×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

HELP!! - VLAN Issue

HELP!! - VLAN Issue

HELP!! - VLAN Issue

(OP)
We have three sites linked by three private 10MB LES connections as a triangle with an HP Procurve switch in each site in addition OFFICE 1 site has a Cisco router in place. Currently each site has it's own class C address and we have individual VLAN's on each leg of the LES links and route from the internal Class C address to the VLAN.

We were having quality issues with a VOIP link between two phone systems that are located in OFFICE2 and OFFICE3 sites. The phone systems are digital internally and only use VOIP for the link between the sites. We planned & added an additional VLAN across OFFICE2 and OFFICE3 sites, we configured VLAN number 8 (see config below) on both switches @ office 2 & 3 so we coould move the phone systems to this VLAN which would remove the routing overhead that is currently in place.

Please see config below - the newly setup VLANS8 can't ping themselves, 192.168.30.1 & 192.168.30.2, they can't reach themselves or ping them selves. But all the other VLANS setup 4 months ago work OK except for this new one - VLAN8.

PLEASE ADVISE WHAT CAN BE DONE OR CHANGED TO RESOLVE THE VLAN8 PROBLEM ON BOTH SWITCHES - PLEASE SEE CONFIG BELOW FOR BOTH SWITCHES:

OFFICE2

hostname "OFFICE2"
 
snmp-server location "OFFICE2"
module 1 type J4878A
module 2 type J4907A
module 3 type J4820A
module 4 type J4820A
interface C23
   name "PABX"
exit
interface D16
   name "Citrix Local"
exit
interface D22
   name "CONSOLE"
exit
interface D23
   speed-duplex 10-full
exit
interface D24
   speed-duplex 10-full
exit
sntp server 192.168.16.220
ip routing
timesync sntp
sntp unicast
snmp-server community "pic"
snmp-server community "con" Operator
snmp-server host 192.168.16.221 "public"
snmp-server host 192.168.16.147 "public"
snmp-server host 192.168.16.220 "public" Not-INFO
vlan 1
   name "LAN"
   untagged A1-A4,B1-B16,C1-C22,C24,D1-D19,D21
   ip address 192.168.0.254 255.255.255.0
   qos priority 3
   no untagged C23,D20,D22-D24
   ip igmp
   exit
vlan 2
   name "Iham"
   untagged D24
   ip address 10.0.0.5 255.255.255.252
   qos priority 5
   exit
vlan 3
   name "Sings"
   untagged D23
   ip address 10.0.0.2 255.255.255.252
   qos priority 5
   exit
vlan 7
   name "Netscreen"
   untagged D20
   ip address 9.0.0.18 255.255.255.248
   qos priority 1
   tagged D23
   exit
vlan 8
   name "VOIP"
   untagged C23,D22
   ip address 192.168.30.1 255.255.255.0
   qos priority 7
   voice
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
no fault-finder broadcast-storm
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
qos protocol IP priority 3
qos protocol IPX priority 1
qos protocol ARP priority 0
qos protocol DEC_LAT priority 1
qos protocol AppleTalk priority 1
qos protocol SNA priority 1
qos protocol NetBEUI priority 1
spanning-tree
router rip
   redistribute static
   exit
vlan 2
   ip rip
   exit
vlan 3
   ip rip
   exit
vlan 8
   ip rip
   exit
password manager


OFFICE 3
; J4819A Configuration Editor; Created on release #E.10.52

hostname "OFFICE3"
 
snmp-server location "OFFICE3"
flow-control
module 1 type J4907A
module 4 type J4820A
module 5 type J4820A
module 7 type J4820A
module 8 type J4820A
module 2 type J4820B
module 6 type J4820A
interface A1
   name "IC1-P23"
   no lacp
exit
interface A2
   name "Videss"
exit
interface A3
   name "File Print"
exit
interface A4
   name "Exchange-1"
   flow-control
exit
interface A5
   name "Exchange-2"
   flow-control
exit
interface A8
   name "IC3-P23"
   no lacp
exit
interface A9
   name "IC3-P24"
   no lacp
exit
interface A10
   name "ESX"
exit
interface A13
   name "Storage Server"
exit
interface A16
   name "IC1-P24"
   no lacp
exit
interface B8
   name "MCarr"
exit
interface B17
   name "PABX-SYS"
exit
interface B22
   name "NF_Mail"
exit
interface B23
   name "NF_Videss"
exit
interface B24
   name "NF_Mail"
exit
interface G3
   name "HR(69)"
exit
interface G9
   name "Port 33"
exit
interface G18
   name "G"
exit
interface H6
   name "Link to 3rd"
exit
interface H12
   name "Link to 3rd"
exit
interface H19
   name "IR3300i (5880)"
exit
interface H20
   name "CS (25)"
exit
interface H23
   name "ChLink"
   speed-duplex 10-full
exit
interface H24
   name "Link"
   speed-duplex 10-full
exit
interface E4
   name "Port 47 3300i 1FL"
exit
interface E9
   name "Port 26"
exit
interface E19
   name "NS (34)"
exit
interface E21
   name "AW"
exit
interface D5
   name "Port 45"
exit
interface D13
   name "CONSOLE"
exit
trunk A1,A16 Trk2 Trunk
trunk A8-A9 Trk3 Trunk
sntp server 192.168.16.220
ip routing
timesync sntp
snmp-server community "pic" Operator
vlan 1
   name "LAN"
   forbid H23-H24
   untagged A2-A7,A10-A15,B1-B16,B18-B24,D1-D12,D14-D24,E1-E24,F1-F24,G1-G24,H1-H22,Trk2-Trk3
   ip address 192.168.16.254 255.255.255.0
   qos priority 3
   no untagged B17,D13,H23-H24
   ip igmp
   exit
vlan 3
   name "Les"
   untagged H24
   ip address 10.0.0.1 255.255.255.252
   qos priority 5
   exit
vlan 7
   name "Netscreen"
   ip address 9.0.0.17 255.255.255.248
   qos priority 1
   exit
vlan 4
   name "LES-W"
   untagged H23
   ip address 10.0.0.10 255.255.255.252
   qos priority 5
   exit
vlan 8
   name "VOIP"
   untagged B17,D13
   ip address 192.168.30.2 255.255.255.0
   qos priority 7
   voice
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
no fault-finder broadcast-storm
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
qos tcp-port 1897 priority 6
qos tcp-port 1898 priority 6
qos protocol IP priority 3
qos protocol IPX priority 1
qos protocol ARP priority 0
qos protocol DEC_LAT priority 1
qos protocol AppleTalk priority 1
qos protocol SNA priority 1
qos protocol NetBEUI priority 1
ip route 0.0.0.0 0.0.0.0 192.168.16.250
ip route 10.0.0.0 255.0.0.0 reject
ip route 192.168.0.0 255.255.0.0 reject
spanning-tree
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
router rip
   redistribute static
   exit
vlan 3
   ip rip
   exit
vlan 4
   ip rip
   exit
vlan 8
   ip rip
   exit
password manager


