5304 Intervlan routing 1

[Cavalieri]

I got three switches Procurve 5304 and one 2512

I set four VLAN’s on all switches with those IP’s

Switch 1 (Main)
VLAN10 192.168.10.1
VLAN20 192.168.20.1
VLAN30 192.168.10.1
VLAN40 192.168.10.1

Switch 2
VLAN10 192.168.10.2
VLAN20 192.168.20.2
VLAN30 192.168.10.2
VLAN40 192.168.10.2

Switch 3
VLAN10 192.168.10.3
VLAN20 192.168.20.3
VLAN30 192.168.10.3
VLAN40 192.168.10.3

Switch 4
VLAN10 192.168.10.25
VLAN20 192.168.20.25
VLAN30 192.168.10.25
VLAN40 192.168.10.25

All my servers are connected to switch 1 (Main). On two of my server I Installed Kerio WinRoute Firewall, the first to access the Internet and the other to access a Remote LAN through a Modem HDSL.
? Internet Server has the network interface with IP 192.168.10.4
Server to access the remote LAN has the network interface with IP 192.168.10.11.

On my switch 1 (Main) I created the following static route:
0.0.0.0/24 192.168.10.4
10.0.0.0 / 8 192.168.10.11

(At the moment all my host's are assigned to VLAN10 and everything working nicely).

I enabled the IP routing on all the switches, I assigned the gateway to the hosts for their own VLAN, but I’m not able to ping host's in different VLAN's. Finally I enabled the GVRP, now I can ping hosts' from vlan20 to vlan10 but not vice versa, and especially I’m not able to ping servers with Kerio installed (192.168.10.4 and 192.168.10.11) by vlan20, 30.40.

What's wrong? Do you have any other suggestions to complete this VLAN routing?

Any kind of suggestion will be appreciated.

Cavalieri

 

[Cavalieri]

Sorry I made a mistake writing IP's,
Vlan30 and 40 on all switches have Ip's 192.168.30.x and 192.168.40.x

Thanks Cavalieri

 

[MrNick0483]

If they are all connected together you only need ip routing enabled on the core switch, then you need to create tagged vlan "trunks" with all vlans between each switch. As it stands now you have all your switches doing layer 3 routing when only one should be doing it for your entire network. Then apply your static routes for internet and such to the core switch.

 

[MrNick0483]

to addanother note, all switch access switch ports should be in the vlans as untagged.

 

[Cavalieri]

All Vlan's are tegged and of course all ports for its own vlan are untagged. So do I have to keep all my setting like it is and just create trunks between vlan's?
As soon as I'm not familiar with trunk setting, can you please send commands to me?

Thanks Cavalieri.

 

[MrNick0483]

Hp does not call it a trunk but what you will need to do is the switch ports connecting to your other switches from your core is put those ports in all vlans as tagged on each switch.

 

[Cavalieri]

I already have on all switches the ports tagged on all vlan's,

Cavalieri

 

[MrNick0483]

Lets try this:

Switch one (core)

create vlan 10,20,30,40
enabale ip routing
place all static routes

Switch Port A1 to switch 2 (using an example)
should be a tagged port in all valns

Switch Port A2 to switch 3 (using an example)
should be a tagged port in all valns

Switch Port A3 to switch 4 (using an example)
should be a tagged port in all valns

Switch port A1 on switch 2 (using an example)
should be tagged in all vlans

Switch port A1 on switch 3 (using an example)
should be tagged in all vlans

Switch port A1 on switch 4 (using an example)
should be tagged in all vlans

This basiclly creates the trunks between the switches using 802.1q tagging. Once this has been done you add all other ports to thier given vlans as untagged ports.

 

[Cavalieri]

Switch one (core) already Has following Vlan's

vlan 10,20,30,40
ip routing already enable, all vlan's have an ip address and port A1 is tagged for all vlan's (GBIC fiber port)to switch 2.
Ports B1-B24 and C1-C24 untagged on vlan10
static routes:
0.0.0.0/24 192.168.10.4 (Is the Nic where Kerio WinRoute firewall is installed and routes to internet)
10.0.0.0/8 192.168.10.11 (Is the Nic where THE 2ND Kerio WinRoute firewall is installed and routes to a remote lan through a modem hdsl)
GVRP enable

Switch 2:

Switch Port A1 tagged on all vlan's (comes from switch one Core)
Port A2 tagged in all valns goes to switch 3
all vlan's have an ip address.
Ports B1-B24 and C1-C24 untagged on vlan20
ip routing enable
GVRP enable

Switch 3:

Switch Port A1 tagged on all vlan's from switch 2
Switch Port A2 tagged on all vlan's goes to switch 4
all vlan's have an ip address.
Ports B1-B24 and C1-C24 untagged on vlan30
ip routing enable
GVRP enable

Switch 4:

Switch Port A1 tagged port in all valns from switch 3
all vlan's have an ip address.
Ports B1-B24 and C1-C24 untagged on vlan40
ip routing enable
GVRP enable

This is basically my config. when GVRP was disable, I was not able to ping any vlan ip on my net. than I enable GVRP and sunddenly I was able to ping some of my servers on vlan10 and host's from any of other vlan but there is no way to ping both of my server where Kerio winroute firewall is installed (192.168.10.4 and 192.168.10.11)AND OF COURSE 192.168.10.4 is internet and only host's on vlan10 are able to go out.

