hostname "1-3500YL"
module 1 type J86xxA
trunk 22 Trk1 Trunk
trunk 23 Trk2 Trunk
trunk 24 Trk3 Trunk
trunk 19 Trk4 Trunk
trunk 21 Trk5 Trunk
ip default-gateway 192.168.100.1
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 3
   ip address 192.168.100.1 255.255.255.0
   tagged Trk1-Trk5
   no untagged 1-2,4-18,20
   ip igmp
   exit
vlan 100
   name "100"
   untagged 1-2,4-11,14-16,18,20
   ip address 172.22.28.1 255.255.255.0
   tagged Trk1-Trk5
   ip igmp
   exit
vlan 110
   name "110"
   untagged 12-13,17
   ip address 172.22.22.254 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 120
   name "120"
   ip address 172.22.23.1 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 130
   name "130"
   ip address 172.22.24.1 255.255.255.0
   tagged Trk1-Trk5
   exit

And this is from one of the other switches (they are all the same, except the port VLAN memberships)

hostname "2620-48-1"
trunk 49 trk1 trunk
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-48
   untagged 50-52
   tagged Trk1
   ip address 192.168.100.5 255.255.255.0
   exit
vlan 100
   name "100"
   tagged Trk1
   no ip address
   ip igmp
   exit
vlan 110
   name "110"
   untagged 47-48
   tagged Trk1
   no ip address
   exit
vlan 120
   name "120"
   untagged 1-46
   tagged Trk1
   no ip address
   exit
vlan 130
   name "130"
   tagged Trk1
   no ip address
   exit

Any help, greatly appreciated!
0
Comment
Question by:Samantha Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 7
  • 4
  • +2
24 Comments
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233791
It sounds like there is an IP routing issue somewhere. I'm assuming that your routing for VLANS are being handled by your Core? Are you able to ping the VLAN IP addresses on your Core Switch from your Access switches or does that fail as well?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233802
Hi Daniel,
The core switch is the router, and there is no other router connected.  There is no internet connections.  So the VLANs are the extent of the entire setup.

I CANNOT ping those interfaces from any other switch unless I am in the correct VLAN.  I cannot ping any of the interfaces if I am am at the switches CLI.

Thank you.
0
 
LVL 6

Expert Comment

by:LHT_ST
ID: 40233807
Can you provide the output from the command "show ip route"
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233808
Does pinging through the devices work with VLAN1? Connect 2 devices on 2 switches on VLAN to see if that works

Do a sh ip route as well please
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233830
Hi, yes, ping though VLAN1 is good.  I can also connect to all the switches via telnet etc using the VLAN1 addresses.

destination         gw        vlan    type             subtype    metric    dist.

127.0.0.0/8          reject              static                               0            0
127.0.0.1/32        lo0                  connected                      1            0
172.22.22.0/24   110     110      connected                      1            0
172.22.23.0/24   120     120      connected                      1            0
172.22.24.0/24   130     130      connected                      1            0
172.22.28.0/25   100     100      connected                      1            0
192.168.100.0/24          1           connected                      1            0

Thank you.
0
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233834
Is that a ip route from your core? Can you do the same for 1 of the access switches as well please?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233849
That is indeed from the Core.  Access switch as follows, much smaller.....

127.0.0.0/8             reject                     static             0   0
127.0.0.1/32           lo0                         connected    1   0
192.168.100.0/24  DEFAULT_VLAN   connected   1   0
0
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233851
On the access switches do ip default-gateway 192.168.100.1 then try to ping the core's from the access switches CLI again.

With the client devices, I assume you are changing the IP addresses to match the VLAN's subnets? Can you show a ipconfig from a device in say VLAN 120 on an access switch?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233857
I will test that line in a moment.  Thank you.
The client devices are each configured with an IP address and mask from the associated subnet, and use the interfaces addresses from that VLAN as the default gateway.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233882
Hi Daniel,
From within the CLI of an edge switch, if I add the ip default-gateway 192.168.100.1 line you suggested, each of those interfaces from the Core switch become reachable.
0
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233884
Well, atleast were moving forward :)

Can you show an IPconfig from one of the devices in VLAN 120?

Thanks
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233902
These are not Windows devices (they are not actually computers at all).  But a device in VLAN 120 shows as follows:

IP Address:      172.22.23.56
Subnet Mask:  255.255.255.0
Def G/W:          172.22.23.1
DNS 1:              not specified
DNS 2:              not specified
0
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40233952
Can you try to give one of the access switches an IP address for VLAN 120 then try to ping that from the Core?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40233971
Can a host on VLAN 120 ping the 172.22.23.1 address?

If so, can that host ping 172.22.22.1? Or 172.22.24.1?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40233974
Hi Don,
Can a host on VLAN 120 ping 172.22.23.1 - Yes
Can that host ping 172.22.22.1 or 172.22.24.1 - Only if connected directly to the Core switch!!
Thanks
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40233983
But the VLAN 120 host can ping 172.22.23.1 from any switch?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40234011
Hi Don, yes, that is correct.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40234013
Daniel, we have added the address to VLAN 120 on an edge switch and we can ping this from the core switch.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40234014
That makes no sense at all. :-(
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40234028
Don, I am so pleased!  We have reached the same conclusion - no sense whatsoever.
0
 
LVL 1

Expert Comment

by:Daniel Blackmore
ID: 40234063
Can you do some trace route equivalents from the devices to the core switch when they are plugged into an access switch?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40234114
Don, I am so pleased!
Well, as long as you're happy. ;-)

Is the VLAN interface configs you posted complete?  Are there any ACLs applied to any of the VLANs?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 40234373
no acl's  configs are complete.  tracert to follow.
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 2000 total points
ID: 40235453
I cannot see the purpose or the harm for that matter of the Trunk statements.
So i would try in both end of a link to revert to the more simple
no trunk 49 trk1 trunk
and for all the vlans instead of 'Tag trk1'
tag 49  
-and as part of this experiment also do same type of change on uplink-port (tagging port directly instead of tagging trunk of one port)

Hope this makes some sense
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question