HELP!! - VLAN Issue 1

[amakakemi]

We have three sites linked by three private 10MB LES connections as a triangle with an HP Procurve switch in each site in addition OFFICE 1 site has a Cisco router in place. Currently each site has it’s own class C address and we have individual VLAN’s on each leg of the LES links and route from the internal Class C address to the VLAN.

We were having quality issues with a VOIP link between two phone systems that are located in OFFICE2 and OFFICE3 sites. The phone systems are digital internally and only use VOIP for the link between the sites. We planned & added an additional VLAN across OFFICE2 and OFFICE3 sites, we configured VLAN number 8 (see config below) on both switches @ office 2 & 3 so we coould move the phone systems to this VLAN which would remove the routing overhead that is currently in place.

Please see config below - the newly setup VLANS8 can't ping themselves, 192.168.30.1 & 192.168.30.2, they can't reach themselves or ping them selves. But all the other VLANS setup 4 months ago work OK except for this new one - VLAN8.

PLEASE ADVISE WHAT CAN BE DONE OR CHANGED TO RESOLVE THE VLAN8 PROBLEM ON BOTH SWITCHES - PLEASE SEE CONFIG BELOW FOR BOTH SWITCHES:

OFFICE2

hostname "OFFICE2"

snmp-server location "OFFICE2"
module 1 type J4878A
module 2 type J4907A
module 3 type J4820A
module 4 type J4820A
interface C23
name "PABX"
exit
interface D16
name "Citrix Local"
exit
interface D22
name "CONSOLE"
exit
interface D23
speed-duplex 10-full
exit
interface D24
speed-duplex 10-full
exit
sntp server 192.168.16.220
ip routing
timesync sntp
sntp unicast
snmp-server community "pic"
snmp-server community "con" Operator
snmp-server host 192.168.16.221 "public"
snmp-server host 192.168.16.147 "public"
snmp-server host 192.168.16.220 "public" Not-INFO
vlan 1
name "LAN"
untagged A1-A4,B1-B16,C1-C22,C24,D1-D19,D21
ip address 192.168.0.254 255.255.255.0
qos priority 3
no untagged C23,D20,D22-D24
ip igmp
exit
vlan 2
name "Iham"
untagged D24
ip address 10.0.0.5 255.255.255.252
qos priority 5
exit
vlan 3
name "Sings"
untagged D23
ip address 10.0.0.2 255.255.255.252
qos priority 5
exit
vlan 7
name "Netscreen"
untagged D20
ip address 9.0.0.18 255.255.255.248
qos priority 1
tagged D23
exit
vlan 8
name "VOIP"
untagged C23,D22
ip address 192.168.30.1 255.255.255.0
qos priority 7
voice
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
no fault-finder broadcast-storm
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
qos protocol IP priority 3
qos protocol IPX priority 1
qos protocol ARP priority 0
qos protocol DEC_LAT priority 1
qos protocol AppleTalk priority 1
qos protocol SNA priority 1
qos protocol NetBEUI priority 1
spanning-tree
router rip
redistribute static
exit
vlan 2
ip rip
exit
vlan 3
ip rip
exit
vlan 8
ip rip
exit
password manager


OFFICE 3
; J4819A Configuration Editor; Created on release #E.10.52

hostname "OFFICE3"

snmp-server location "OFFICE3"
flow-control
module 1 type J4907A
module 4 type J4820A
module 5 type J4820A
module 7 type J4820A
module 8 type J4820A
module 2 type J4820B
module 6 type J4820A
interface A1
name "IC1-P23"
no lacp
exit
interface A2
name "Videss"
exit
interface A3
name "File Print"
exit
interface A4
name "Exchange-1"
flow-control
exit
interface A5
name "Exchange-2"
flow-control
exit
interface A8
name "IC3-P23"
no lacp
exit
interface A9
name "IC3-P24"
no lacp
exit
interface A10
name "ESX"
exit
interface A13
name "Storage Server"
exit
interface A16
name "IC1-P24"
no lacp
exit
interface B8
name "MCarr"
exit
interface B17
name "PABX-SYS"
exit
interface B22
name "NF_Mail"
exit
interface B23
name "NF_Videss"
exit
interface B24
name "NF_Mail"
exit
interface G3
name "HR(69)"
exit
interface G9
name "Port 33"
exit
interface G18
name "G"
exit
interface H6
name "Link to 3rd"
exit
interface H12
name "Link to 3rd"
exit
interface H19
name "IR3300i (5880)"
exit
interface H20
name "CS (25)"
exit
interface H23
name "ChLink"
speed-duplex 10-full
exit
interface H24
name "Link"
speed-duplex 10-full
exit
interface E4
name "Port 47 3300i 1FL"
exit
interface E9
name "Port 26"
exit
interface E19
name "NS (34)"
exit
interface E21
name "AW"
exit
interface D5
name "Port 45"
exit
interface D13
name "CONSOLE"
exit
trunk A1,A16 Trk2 Trunk
trunk A8-A9 Trk3 Trunk
sntp server 192.168.16.220
ip routing
timesync sntp
snmp-server community "pic" Operator
vlan 1
name "LAN"
forbid H23-H24
untagged A2-A7,A10-A15,B1-B16,B18-B24,D1-D12,D14-D24,E1-E24,F1-F24,G1-G24,H1-H22,Trk2-Trk3
ip address 192.168.16.254 255.255.255.0
qos priority 3
no untagged B17,D13,H23-H24
ip igmp
exit
vlan 3
name "Les"
untagged H24
ip address 10.0.0.1 255.255.255.252
qos priority 5
exit
vlan 7
name "Netscreen"
ip address 9.0.0.17 255.255.255.248
qos priority 1
exit
vlan 4
name "LES-W"
untagged H23
ip address 10.0.0.10 255.255.255.252
qos priority 5
exit
vlan 8
name "VOIP"
untagged B17,D13
ip address 192.168.30.2 255.255.255.0
qos priority 7
voice
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
no fault-finder broadcast-storm
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
qos tcp-port 1897 priority 6
qos tcp-port 1898 priority 6
qos protocol IP priority 3
qos protocol IPX priority 1
qos protocol ARP priority 0
qos protocol DEC_LAT priority 1
qos protocol AppleTalk priority 1
qos protocol SNA priority 1
qos protocol NetBEUI priority 1
ip route 0.0.0.0 0.0.0.0 192.168.16.250
ip route 10.0.0.0 255.0.0.0 reject
ip route 192.168.0.0 255.255.0.0 reject
spanning-tree
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
router rip
redistribute static
exit
vlan 3
ip rip
exit
vlan 4
ip rip
exit
vlan 8
ip rip
exit
password manager