Any suggestion?


Cavalieri, by the way HAPPY NEW YEAR.

 

[unclerico]

Just for giggles post the output from a sh run for all switches.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Cavalieri]

I'm really sorry, but I'm not working right now.
I will send it to you next wednesday, I really appreciate your help.

thank you again

Cavalieri

 

[MrNick0483]

Also for the kick of it do you have a DHCP pool setup for each of your vlans?

 

[Cavalieri]

You are going to have it as soon as I'll be back to work.

Thanks Cavalieri

 

[Cavalieri]

; J4850A Configuration Editor; Created on release #E.11.03

hostname "Main1"
time timezone 60
module 2 type J4820A
module 1 type J4878A
module 3 type J4820A
interface B2
no lacp
exit
interface B5
no lacp
exit
interface B6
no lacp
exit
interface B8
no lacp
exit
interface B11
no lacp
exit
interface B14
no lacp
exit
interface B15
no lacp
exit
interface B17
no lacp
exit
interface C6
no lacp
exit
sntp server 192.168.10.5
ip routing
timesync sntp
sntp unicast
sntp 1800
snmp-server community "public" Unrestricted
snmp-server community "private" Operator Unrestricted
snmp-server host 192.168.10.108 "public"
snmp-server host 192.168.10.31 "public"
snmp-server host 192.168.10.234 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A2-A4
no ip address
tagged A1
no untagged B1-B24,C1-C24
exit
vlan 10
name "VLAN10"
untagged B1-B23,C1-C24
ip address 192.168.10.1 255.255.255.0
tagged A1
exit
vlan 140
name "VLAN140"
untagged B24
no ip address
tagged A1
exit
vlan 20
name "VLAN20"
ip address 192.168.20.5 255.255.255.0
tagged A1
exit
vlan 30
name "VLAN30"
ip address 192.168.30.1 255.255.255.0
tagged A1
exit
vlan 40
name "VLAN40"
ip address 192.168.40.1 255.255.255.0
tagged A1
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
gvrp
ip route 10.24.0.0 255.255.0.0 192.168.13.1
ip route 10.0.0.0 255.0.0.0 192.168.10.11
ip route 0.0.0.0 0.0.0.0 192.168.10.4
ip route 192.168.20.0 255.255.255.0 192.168.20.1
spanning-tree
router rip
exit
password manager
password operator

; J4850A Configuration Editor; Created on release #E.11.03

hostname "Hangar_Main2"
web-management management-url "

http://192.168.10.254:8040/rnd/device_help"

time timezone 60
time daylight-time-rule Western-Europe
module 1 type J4878A
module 2 type J4820A
module 3 type J4820A
module 4 type J4820A
interface B1
no lacp
exit
interface B2
no lacp
exit
interface B3
no lacp
exit
interface B4
no lacp
exit
interface B5
no lacp
exit
interface B6
no lacp
exit
interface B7
no lacp
exit
interface B8
no lacp
exit
interface B9
no lacp
exit
interface B10
no lacp
exit
interface B11
no lacp
exit
interface B12
no lacp
exit
interface B13
no lacp
exit
interface B14
no lacp
exit
interface B15
no lacp
exit
interface B16
no lacp
exit
interface B17
no lacp
exit
interface B18
no lacp
exit
interface B19
no lacp
exit
interface B20
no lacp
exit
interface B21
no lacp
exit
interface B22
no lacp
exit
interface B23
no lacp
exit
interface B24
no lacp
exit
interface C1
no lacp
exit
interface C2
no lacp
exit
interface C3
no lacp
exit
interface C4
no lacp
exit
interface C5
no lacp
exit
interface C6
no lacp
exit
interface C7
no lacp
exit
interface C8
no lacp
exit
interface C9
no lacp
exit
interface C10
no lacp
exit
interface C11
no lacp
exit
interface C12
no lacp
exit
interface C13
no lacp
exit
interface C14
no lacp
exit
interface C15
no lacp
exit
interface C16
no lacp
exit
interface C17
no lacp
exit
interface C18
no lacp
exit
interface C19
no lacp
exit
interface C20
no lacp
exit
interface C21
no lacp
exit
interface C22
no lacp
exit
interface C23
no lacp
exit
interface C24
no lacp
exit
sntp server 192.168.10.5
ip routing
timesync sntp
sntp unicast
sntp 1800
snmp-server community "public" Unrestricted
snmp-server community "private" Operator Unrestricted
snmp-server host 192.168.10.108 "public"
snmp-server host 192.168.10.31 "public"
snmp-server host 192.168.10.234 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A1-A2,D1-D24
no ip address
no untagged A3-A4,B1-B24,C1-C24
exit
vlan 10
name "VLAN10"
ip address 192.168.10.2 255.255.255.0
tagged A1-A2
exit
vlan 140
name "VLAN140"
tagged A1-A2
exit
vlan 20
name "VLAN20"
untagged A3-A4,B1-B24,C1-C24
ip address 192.168.20.2 255.255.255.0
tagged A1-A2
exit
vlan 30
name "VLAN30"
ip address 192.168.30.2 255.255.255.0
exit
vlan 40
name "VLAN40"
ip address 192.168.40.2 255.255.255.0
exit
gvrp
ip route 192.168.20.0 255.255.255.0 192.168.10.1
spanning-tree
password manager
password operator



