Solved

HP 2920 with Adtran 1638P Trunking/vLan Config

Posted on 2016-08-17
21
41 Views
Last Modified: 2016-08-18
I'm having trouble accessing an additional vlan across these two switches from my new HP 2920s.
I can access the default vlan 1 fine, but devices connected to ports tagged as voice, are connecting to DHCP on the lan.

I have a few Adtran 1638P that are connected together as well as connected to my servers and phone systems.
My default (lan) network is 10.0.x.x, and my voice network is 192.168.168.x.
On my Adtran's  we have the default vlan 1 for the lan, and vlan 99 for the voice.
Adtran switches are trunked together, and I've made a trunk for the connection to our new HP 2920's.

On the HP 2920, I've created a trunk for the 2 ports connecting to the Adtran 1638P.
I've tagged this trunk, as well as the ports used for phones.
I've also Untagged the ports using the default vlan.

Below is a shorten version of each config.
My primary questions is why does a phone plugged into port 4/28 on the HP switch connect to DHCP on my lan, and not connect to DHCP from the voice network?

Thanks for any assistance.

Adtran 1638P Configuration
hostname "Karp-1638P-SW10"
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip default-gateway 10.0.0.1
ip routing
domain-name "karp.int"
name-server 10.0.1.10 10.0.1.11
!
ip route-cache express
!
no auto-config
!
!
vlan 1
  name "Default"
!
vlan 99
  name "OLDNET"
!
!
interface gigabit-switchport 0/46
  description Link to SonicWall 10.0.0.1
  spanning-tree edgeport
  no shutdown
!
interface gigabit-switchport 0/47
  description Link to SonicWall 192.168.168.2
  spanning-tree edgeport
  no shutdown
  switchport access vlan 99
!
interface xgigabit-switchport 1/1
  description Link to HP2920-SW20
  no shutdown
  switchport mode access
  speed auto
!
interface xgigabit-switchport 2/1
  description Link to Servers/PBX Adtran 1638P-SW1
  no shutdown
  switchport mode trunk
  speed auto
!
!
interface vlan 1
  ip address  10.0.20.110  255.255.0.0
  ip route-cache express
  no shutdown
!
interface vlan 99
  ip address  192.168.168.240  255.255.255.0
  ip route-cache express
  no shutdown
!
ip route 10.0.0.0 255.0.0.0 10.0.0.1
ip route 192.168.168.0 255.255.255.0 192.168.168.2
!
end

HP 2920 Configuration
; hpStack_WB Configuration Editor; Created on release #WB.15.15.0012
; Ver #06:0c.18.f3.ff.35.0d:26

stacking
   member 1 type "J9728A" mac-address 1402ec-58a800
   member 2 type "J9728A" mac-address b05ada-27f480
   member 3 type "J9729A" mac-address 1c98ec-83b840
   member 4 type "J9729A" mac-address 1c98ec-83b8c0
   exit
hostname "NY1-HP2920-SW20"
trunk 3/A1,4/A1 trk30 trunk
trunk 3/A2,4/A2 trk40 trunk

vlan 1
   name "DEFAULT_VLAN"
   untagged 1/1-1/48,1/A1-1/A2,1/B1-1/B2,2/1-2/48,2/A1-2/A2,2/B1-2/B2,3/1-3/48,3/B1-3/B2,4/1-4/48,4/B1-4/B2,Trk30,Trk40
   ip address 10.0.20.20 255.255.0.0
   exit
vlan 99
   name "Voice"
   tagged 1/23-1/24,2/23-2/24,4/28,Trk30,Trk40
   ip address 192.168.168.20 255.255.255.0
   exit
spanning-tree Trk30 priority 4
spanning-tree Trk40 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
0
Comment
Question by:alkabello
  • 11
  • 10
21 Comments
 
LVL 5

Expert Comment

by:J Spoor
ID: 41759881
If you are seeing VoIP phones getting LAN IP addresses you might have VLAN hopping / jumping occurring.

When using VLANs it's not good practices to
-use VLAN 1 for production
-mix tagged and untagged traffic over an 802.1q trunk
unfortunately by using default VLAN 1 you are doing both.

I strongly suggest moving you LAN to a different VLAN.

FYI this route is not needed
ip route 192.168.168.0 255.255.255.0 192.168.168.2


View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 
LVL 2

Author Comment

by:alkabello
ID: 41759909
Ok, I will make a vLan 10, and move my vLan 1 ports to that.

