The original poster seems to believe that configuring the router port as an access port implies that the device on the other end would be a host end point. That is not the case. It is perfectly ok to configure the router port as an access port and to connect it to a port on the switch which is configured as an access port in vlan 20.

I do not see any benefit in configuring Gi0/1/0 as a trunk port. And configuring it as a trunk will now create the situation where there are two trunk interfaces connecting the router to the Procurve which means two different paths between router and Procurve for each vlan, and Spanning Tree will now see a potential loop and will need to put one of them into blocking mode.

The original post says that the objective was to have the new vlan/subnet for servers to connect to its own physical interface on the router. It seems to me that the cleanest way to do this is to configure an access port in vlan 20 on the router port and connect it to a switch port configured as an access port in vlan 20 and to exclude vlan 20 from the Procurve trunk port.

HTH

Rick

Hi brockwittrock,

You can do it the way Richard suggests as well by adding another cable as an access port on VLAN 20. This will meet your network requirements.

The method I suggested will also meet your network requirements and is a scalable solution. If you later decide to add more VLANs, you need only create more sub-interfaces. But again, both ways are valid.

If any of your HP Procurve switches happen to be a 2920, then you could instead use the switch to route the VLANs. I know this isn't the question you asked, but in terms of meeting your network requirements I want to suggest it to you so you're aware of all your options. If you want to go with this option I can tell you how to configure your Procurve.

I hope this helps!

Regards,

Tim

Thanks Tim.  I will keep this in mind if I am unable to get my original plan of implementation to work.

I was just going to say what Tim Y said, (good thing I read the whole thread). Essentially if your HP switches are Layer 3 & capable of routing. It would be much better to configure the network that way.

Following is based on assumption that you do have Layer 3 switches.

If your HP switches are stacked then great, then just plug all the servers on the same switch.

If not, then plug the servers as you see fit, and then just use LACP between switches(if you aren't already doing so)

So all the vlans are on switches, configure the SVI's and then cisco would just be default route.

depending on your HP switches you may be able to use OSPF etc. or at them minimum static routes to your other networks.

Tim,

I think I'll take you up on your offer to hear how to route vlans via the ProCurve switches just to help me make a decision on what I should do next as we are still battling the setup I described above.

Thanks!

Hi,

What are the models of your HP switches and versions? We need to first confirm if your HP Procurves are capable of layer 3 switching.

Note that if you take this path, you should expect an outage. Your switch will become the new default gateway for your devices. To avoid changing their network settings, you will give the switch the IP the router has for VLAN 1, and give the router a different IP address. When you do so, your devices will automatically have the switch as their default gateway, but their ARP cache will have the router MAC. The HP switch may support gratuitous ARP, however if not you will have to either wait for those ARP entries on the devices to time out, or manually clear them with "arp -d *" in a command prompt.

This is the way I would go if I had layer 3 switches, but it is more work and a higher learning curve for you. If you would prefer under your circumstances to go with my original suggestion, I can help you do that as well. 

Regards,

TIm

Thanks Rick.  Your suggestion was my thoughts exactly when I originally started to think through all of this.  I actually tried to set it up that way, but could not get the new port to come up.  I have configured the same way again, but still shows as down.  Here are the relevant excerpts from the router config:

interface GigabitEthernet0/1/0
description SERVER_LAN
switchport access vlan 20
no ip address
!

interface Vlan20
ip address A.B.C.D 255.255.255.0
ip helper-address x.x.x.x
ip flow ingress
!

On the ProCurve side I have created Vlan 20 and set the necessary ports (just two of them for testing at the moment) to untagged on Vlan 20, which if I'm understanding things correctly is similar to Cisco's idea of access port.

Is the basic router config provided above correct at least on the router side?

What am I missing here?

Also thanks for clarifying my misunderstanding of an access port!

What I see in the Cisco config looks appropriate. I do not see anything that creates the vlan, and am not sure if that matters in this particular switch implementation. You might try adding something like this to the config and see if it helps

vlan 20

name Server>LAN

What does the Cisco give you as output for show interface? Does this model support the command show interface status? If so could you post that output? And what about the output of show vlan? And if it supports it the output of show interface switchport

HTH

Rick

I created the VLAN and gave it a name.  Here is the output from the show interface Vlan 20.

Vlan20 is down, line protocol is down
Hardware is EtherSVI, address is 881d.fc18.7423 (bia 881d.fc18.7423)
Internet address is x.x.x.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 2w3d, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
634904 packets input, 146971395 bytes, 0 no buffer
Received 5074 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
594585 packets output, 75234453 bytes, 0 underruns
0 output errors, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

show interface status

Gi0/1/0 SERVER_LAN notconnect 20 auto auto 10/100BaseTX/1000BaseT

And here is the output for show interface for that particular interface.

Name: Gi0/1/0
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 20 (SERVER_LAN)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: none
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none

Doing a show vlans only gives me our VLAN 1 and 10 vlans.

Thanks for the additional information. It shows several things that should be noted:

- the interface status shows not connected. So is something physically connected to Gi0/1/0?

Gi0/1/0 SERVER_LAN notconnectt 20 auto auto 10/100BaseTX/1000BaseT

- if show vlan shows only vlan 1 and 10 then it sounds like 20 may not have been created. You might try something like this

vlan 20

name SERVER_LAN

HTH

Rick

Our network is still small enough that performance isn't really an issue.  Thank you for your input though!

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Cisco recommends a 2911 for up to 35 Mbps of throughput.  As you mentioned servers (plural) and gig interfaces, you're sure performance won't be an issue?

You also mention other remote locations, so besides possibly dramatically decreasing your LAN performance, if your LAN is all L2 now, you might also adversely impact performance to your other remote (WAN) locations when your 2911 starts doing LAN routing.