; J4850A Configuration Editor; Created on release #E.11.03

hostname "Main3"
web-management management-url "

http://192.168.10.254:8040/rnd/device_help"

time timezone 60
module 2 type J4821A
module 3 type J4820A
module 4 type J4820A
module 1 type J4878A
interface B1
no lacp
exit
interface B2
no lacp
exit
interface B3
no lacp
exit
interface B4
no lacp
exit
interface C1
no lacp
exit
interface C2
no lacp
exit
interface C3
no lacp
exit
interface C4
no lacp
exit
interface C5
no lacp
exit
interface C6
no lacp
exit
interface C7
no lacp
exit
interface C8
no lacp
exit
interface C9
no lacp
exit
interface C10
no lacp
exit
interface C11
no lacp
exit
interface C12
no lacp
exit
interface C13
no lacp
exit
interface C14
no lacp
exit
interface C15
no lacp
exit
interface C16
no lacp
exit
interface C17
no lacp
exit
interface C18
no lacp
exit
interface C19
no lacp
exit
interface C20
no lacp
exit
interface C21
no lacp
exit
interface C22
no lacp
exit
interface C23
no lacp
exit
interface C24
no lacp
exit
interface D1
no lacp
exit
interface D2
no lacp
exit
interface D3
no lacp
exit
interface D4
no lacp
exit
interface D5
no lacp
exit
interface D6
no lacp
exit
interface D7
no lacp
exit
interface D8
no lacp
exit
interface D9
no lacp
exit
interface D10
no lacp
exit
interface D11
no lacp
exit
interface D12
no lacp
exit
interface D13
no lacp
exit
interface D14
no lacp
exit
interface D15
no lacp
exit
interface D16
no lacp
exit
interface D17
no lacp
exit
interface D18
no lacp
exit
interface D19
no lacp
exit
interface D20
no lacp
exit
interface D21
no lacp
exit
interface D22
no lacp
exit
interface D23
no lacp
exit
interface D24
no lacp
exit
sntp server 192.168.10.5
ip routing
timesync sntp
sntp unicast
sntp 1800
snmp-server community "public" Unrestricted
snmp-server community "private" Operator Unrestricted
snmp-server host 192.168.10.108 "public"
snmp-server host 192.168.10.31 "public"
snmp-server host 192.168.10.234 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A1,A3-A4
no ip address
no untagged A2,B1-B4,C1-C24,D1-D24
exit
vlan 10
name "VLAN10"
ip address 192.168.10.3 255.255.255.0
tagged A1-A4
exit
vlan 140
name "VLAN140"
tagged A1-A2
exit
vlan 20
name "VLAN20"
ip address 192.168.20.3 255.255.255.0
tagged A1-A4
exit
vlan 30
name "VLAN30"
untagged B1-B4,C1-C24,D1-D24
ip address 192.168.30.3 255.255.255.0
tagged A1-A4
exit
vlan 40
name "VLAN40"
ip address 192.168.40.3 255.255.255.0
tagged A1-A4
exit
gvrp
spanning-tree
password manager
password operator




; J4812A Configuration Editor; Created on release #F.05.69

hostname "Main4"
time daylight-time-rule Western-Europe
cdp run
mirror-port 1
interface 1
flow-control
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
ip default-gateway 192.168.10.1
sntp server 192.168.10.5
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server host 192.168.10.31 "public"
snmp-server host 192.168.10.26 "public"
snmp-server host 192.168.10.234 "public"
vlan 1
name "DEFAULT_VLAN"
untagged 13-14
no ip address
no untagged 1-12
monitor
exit
vlan 10
name "VLAN10"
untagged 1-12
ip address 192.168.10.25 255.255.255.0
tagged 13-14
exit
vlan 20
name "VLAN20"
ip address 192.168.20.25 255.255.255.0
tagged 13-14
exit
vlan 30
name "VLAN30"
ip address 192.168.30.25 255.255.255.0
tagged 13-14
exit
vlan 40
name "VLAN40"
ip address 192.168.40.25 255.255.255.0
tagged 13-14
exit
gvrp
primary-vlan 10
no aaa port-access authenticator active
password manager
password operator

P.S for DHCP spooling we have all ip set statically.

Thanks cavalieri