| V-lan with trunk Hi Experts,
I need some help regarding the Vlan configuration as I am very new for Vlan. Attached is the diagram which I need to setup in my office.
I have Cisco C2960S-TS-L switches for production users and HP ProCurve Switch 4204vl as a L3 switch to handle all the traffic of production switches.
I have configured two Vlan (Vlan 2 and Vlan 3) in each Cisco production switches and I have two Vlan (Vlan 1 and Vlan 99) configured on HP L3 switch for Local network and for servers.
My requirement is that end user only need access of server and firewall vlan for internet and file storage access.
They need not to access pc to pc.
I have configured trunk from each cisco switch to V-Lan 1 of HP L3 switch
Switch1 Fast Ethernet 0/48 port connected to HP Fast Ethernet 0/1 port
Switch2 Fast Ethernet 0/48 port connected to HP Fast Ethernet 0/2 port
Switch3 Fast Ethernet 0/48 port connected to HP Fast Ethernet 0/3 port
Firewall and servers are connected to V-lan 99 in HP L3 switch.
I have configured all the three switches with following commands.
Switch 1
(config)#interface range fa0/1-24
(config-if-range)#switchport mode access
(config-if-range)#switchport access vlan 2
(config-if-range)#no shut
(config-if-range)#exit
(config)#interface range fa0/25-47
(config-if-range)#switchport mode access
(config-if-range)#switchport access vlan 3
(config-if-range)#no shut
(config-if-range)#exit
(config)#interface fa0/48
(config-if)#switchport mode trunk
(config-if)#no shut
(config-if)#exit
#copy run start
Same thing repeated for Switch 2 and 3
Configuration on HP ProCurve Switch 4204vl
Same trunk configuration has been done on Fast ethernet 0/1,0/2 and 0/3 port.
I am using 172.16.0.0/16 network in my scenario and firewall ip is 172.16.0.100
After this configuration I am not able to ping firewall from any cisco switch.
Please let me know what I am missing and where I am wrong in configuration.
Thanks in Advance |
|
| Without the configs of the Procurve, I'm speculating here, but at a guess
its because VLAN 2 and 3 don't exist on the procurve.
Do you have a 1:1 mapping for VLAN:IP address range? Ie. VLAN2 maps to
172.16.2.x, VLAN3 maps to 172.16.3.x, etc.
Regards |
|
Reviews:
 ·ntlworld
| Also, what is the configuration of the trunk (on the cisco units)? I am rusty at all this but the trunks would have to be members of VLANs 2 and 3? If the trunks send tagged packets then you'll need the same VLANs at the other end on the HP switch, and then you can route from there. If they're untagged packets then you'll no longer be able to separate the traffic on the HP switch if you need different routing rules, and you may have trouble preventing access between the VLANs.
And... erm, is that a single port trunk you've got? No need for a trunk in that case if there's only one wire between the switches, just add port 48 to both VLAN2 and VLAN3?
I'm not quite sure what the purpose of VLAN2 and VLAN3 is - are you merely wishing to separate the PCs into groups? (PCs in VLAN2 will still be able to access other PCs in VLAN2, etc, and I'm not quite sure if that's what you want...) If you want to prevent each PC from accessing any other PC then look into "private VLANs" if you want to use VLANs to do it - this restricts each port from communicating except with the uplink port.
Bob |
|
| oh... I suddenly realised, this is on the VPN forum. You might find more and even better help on the Networking forum!
Bob |
|
| reply to Breejesh
As stated, you may want to move this over to another forum, but since you're here, have you made sure that your HP L3 switch is running a command similar to CISCO's "ip routing?"
Additionally (if needed), something in this configuration is going to have to be set to enable all vlans to speak to each other. Also, when you set up your trunk, I didn't see the command "switchport trunk encapsulation dot1q" unless your HP switch (by default) only supports dot1q trunking.
Let me know if I'm off all together on this 
Jay |
|
