8

Just to start off with I am a Cisco guy that got placed into an HP project.

Basic topology overview from outside in:

  • ASA 5505 with two Ethernet connections to a 2610 switch.
  • This switch is then trunking* to a 2626 switch passing vlan 1 (untagged) and 100 (tagged) between them. (* - the Cisco definition of trunking rather than the HP definition of trunking)
  • I created SVIs on each of the switches for both VLANs for testing purposes.

I cannot get vlan 100 to pass across this link. I also have trunks configured to APs connected to the switch and cannot ping the vlan 100 BVI on the APs but can reach the vlan 1 BVI.

  • Port 25 on Access layer 2626 physically connects to port A1 of the Distribution layer 2610.
  • STP is not running at all on any switch (this is not my network I can't change this nor did I design this)

Distribution Sw 2610:

MP1-0# show run
ip default-gateway 10.100.100.100
vlan 1
name "DATA"
untagged 1-22,24-A1,B1
ip address 10.100.100.6 255.255.255.0
no untagged 23
exit
vlan 100
name "GUEST"
untagged 23
tagged 24-A1
ip address 10.100.102.6 255.255.255.0
exit

Access Sw 2626:

ip default-gateway 10.100.100.100
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 10.100.100.5 255.255.255.0
exit
vlan 100
name "GUEST"
ip address 10.100.102.5 255.255.255.0
tagged 15,25
exitt

From the ASA I can ping the vlan 100 SVI of the 2610 but not the 2626, i.e. it does not seem to be passing the "trunk" traffic

If I plug into an access port vlan 100 of the 2626 I can ping the SVI for vlan 100 as intended. I cannot ping across the "trunk" over vlan 100 but I can across vlan 1.

There may be something obvious I'm missing but please review my configuration and thank you for the assistance.

James
  • 143
  • 7
MichaelRwat
  • 81
  • 1
  • 3
  • 1
    What's the output of 'show trunk' and 'show vlan' on both switches? Any chance you could a simple diagram as well? –  Mar 13 '12 at 16:29
  • not STP? who designed this network? – The Unix Janitor Mar 13 '12 at 16:52
  • [diagram](http://imgur.com/jkOod). I am not able to remotely access this network. Show trunk should not have any output I am not configuring etherchannels (Using Cisco term for trunk) I just need vlan 1 and vlan 100 to pass across 1 link in betweenthe switches. As far as the vlans go it should be very simple. Distro (.6) port A1 tag vlan 100 untag vlan 1. Other switch has same vlan settings for the link connecting both switches just using port 25 on access switch. – MichaelRwat Mar 13 '12 at 18:14
  • Looks OK to me. At first I was confused about the untagged link to the ASA on VLAN 100. (Why is an ASA port wasted on a guest VLAN? I thought you meant the Cisco box was sending tagged traffic to the distribution switch.) I guess I'd check `show cdp` and `show lldp inf rem` but I'm not sure that will help much. – mpontillo Mar 15 '12 at 05:54
  • Looks like noone have an idea about this question. I'd suggest you to connect a pc to your trunk port, and analyze traffic using wireshark or any other analyzer. – DukeLion May 19 '12 at 09:01
  • I made a few edits to help clarify your question (e.g. 2610 was stated as 2910 in one place) - hope you don't mind. What's your ASA config for the links to the distribution switch? Also, if you're not using STP or Etherchannels, how hasn't this whole setup just melted into the floor through layer 2 loop chaos?...! :-D – James Aug 10 '12 at 05:07
  • Possible answer to why it hasn't melted into the floor: no loops. Yet. ;-) – Paul Gear Aug 28 '12 at 22:22

2 Answers2

1

HP use 802.1q not ISL

I presume that you are using two physical ports on the ASA. Please confirm what device connects with which port to what device for all devices, or create a simple diagram.

As a blind guess, I would presume that you have the tagged and untagged ports incorrectly assigned. On a HP switch, everything is on VLAN 1 unless changed.

If you are using Cisco Access Points, make sure they are set to 802.1q not ISL.

shouldbeq931
  • 509
  • 4
  • 15
0

I would highly suggest looking at this through the CLI menu system as it gives a matrix-like view of what's being tagged and where. I also would suggest not using VLAN1 as a vlan, just a personal preference but this has made things smoother for me in the past as VLANs on these switches can be quirky.

This link may help: http://www.skullbox.net/hp_procurve_vlan.php

scape
  • 365
  • 1
  • 3
  • 17