Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
0
Helpful
4
Replies

core switch config

harrisgirls
Level 1
Level 1

‎10-03-2011 12:58 PM - edited ‎03-07-2019 02:34 AM

Hello,

I thought i would post here as i know i've had some really good help here before and i know this is a hp question! - i dont ever get any replies on there forums!!!

I am testing and playing with a HP ProCurve  2610-24-PWR, I know this is a light version of a layer 3 switch, my  question is, i've set the switch up as a core switch i can access all  vlans and ping everything fine, my firewall is 192.168.1.250, if i go  onto a different vlan say 192.168.6.254 i cannot ping 192.168.1.250 or  access the internet, my config is below:

ostname "build-me-it-core-1"
time daylight-time-rule Western-Europe
console inactivity-timer 15
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
   name "bmi_svr"
   untagged 1-10,13-24
   ip address 192.168.1.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   no untagged 11-12
   ip igmp
   exit
vlan 2
   name "bmi_ilo"
   ip address 192.168.2.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 3 
name "bmi_cctv"
   ip address 192.168.3.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 4
   name "bmi_prt"
   ip address 192.168.4.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 5
   name "bmi_mgmt"
   ip address 192.168.5.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 6
   name "bmi_clients"
   untagged 11-12
   ip address 192.168.6.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
ip route 0.0.0.0 0.0.0.0 192.168.1.250
spanning-tree
spanning-tree priority 0 force-version RSTP-operation
password manager
password operator

build-me-it-core-1#
build-me-it-core-1#
build-me-it-core-1# show conf

Startup configuration:

; J9087A Configuration Editor; Created on release #R.11.30

hostname "build-me-it-core-1"
time daylight-time-rule Western-Europe
console inactivity-timer 15
ip routing
timesync sntp
snmp-server community "public" Unrestricted
vlan 1
   name "bmi_svr"
   untagged 1-10,13-24
   ip address 192.168.1.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   no untagged 11-12
   ip igmp
   exit
vlan 2
   name "bmi_ilo"
   ip address 192.168.2.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 3
   name "bmi_cctv"
   ip address 192.168.3.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 4
   name "bmi_prt"
   ip address 192.168.4.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 5
   name "bmi_mgmt"
   ip address 192.168.5.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
vlan 6
   name "bmi_clients"
   untagged 11-12
   ip address 192.168.6.254 255.255.255.0
   ip helper-address 192.168.1.51
   tagged 25-28
   ip igmp
   exit
ip route 0.0.0.0 0.0.0.0 192.168.1.250
spanning-tree
spanning-tree priority 0 force-version RSTP-operation
password manager
password operator

build-me-it-core-1#

build-me-it-core-1# show ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          192.168.1.250   1    static               1          1
  127.0.0.0/8        reject               static               0          250
  127.0.0.1/32       lo0                  connected            0          0
  192.168.1.0/24     bmi_svr         1    connected            0          0
  192.168.2.0/24     bmi_ilo         2    connected            0          0
  192.168.3.0/24     bmi_cctv        3    connected            0          0
  192.168.4.0/24     bmi_prt         4    connected            0          0
  192.168.5.0/24     bmi_mgmt        5    connected            0          0
  192.168.6.0/24     bmi_clients     6    connected            0          0

any ideas?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎10-03-2011 01:18 PM

First thing i would do is to check the firewall for 2 things -

1) does it have NAT setup for all the different subnets ?

2) does it have routes back to these subnets ie. if you are not running a routing protocol between the firewall and the HP switch then on the firewall for all non vlan 1 subnets eg -

route inside 192.168.2.0 255.255.255.0 192.168.1.254 (your vlan 1 IP address)

note the above syntax is for a pix/ASA firewall so if it is a different firewall you would need to adjust accordingly.

Jon

0 Helpful

harrisgirls
Level 1
Level 1
In response to Jon Marshall

‎10-03-2011 01:37 PM

i have a cisco 515 firewall, just checked static routes and there is only one:

outside | 0.0.0.0 | 0.0.0.0 | 78.xx.xxx.x | 1 | none

do i need to add

ip route 192.168.0.0 255.255.0.0 192.168.1.254

to the firewall?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to harrisgirls

‎10-03-2011 01:42 PM

Yes you do but not that syntax. Use this -

route inside 192.168.0.0 255.255.0.0 192.168.1.254

this covers all 192.168.x.0 networks. If that is okay then no problem, if there are other 192.168.x.0 networks reachable via another interface then you will need to have more specific routes for the 192.168.x.0 networks on your HP switch.

Also check that NAT is setup for these subnets.

Jon

0 Helpful

harrisgirls
Level 1
Level 1
In response to Jon Marshall

‎10-03-2011 01:44 PM

great thanks, i'll give it a try when i make deployment.

we only have a 192.168.x.x range.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card