Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HP Procurve MultiVLAN Link between eachother

Status
Not open for further replies.

MichaelRWat

IS-IT--Management
Mar 13, 2012
2
0
0
US
Hey everyone, just to start off with I am a Cisco guy that got placed into an HP project.

Basic topology overview from outside in: ASA 5505 with two Ethernet connections to a 2910-24 port switch. This switch is then (Cisco Trunking) to a 2626 switch passing vlan (1 untagged and 100 tagged)between them. I created SVI's on each of the switches for both VLAN's for testing purposes.

I can not get vlan 100 to pass across this link. I also have trunks configured to AP's off of the switch and can not ping the vlan 100 BVI on the AP's but can reach the vlan 1 BVI.
Port 25 on Access layer (2626) connects (trunks) with port A1 of 2610.

STP is not running at all on any switch (this is not my network I can't change this nor did I design this)

Here is the configuration of both switches:
Distribution Sw:
MP1-0# show run
Running configuration:
; J9145A Configuration Editor; Created on release #W.14.38
hostname "MP1-0"
time timezone -5
module 1 type J9145A
module 2 type J9165A
module 3 type J9165A
stack commander "MP1"
stack auto-grab
stack member 1 mac-address 68B59996DF40
stack member 2 mac-address 68B599A46640
stack member 3 mac-address 68B599A4D740
interface 23
name "WatchGuard"
exit
interface 24
name "Cisco AP"
exit
ip default-gateway 10.100.100.100
vlan 1
name "DATA"
untagged 1-22,24-A1,B1
ip address 10.100.100.6 255.255.255.0
no untagged 23
exit
vlan 100
name "GUEST"
untagged 23
tagged 24-A1
no ip address
exit
web-management ssl
ip authorized-managers 10.100.100.7 255.255.255.255 access manager
ip authorized-managers 10.100.100.34 255.255.255.255 access manager
ip authorized-managers 10.100.100.8 255.255.255.255 access manager
ip authorized-managers 10.100.100.13 255.255.255.255 access manager
ip authorized-managers 10.100.100.21 255.255.255.255 access manager
ip authorized-managers 10.100.100.211 255.255.255.255 access manager
ip authorized-managers 10.100.100.32 255.255.255.255 access manager
ip authorized-managers 10.100.100.191 255.255.255.255 access manager
ip authorized-managers 10.100.100.192 255.255.255.255 access manager
snmp-server community "baytech"
snmp-server community "Administrator"
snmp-server contact "helpdesk.btfl.com " location "Corp., Tampa, FL"
no autorun
password manager
password operator


Access Sw:
; J4900B Configuration Editor; Created on release #H.08.60
hostname "HP ProCurve Switch 2626"
snmp-server location "marketing back hall closet"
mirror-port 8
ip default-gateway 10.100.100.100
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 10.100.100.5 255.255.255.0
exit
vlan 100
name "GUEST"
no ip address
tagged 15,25
exit
password manager
password operator

From the ASA I can ping the vlan 100 address of the 2610 but not the 2626 (10.100.102.6)
If I plug into an access port vlan 100 of the 2626 I can ping the SVI for vlan 100 as intended. I can not ping across the "trunk" over vlan 100 but I can across vlan 1.

There may be something obvious I'm missing but please review my configuration and thank you for the assistance.
 
So are you using the ASA as the core routing device? You really don't mention anything about the ASA config and that's where the problem might be. You have two ethernet connections going to the switch from the ASA, are you saying you have these in a (HP trunk group) or are you making two layer 2 connections to the same switch, one on the VLAN1 side and one on the VLAN100 side? Neither of the HP's are doing routing, so you need to make sure you have correct allowances in your ASA (again, assuming your using the ASA as your routing device).

Sorry for the rambling of thought, doing this from the road.
 
The ASA should not even be touched for what I am trying to do I don't believe. I attached a diagram of the network.
Going to the ASA is not a port-channel it is two separate Ethernet connections, 1 for each vlan.

In order for me to ping from HP to HP over the "cisco term trunk" it should be able to reach the other switch without getting to the ASA.

Pinging from 10.100.102.5 to .6.

I labbed this with Cisco gear and it did not touch the ASA when pinging from sw to sw. (debugged ip packets on ASA when pinging)
Unless HP acts differently then Cisco when I would be doing this ping.

jkOod.png
 
I don't know why you're trying to ping VLAN100 addresses on the switches - they don't exist - your switches have addresses in VLAN1.

1/ Create an "untagged" port in VLAN 100 on each switch.

2/ Give your laptop an IP address in VLAN100 and turn off its Windows firewall

3/ Patch your laptop into each of the switches in turn and see if the ASA can ping it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top