 

RE: HELP!! - VLAN Issue

It looks like what your doing is routing between your sites, and that's correct. What you are thinking it will do is (and using Cisco terminology, sorry) is trunk between the sites and it cannot, your already routing. So as an example 9and this is guessing at your connections only by the IP address scheme):
Your site 2
vlan 3
   name "Sings"
   untagged D23
   ip address 10.0.0.2 255.255.255.252
   qos priority 5
   exit

Your site 3
vlan 3
   name "Les"
   untagged H24
   ip address 10.0.0.1 255.255.255.252
   qos priority 5
   exit

As you see they are both in the same small (mask) subnet. So you would have to route to this network to pass traffic between the two sites.

What you are thinking to do is (again Cisco term) trunk between the two switches, that is pass all or some vlans down a pipe for an entire class C network and again you have to choose one or the other. Routing as setup is the correct answer. So you will create a new subnet at one of your sites, site 3 for example and just have the switch route like it's doing for your other subnets.

Hope that made since, had to answer in a hurry, late for a date.
 

RE: HELP!! - VLAN Issue

(OP)
i think i understand what you mean but how d i go about it? please give full details of config.  and also tell me what to change as per VLAN8 - how will the new trunk (vlan8) work between offices 2 & 3?  

i will wait till you get back from ur date ... wish u have a lovely date

RE: HELP!! - VLAN Issue

(OP)
To recap again, we want this new trunk/vlan8 to route ONLY voip traffic thus the concept of creating a new vlan with new ip addressing - hope this is clear enough

RE: HELP!! - VLAN Issue

So in essense, stop thinking in terms of virtual lans and trunking that happen at layer 2; what you want to do is think physical lans and routing that happen at layer 3.
Also, think of VLANs in your configuration just names for interfaces where you can have mutiple ports be part of that one interface.

You are going to for example create a new subnet on VLAN8 at site 3 (since your not passing vlans down the "pipe" (layer2), it does not matter what you name the vlans, they don't have to be the same numbers since we're talking passing traffic via L3 and not L2...wanted to make sure you understand that. Now having the vlans the same name in this situation is fine since you know it's more for a naming standard than functionality in this situation).

So site 2
vlan 8
   name "VOIP"
   untagged C23,D22
   ip address 192.168.30.1 255.255.255.0
   qos priority 7
   voice
   exit
Site 3 might be
vlan 8
   name "VOIP"
   untagged B17,D13
   ip address 192.168.31.1 255.255.255.0
   qos priority 7
   voice
   exit

This puts your voice on different lan subnets at sites 2 & 3, which is all your doing specifying virtual lans at each site (it's just that they are two different subnets that route instead of having the one subnet span across the "pipe" like your trying to do via your thought process), your specifying the qos priority of 7 so traffic for these subnets will be tagged at a higher priority than traffic from your other local subnets. If "ip routing" is enabled at your local switches, then the subnets route between each other since they are directly connected interfaces on that switch. Routing between L3 switches happens either via static routes or a routing protocol, I see you are using both static and RIP.

"we want this new trunk/vlan8 to route ONLY voip traffic"... unless you plan to put other services on that subnet, then the only traffic that will on that subnet will be your VoIP traffic. It's what you created this new subnet for. If you do plan to put something else, don't know why you would, but if you do and don't want those services to route, then you'd have to create ACLs to block or allow accordingly.

Hope I could help.

RE: HELP!! - VLAN Issue

(OP)
this is great. About static & rip, is it not wise to use both?

RE: HELP!! - VLAN Issue

(OP)
lastly, what was wrong with the initial config setup that it failed to work?

RE: HELP!! - VLAN Issue

Site 2
vlan 8
   name "VOIP"
   untagged C23,D22
   ip address 192.168.30.1 255.255.255.0
   qos priority 7
   voice
   exit
Site 3
vlan 8
   name "VOIP"
   untagged B17,D13
   ip address 192.168.30.2 255.255.255.0
   qos priority 7
   voice
   exit
As you can see, two sites, separated by routed networks, and you were trying to have the same network subnet (30.1 & 30.2) span across a routed layer3 network (ain't gonna happen). Again, the only way you could have made that work would have been to change to doing layer 2 trunking across instead of layer 3 routing which would have forced you to change everything else also.

In regards to the static and rip, that's fine. Static is a lower cost than RIP so it will take precedence over your learned routes.

RE: HELP!! - VLAN Issue

(OP)
u r a STAR. Thx.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close