Any best practice suggestion what network I should change vLan 1 to?
I think I've seen 10.10.10.x.
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41759917
10.10.10.x is a good option.
0
 
LVL 2

Author Comment

by:alkabello
ID: 41760179
How would you then tag vLan 1 (default) once it becomes 10.10.10.x?
ie:  Leave all the ports Untagged, or change them back to No tag?
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41760583
you don't use the VLAN 1.
Make all ports that are now untagged VLAN 1, make them untagged VLAN 10
don't use VLAN 1
0
 
LVL 2

Author Comment

by:alkabello
ID: 41760834
Ok and thanks,
Now when I connect a phones in a tagged vlan 99 port it finds NO DHCP.

I will try to untag vLan 10.  
But, I do need both Voice and Lan traffic to pass across my Trunks.

Here is my updated vLan config
trunk 3/A1,4/A1 trk30 trunk
trunk 3/A2,4/A2 trk40 trunk

vlan 1
   name "DEFAULT_VLAN"
   untagged  1/1-1/48,1/A1-1/A2,1/B1-1/B2,2/1-2/48,2/A1-2/A2,2/B1-2/B2,3/1-3/48,3/B1-3/B2,4/1-4/48,4/B1-4/B2,Trk30,Trk40
   ip address 10.10.10.20 255.255.255.0
   exit
vlan 10
   name "LAN"
   tagged 1/28,2/28,Trk30,Trk40
   ip address 10.0.20.20 255.255.0.0
   exit
vlan 99
   name "Voice"
   tagged 1/23-1/24,2/23-2/24,4/28,Trk30,Trk40
   ip address 192.168.168.20 255.255.255.0
   ip helper-address 192.168.168.45
   exit
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41760928
Is there a DHCP server on VLAN 99 ?
I see a command Ip helper-addres on VLAN 99, you only set an IP-Helper address if the DHCP server is on a different VLAN.
As VLAn 99 is 192.168.168.x pls remove this line.
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761025
The PBX (192.168.168.45) is the DHCP source for this vLan.
I tried this without the IP-Helper, and still doesn't find DHCP on vLan 99.

Also should I be untagging vLan 10 on those vLan 99 ports (ie 4/28)?
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41761030
first time I hear of a PBX being a DHCP server?

If you give a laptop a static IP address in the same range, and plug it into an Access Port (untagged) of VLAN 99 can you ping the PBX?

Ports to both the phones and the PBX should be untagged. Unless you set up the phones to use VLAN tagging?
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761074
I'm setting up a laptop now with a static 192.168.168.228 address.
I connected to 4/28 and tried to ping the PBX (192.168.168.45)
No Good.

I also tried to ping vlan 99 itself (192.168.168.20).  That is also no good.

Now I'm really puzzled.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:J Spoor
ID: 41761087
can you give me all switch config files with a description of what's connected to what port.

Might be easier for me
0
 
LVL 5

Assisted Solution

by:J Spoor
J Spoor earned 500 total points
ID: 41761099
anyway, any port connected to a PC, server or SonicWALL (when not using VLANs on the sonic) should be UNTAGGED.
You only TAG VLAN 10 and 99 ovr the Trunk ports to the other switches.

I think you are mixing tagged and untagged ports.
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761117
Below is the entire config.
At the moment, I have a laptop connected to port 4/28 (I also tried 1/24).
I'm trying to ping 192.168.168.20 which fails.
I'm also tring to ping 192.168.168.45 which fails.

The only other connection is the fiber link on 3/A1 which connects to an Adtran 1638.

Also, from the web interface on the switch, I can ping both vlan 99  and the pbx.
Also, from a pc on the Adtran side, I can ping both vlan 99 and the pbx.

Puzzled why to connection doesn't work directly from the switch?


Running configuration:

; hpStack_WB Configuration Editor; Created on release #WB.15.15.0012
; Ver #06:0c.18.f3.ff.35.0d:26

stacking
   member 1 type "J9728A" mac-address 1402ec-58a800
   member 2 type "J9728A" mac-address b05ada-27f480
   member 3 type "J9729A" mac-address 1c98ec-83b840
   member 4 type "J9729A" mac-address 1c98ec-83b8c0
   exit
hostname "NY1-HP2920-SW10"
trunk 3/A1,4/A1 trk30 trunk
trunk 3/A2,4/A2 trk40 trunk
timesync sntp
sntp unicast
sntp 30
sntp server priority 1 10.0.1.10
time daylight-time-rule continental-us-and-canada
time timezone -300
ip default-gateway 10.0.0.1
snmp-server community "Public" unrestricted
snmp-server host 10.0.1.45 community "public" trap-level all
snmp-server location "Server Room"
oobm
   ip address dhcp-bootp
   member 1
      ip address dhcp-bootp
      exit
   member 2
      ip address dhcp-bootp
      exit
   member 3
      ip address dhcp-bootp
      exit
   member 4
      ip address dhcp-bootp
      exit
   exit
vlan 1
   name "DEFAULT_VLAN"
   untagged 1/1-1/48,1/A1-1/A2,1/B1-1/B2,2/1-2/48,2/A1-2/A2,2/B1-2/B2,3/1-3/48,3/B1-3/B2,4/
1-4/48,4/B1-4/B2,Trk30,Trk40
   ip address 10.10.10.20 255.255.255.0
   exit
vlan 10
   name "LAN"
   tagged 1/28,2/28,Trk30,Trk40
   ip address 10.0.20.20 255.255.0.0
   exit
vlan 95
   name "vMotion"
   tagged 1/13-1/18,2/13-2/18
   ip address 192.168.95.20 255.255.255.0
   exit
vlan 99
   name "Voice"
   tagged 1/23-1/24,2/23-2/24,4/28,Trk30,Trk40
   ip address 192.168.168.20 255.255.255.0
   exit
spanning-tree Trk30 priority 4
spanning-tree Trk40 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
0
 
