Routing between VLAN's on HP Procurve switches

Hi,

We have a number of HP Procurve switches installed.  There is 1x 3500YL core switch, and a number of layer 2 2600 series switches.  We have 5 VLANs within the switches, and trunk ports between each of the switches.
VLAN 100, 110, 120, 130 and VLAN 1.

If I connect a device to any switch in one of the VLANs, lets say 110 for example, I can happily communicate with this device from any other switch within VLAN 110.  Exactctly as I want it.

The issue arises when I want to talk between VLAN's.  So, if I connect the same device at one of the switches with VLAN 110, I cannot connect to any device within VLAN 120.  However, if the device in VLAN 120 happens to be connected to the Core switch, it is OK.

Here is the core switch configuration:
hostname "1-3500YL"
module 1 type J86xxA
trunk 22 Trk1 Trunk
trunk 23 Trk2 Trunk
trunk 24 Trk3 Trunk
trunk 19 Trk4 Trunk
trunk 21 Trk5 Trunk
ip default-gateway 192.168.100.1
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 3
   ip address 192.168.100.1 255.255.255.0
   tagged Trk1-Trk5
   no untagged 1-2,4-18,20
   ip igmp
   exit
vlan 100
   name "100"
   untagged 1-2,4-11,14-16,18,20
   ip address 172.22.28.1 255.255.255.0
   tagged Trk1-Trk5
   ip igmp
   exit
vlan 110
   name "110"
   untagged 12-13,17
   ip address 172.22.22.254 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 120
   name "120"
   ip address 172.22.23.1 255.255.255.0
   tagged Trk1-Trk5
   exit
vlan 130
   name "130"
   ip address 172.22.24.1 255.255.255.0
   tagged Trk1-Trk5
   exit

And this is from one of the other switches (they are all the same, except the port VLAN memberships)

hostname "2620-48-1"
trunk 49 trk1 trunk
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-48
   untagged 50-52
   tagged Trk1
   ip address 192.168.100.5 255.255.255.0
   exit
vlan 100
   name "100"
   tagged Trk1
   no ip address
   ip igmp
   exit
vlan 110
   name "110"
   untagged 47-48
   tagged Trk1
   no ip address
   exit
vlan 120
   name "120"
   untagged 1-46
   tagged Trk1
   no ip address
   exit
vlan 130
   name "130"
   tagged Trk1
   no ip address
   exit

Any help, greatly appreciated!
LVL 1
Samantha SmithAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jburgaardConnect With a Mentor Commented:
I cannot see the purpose or the harm for that matter of the Trunk statements.
So i would try in both end of a link to revert to the more simple
no trunk 49 trk1 trunk
and for all the vlans instead of 'Tag trk1'
tag 49  
-and as part of this experiment also do same type of change on uplink-port (tagging port directly instead of tagging trunk of one port)

Hope this makes some sense
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
It sounds like there is an IP routing issue somewhere. I'm assuming that your routing for VLANS are being handled by your Core? Are you able to ping the VLAN IP addresses on your Core Switch from your Access switches or does that fail as well?
0
 
Samantha SmithAuthor Commented:
Hi Daniel,
The core switch is the router, and there is no other router connected.  There is no internet connections.  So the VLANs are the extent of the entire setup.

I CANNOT ping those interfaces from any other switch unless I am in the correct VLAN.  I cannot ping any of the interfaces if I am am at the switches CLI.

Thank you.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LHT_STCommented:
Can you provide the output from the command "show ip route"
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
Does pinging through the devices work with VLAN1? Connect 2 devices on 2 switches on VLAN to see if that works

Do a sh ip route as well please
0
 
Samantha SmithAuthor Commented:
Hi, yes, ping though VLAN1 is good.  I can also connect to all the switches via telnet etc using the VLAN1 addresses.

destination         gw        vlan    type             subtype    metric    dist.

127.0.0.0/8          reject              static                               0            0
127.0.0.1/32        lo0                  connected                      1            0
172.22.22.0/24   110     110      connected                      1            0
172.22.23.0/24   120     120      connected                      1            0
172.22.24.0/24   130     130      connected                      1            0
172.22.28.0/25   100     100      connected                      1            0
192.168.100.0/24          1           connected                      1            0

Thank you.
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
Is that a ip route from your core? Can you do the same for 1 of the access switches as well please?
0
 
Samantha SmithAuthor Commented:
That is indeed from the Core.  Access switch as follows, much smaller.....

127.0.0.0/8             reject                     static             0   0
127.0.0.1/32           lo0                         connected    1   0
192.168.100.0/24  DEFAULT_VLAN   connected   1   0
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
On the access switches do ip default-gateway 192.168.100.1 then try to ping the core's from the access switches CLI again.

With the client devices, I assume you are changing the IP addresses to match the VLAN's subnets? Can you show a ipconfig from a device in say VLAN 120 on an access switch?
0
 
Samantha SmithAuthor Commented:
I will test that line in a moment.  Thank you.
The client devices are each configured with an IP address and mask from the associated subnet, and use the interfaces addresses from that VLAN as the default gateway.
0
 
Samantha SmithAuthor Commented:
Hi Daniel,
From within the CLI of an edge switch, if I add the ip default-gateway 192.168.100.1 line you suggested, each of those interfaces from the Core switch become reachable.
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
Well, atleast were moving forward :)

Can you show an IPconfig from one of the devices in VLAN 120?

Thanks
0
 
Samantha SmithAuthor Commented:
These are not Windows devices (they are not actually computers at all).  But a device in VLAN 120 shows as follows:

IP Address:      172.22.23.56
Subnet Mask:  255.255.255.0
Def G/W:          172.22.23.1
DNS 1:              not specified
DNS 2:              not specified
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
Can you try to give one of the access switches an IP address for VLAN 120 then try to ping that from the Core?
0
 
Don JohnstonInstructorCommented:
Can a host on VLAN 120 ping the 172.22.23.1 address?

If so, can that host ping 172.22.22.1? Or 172.22.24.1?
0
 
Samantha SmithAuthor Commented:
Hi Don,
Can a host on VLAN 120 ping 172.22.23.1 - Yes
Can that host ping 172.22.22.1 or 172.22.24.1 - Only if connected directly to the Core switch!!
Thanks
0
 
Don JohnstonInstructorCommented:
But the VLAN 120 host can ping 172.22.23.1 from any switch?
0
 
Samantha SmithAuthor Commented:
Hi Don, yes, that is correct.
0
 
Samantha SmithAuthor Commented:
Daniel, we have added the address to VLAN 120 on an edge switch and we can ping this from the core switch.
0
 
Don JohnstonInstructorCommented:
That makes no sense at all. :-(
0
 
Samantha SmithAuthor Commented:
Don, I am so pleased!  We have reached the same conclusion - no sense whatsoever.
0
 
Daniel BlackmoreInfrastructure EngineerCommented:
Can you do some trace route equivalents from the devices to the core switch when they are plugged into an access switch?
0
 
Don JohnstonInstructorCommented:
Don, I am so pleased!
Well, as long as you're happy. ;-)

Is the VLAN interface configs you posted complete?  Are there any ACLs applied to any of the VLANs?
0
 
Samantha SmithAuthor Commented:
no acl's  configs are complete.  tracert to follow.
0
All Courses

From novice to tech pro — start learning today.