 

[cajuntank]

It looks like what your doing is routing between your sites, and that's correct. What you are thinking it will do is (and using Cisco terminology, sorry) is trunk between the sites and it cannot, your already routing. So as an example 9and this is guessing at your connections only by the IP address scheme):
Your site 2
vlan 3
name "Sings"
untagged D23
ip address 10.0.0.2 255.255.255.252
qos priority 5
exit

Your site 3
vlan 3
name "Les"
untagged H24
ip address 10.0.0.1 255.255.255.252
qos priority 5
exit

As you see they are both in the same small (mask) subnet. So you would have to route to this network to pass traffic between the two sites.

What you are thinking to do is (again Cisco term) trunk between the two switches, that is pass all or some vlans down a pipe for an entire class C network and again you have to choose one or the other. Routing as setup is the correct answer. So you will create a new subnet at one of your sites, site 3 for example and just have the switch route like it's doing for your other subnets.

Hope that made since, had to answer in a hurry, late for a date.

 

[amakakemi]

i think i understand what you mean but how d i go about it? please give full details of config. and also tell me what to change as per VLAN8 - how will the new trunk (vlan8) work between offices 2 & 3?

i will wait till you get back from ur date ... wish u have a lovely date

 

[amakakemi]

To recap again, we want this new trunk/vlan8 to route ONLY voip traffic thus the concept of creating a new vlan with new ip addressing - hope this is clear enough

 

[cajuntank]

So in essense, stop thinking in terms of virtual lans and trunking that happen at layer 2; what you want to do is think physical lans and routing that happen at layer 3.
Also, think of VLANs in your configuration just names for interfaces where you can have mutiple ports be part of that one interface.

You are going to for example create a new subnet on VLAN8 at site 3 (since your not passing vlans down the "pipe" (layer2), it does not matter what you name the vlans, they don't have to be the same numbers since we're talking passing traffic via L3 and not L2...wanted to make sure you understand that. Now having the vlans the same name in this situation is fine since you know it's more for a naming standard than functionality in this situation).

So site 2
vlan 8
name "VOIP"
untagged C23,D22
ip address 192.168.30.1 255.255.255.0
qos priority 7
voice
exit
Site 3 might be
vlan 8
name "VOIP"
untagged B17,D13
ip address 192.168.31.1 255.255.255.0
qos priority 7
voice
exit

This puts your voice on different lan subnets at sites 2 & 3, which is all your doing specifying virtual lans at each site (it's just that they are two different subnets that route instead of having the one subnet span across the "pipe" like your trying to do via your thought process), your specifying the qos priority of 7 so traffic for these subnets will be tagged at a higher priority than traffic from your other local subnets. If "ip routing" is enabled at your local switches, then the subnets route between each other since they are directly connected interfaces on that switch. Routing between L3 switches happens either via static routes or a routing protocol, I see you are using both static and RIP.

"we want this new trunk/vlan8 to route ONLY voip traffic"... unless you plan to put other services on that subnet, then the only traffic that will on that subnet will be your VoIP traffic. It's what you created this new subnet for. If you do plan to put something else, don't know why you would, but if you do and don't want those services to route, then you'd have to create ACLs to block or allow accordingly.

Hope I could help.

 

[amakakemi]

this is great. About static & rip, is it not wise to use both?

 

[amakakemi]

lastly, what was wrong with the initial config setup that it failed to work?

 

[cajuntank]

Site 2
vlan 8
name "VOIP"
untagged C23,D22
ip address 192.168.30.1 255.255.255.0
qos priority 7
voice
exit
Site 3
vlan 8
name "VOIP"
untagged B17,D13
ip address 192.168.30.2 255.255.255.0
qos priority 7
voice
exit
As you can see, two sites, separated by routed networks, and you were trying to have the same network subnet (30.1 & 30.2) span across a routed layer3 network (ain't gonna happen). Again, the only way you could have made that work would have been to change to doing layer 2 trunking across instead of layer 3 routing which would have forced you to change everything else also.

In regards to the static and rip, that's fine. Static is a lower cost than RIP so it will take precedence over your learned routes.

 

[amakakemi]

u r a STAR. Thx.