LVL 5

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41761125
this
  tagged 1/23-1/24,2/23-2/24,4/28
should say
  untagged 1/23-1/24,2/23-2/24,4/28

I assume Trk30,Trk40 are to other switches
those are the ONLY ports that should have VLAN 10 and 99 TAGGED.
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761193
Hurray...

We have success in local pinging, and I reconnected the phone and had success there...
VERY NICE...

I just want to make sure I apply this correctly to my other vlans.

As I connect devices for vlan 10, should I be untagging them like port 1/28 and 2/28?
(I have them tagged now which may be wrong).

vLan 95 is for my VMware servers.  That traffic will never leave the HP stack.
How would I tag and/or untagged these?

Thanks again so much.
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41761202
only if you have a vlan trunk, e..g on ythe SonicWALL if you add VLAN itnerfaces, or on ESXi when your networks use VLAN IDs, you should TAG traffic.
Otherwise untagged.

Tagging packets requires the other side to understand 802.1q tagging.
Only on VLAN trunks between switches do you always tag all the vlans.
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41761222
and welcome to VLAN basics 101 ;)
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761405
Things are now looking bright. :)

I've got my phone and pc running now on the HP switches, and while slowly move ports over from the Adtran switches to be retired.

Here's my final vlan config after your suggestions.
I will close this questions with my highest appreciation.
Thanks so much for your patience and guidance.

vlan 1
   name "DEFAULT_VLAN"
   no untagged 1/13-1/18,1/23-1/24,1/28,2/13-2/18,2/23-2/24,2/28,3/24,3/47,4/24,4/47
   untagged 1/1-1/12,1/19-1/22,1/25-1/27,1/29-1/48,1/A1-1/A2,1/B1-1/B2,
   2/1-2/12,2/19-2/22,2/25-2/27,2/29-2/48,2/A1-2/A2,2/B1-2/B2,
   3/1-3/23,3/25-3/46,3/48,3/B1-3/B2,
   4/1-4/23,4/25-4/46,4/48,4/B1-4/B2,Trk30,Trk40
   ip address 10.10.10.20 255.255.255.0
   exit
vlan 10
   name "LAN"
   untagged 1/28,2/28
   tagged Trk30,Trk40
   ip address 10.0.20.20 255.255.0.0
   exit
vlan 95
   name "vMotion"
   untagged 1/13-1/18,2/13-2/18
   ip address 192.168.95.20 255.255.255.0
   exit
vlan 99
   name "Voice"
   untagged 1/23-1/24,2/23-2/24,3/24,3/47,4/24,4/47
   tagged Trk30,Trk40
   ip address 192.168.168.20 255.255.255.0
   exit
0
 
LVL 5

Expert Comment

by:J Spoor
ID: 41761411
starting to look good

only thing left to move from VLAN 1 to VLAN 10

  untagged 1/1-1/12,1/19-1/22,1/25-1/27,1/29-1/48,1/A1-1/A2,1/B1-1/B2,
    2/1-2/12,2/19-2/22,2/25-2/27,2/29-2/48,2/A1-2/A2,2/B1-2/B2,
    3/1-3/23,3/25-3/46,3/48,3/B1-3/B2,
    4/1-4/23,4/25-4/46,4/48

I would leave port 1/1 or smthn like that (an unused port) in VLAN 1 so you can always stick a laptop in to manage the switch in case you lose access on the other vlans.
0
 
LVL 2

Author Comment

by:alkabello
ID: 41761526
Good suggestion.
I left 1/1, 2/48, 3/1, 4/28 all in the default vLan just in case.
0
 
LVL 2

Author Closing Comment

by:alkabello
ID: 41761531
Very nicely handled.  Would award more points if I could.
Definitely deserves an 'A' for effort and accuracy.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now