Wired Intelligent Edge

I'm (re-)configuring a ProCurve 2910al-48G-PoE+ (J9148A). I'm fairly new to this kind of stuff, and although I thought I had a reasonable understanding of routing etc. I can't seem to make the switch work the way I want.

Here's the situation:

I'm using the 2910al as a switch/router that's connected on port 1 to another switch that is connected to the internet. This other switch is configured to provide any router that is attached to its port 0 the following through DHCP:

IP Address: 89.188.30.198
Netmask: 255.255.255.252
Gateway: 89.188.30.197

I then want the 2910al to do the routing from there on, for 2 separate VLANs. Ports 3-24 are in VLAN 10, for Dep1, and ports 25-36 in VLAN 20, for Dep2. (Ports 37-48 are still in DEFAULT_VLAN, VLAN 1, and unused, as is VLAN 20 for now).

VLAN 10 (Dep1) has 5 WiFi Access Points connected to it, yet to be configured.

I've configured the switch as follows (output from 'show run'):

 

 

 

Running configuration:

; J9148A Configuration Editor; Created on release #W.14.38

hostname "ProCurve 2910al-48G-PoE Switch"
time timezone 1
time daylight-time-rule Western-Europe
module 1 type J9148A
interface 1
   name "WAN"
exit
interface 3
   name "AP1"
exit
interface 4
   name "AP2"
exit
interface 5
   name "AP3"
exit
interface 6
   name "AP4"
exit
interface 7
   name "AP5"
exit
ip default-gateway 89.188.30.197
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-2,37-48
   ip address dhcp-bootp
   no untagged 3-36
   exit
vlan 10
   name "Dep1"
   untagged 3-24
   ip address 172.0.1.1 255.255.255.0
   exit
vlan 20
   name "Dep2"
   untagged 25-36
   ip address 172.0.2.1 255.255.255.0
   exit
web-management ssl
ip route 0.0.0.0 0.0.0.0 89.188.30.197
snmp-server community "company" unrestricted
snmp-server contact "team@company.com" location "City"

 

 

 

'show ip' returns this:

 

 

 Internet (IP) Service

  IP Routing : Enabled


  Default TTL     : 64
  Arp Age         : 20
  Domain Suffix   :
  DNS server      :

  VLAN                 | IP Config  IP Address      Subnet Mask     Proxy ARP
  -------------------- + ---------- --------------- --------------- ---------
  DEFAULT_VLAN         | DHCP/Bootp 89.188.30.198   255.255.255.252 No
  Dep1                 | Manual     172.0.1.1       255.255.255.0   No
  Dep2                 | Manual     172.0.2.1       255.255.255.0   No

 

 

 

'show ip route':

 

 

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          89.188.30.197   1    static               1          1
  89.188.30.196/30   DEFAULT_VLAN    1    connected            1          0
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0
  172.0.1.0/24       Dep1            10   connected            1          0

 

 

 

I can't seem to get it to work, though. None of the ports provide a network connection, let alone internet.

What am I doing wrong?

#setup
#Networking
#configuration
#routing
#ProCurve
#2910al
#switch

Hi,

Your 2910al is doing IPv4 Routing but who is doing NAT on your scenario? AFAIK your 2910al is able to perform inter-VLANs routing (routing between VLAN it owns that are directly connected) and, through the route of last resort (0/0 via Next-Hop-Gateway), it is able to forward request for any other (non directly connected) networks to the Next Hop Gateway...but, again AFAIK, that gateway should be placed on the private address space...am I misunderstanding something here?

Dear Kaioost,

 

The ip address pool used for vlan 10(172.0.1.0/24) & vlan20(172.0.2.0/24) are belongs to private address. When you are accessing internet you need to use public ip address. You can achieve it in two ways.

1. You can use Network Adress Translation to change the ip address from private to public.

2. You have to use public address for vlan10 & vlan20. Which is not ideal.

You have to configure NAT for outgoing traffic of from vlan10 & vlan20.

Exactly...given that...that goes back to my first question: who is doing NAT on OP's network?
Clearly the other option of giving VLAN IP interfaces public IP addresses is neither ideal nor usual...

Thank you for your replies.

If I'm not mistaken, the switch/router before the ProCurve is doing the NAT. Unfortunately, I can't configure it, since it's owned by the ISP. I guess the easiest fix is adding a dedicated router in between, so I can configure NAT/port forwarding/etc.

Thanks for the insight!

---

@Kaioost wrote: If I'm not mistaken, the switch/router before the ProCurve is doing the NAT.

---

Well...if so setting the Default Gateway IP Address using a public IP Address sound quite strange if there is a gateway (which is directly connected to your HP Switch) is properly doing NAT. NAT means Network Address Translation...if you on your internal LAN are using Public IP Addressess I don't see how NAT is configured correctly and playing a role...I expect to see a Private IP Address (of your gateway device) used as Next Hop / Default Gateway to reach outer networks (usually Internet or what is not locally directly connected).