HP Procurve 2920 VLANs with DHCP cannot ping

Question

I have problem setting up working VLANs and DHCP server on HP Procurve 2920. My problem is that I cannot even ping computers between VLANs with static ip addresees.

winXP pc on VLAN101 with 192.168.1.1 static IP default gateway 192.168.1.2 win2008 server on VLAN100 with 192.168.0.1 and gateway 192.168.0.2

The problem is that I cannot even ping clients between VLANs, with windows firewall disabled and even with allow rule on ICMPv4 protocol. I can ping switch ports from both machines(192.168.0.2 and 192.168.1.2).

DHCP server is on VLAN100, clients that should get IP addresses are on other VLANs, so far I created only 2 VLANs for testing purposes(but lets not focus on DHCP because I cant even communicate with clients with ip routing on). I did factory reset on the switch. Below you see what I've done and thought would be enough.

hostname "HP-2920-24G"
module 1 type j9726a
ip routing
snmp-server community "public" unrestricted
oobm
   ip address dhcp-bootp
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-2,20,24
   untagged 3-19,21-23,A1-A2,B1-B2
   ip address dhcp-bootp
   exit
vlan 100
   name "DHCP"
   untagged 20,24
   ip address 192.168.0.2 255.255.255.0
   exit
vlan 101
   name "Assy bench #1"
   untagged 1
   ip address 192.168.1.2 255.255.255.0
   ip helper-address 192.168.0.1
   exit
vlan 102
   name "Assy bench #2"
   untagged 2
   ip address 192.168.2.2 255.255.255.0
   ip helper-address 192.168.0.1
   exit

For this config I've tried many things, adding ip default-gateway 192.168.0.1(even though it shouldn't be needed with ip routing enabled from what I've found on forums); adding route 0.0.0.0/0 192.168.0.1; adding primary-vlan 100; adding spanning-tree enabled; adding route 192.168.0.0/24 192.168.0.1 etc... I feel like i tried everything I could on the switch side. I started to get a feeling that DHCP server is somehow wrong, but i thought at least the pings would work with this setup. DHCP worked when PC connected onto DHCP vlan(thats why I've added 2nd port to VLAN for testing purposes) Actualy the funny thing is, the day before I tried the factory reset, DHCP assigned IP on the client, but only once and we dont know why and it did not happen again.

Would appreciate if anyone has maybe some useful insight. I feel lost since I did not expect any huge obstacles with such a simple setup.

EDIT #1:

HP-2920-24G(config)# show ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0
  192.168.0.0/24     DHCP            100  connected            1          0
  192.168.1.0/24     Assy bench #1   101  connected            1          0

SHOW IP:

HP-2920-24G(vlan-101)# show ip

 Internet (IP) Service

  IP Routing : Enabled


  Default TTL     : 64
  Arp Age         : 20
  Domain Suffix   :
  DNS server      :

                       |                                            Proxy ARP
  VLAN                 | IP Config  IP Address      Subnet Mask     Std  Local
  -------------------- + ---------- --------------- --------------- ----------
  DEFAULT_VLAN         | DHCP/Bootp
  DHCP                 | Manual     192.168.0.2     255.255.255.0    No    No
  Assy bench #1        | Manual     192.168.1.2     255.255.255.0    No    No
  Assy bench #2        | Manual     192.168.2.2     255.255.255.0    No    No

PINGS:

HP-2920-24G(config)# ping 192.168.0.1
192.168.0.1 is alive, time = 3 ms
HP-2920-24G(config)# ping 192.168.0.2
192.168.0.2 is alive, time = 1 ms
HP-2920-24G(config)# ping 192.168.1.2
192.168.1.2 is alive, time = 1 ms
HP-2920-24G(config)# ping 192.168.1.1
192.168.1.1 is alive, time = 2 ms

DIAGRAM: - the blue is console cable

enter image description here

EDIT #2: There might be something wrong with the server, I should probably reinstall it. So now I have VLAN100 (dhcp windows server 2008) and VLANs 101, 102. XP machines connected on 101 and 102 can ping each other, ping all active ports on switch, but cannot ping the server machine. Server machine can ping ports on switch(different VLANs) but it cannot ping the XP machines. I was desperate and spent 2 days trying everything and did not think of this. Will update you if some more help needed.

EDIT #3: I've got it all working now, no idea why is it this way, but the DHCP server wont actualy contact computer on other VLANs without having static routes to them added in routing table.

ROUTE -p ADD 192.168.1.0 MASK 255.255.255.0 192.168.0.2
ROUTE -p ADD 192.168.2.0 MASK 255.255.255.0 192.168.0.2

After this everything is working like a charm. But still confused, tried even removing default gateway removing routes, nothing.. adding routes again and BAM! working again. So much pain for such a simple thing.

Cheers!

Can the machines ping the switch's other addresses? Can 192.168.1.1 ping 192.168.0.2? Can 192.168.0.1 ping 192.168.1.2? — David Schwartz, Dec 01 '14 at 12:07
Yes I can ping from hosts other vlans switch ports(x.x.x.2) Im gonna check "show ip route" and post it, did not try that yet. I thought ip routing was ennough for this setup... The plan is to have only 1 pc on each VLAN(Vlans 101-110)... so when i plug PC to port number 1 on switch it gets 192.168.1.1, when to port number 8 it gets x.x.8.1 and dhcp server should be on port 24 (or whatever other port on switch) — Koto, Dec 01 '14 at 12:17
To be clear, you are saying 192.168.1.1 cannot ping 192.168.0.1, even though both have the switch as their default gateway? Is that correct? — David Schwartz, Dec 01 '14 at 12:19
Yes, exactly. 192.168.1.1 cannot ping 192.168.0.1, it can ping 1.2 and 0.2(switch ports) but not 0.1 & 1.1. Edited post with "show ip route" table. Obviously they can ping themselves (0.1 can ping 0.1) — Koto, Dec 01 '14 at 12:41
Hmm.. weird things going on. Okey.... I was testing today only on the XP machine.. other pings.. connected 2nd laptop to switch. The results are, that XP machines can ping each other at VLAN101 and VLAN102. Winserver2008 cannot ping any of the XP machines and cannot be pinged by them. But no config changed. Gonna try out some other things as route 0.0.0.0/0 again etc. — Koto, Dec 01 '14 at 13:30
Okey, so I got to it again, using wireshark and trying things out. I've found out that adding static routes to win server solved the problem. I was sure it is enough to have default gateway set to switch IP and all be running. So for each VLAN i had to add route manualy `ROUTE ADD 192.198.x.0 MASK 255.255.255.0 192.168.x.2` Clients are getting IPs from DHCP now on other VLANs, but I'm still not sure why you have to manualy do the routes when everything pointing to switch and switch has `ip routing` enabled ? — Koto, Dec 16 '14 at 13:50
That doesn't make sense. If the server already has an IP address inside 192.168.x.0, it shouldn't need a route. And if it doesn't have an IP address inside 192.168.x.0, it shouldn't know how to reach 192.168.x.2 without a route that would also work for the rest of 192.168.x.0/24. — David Schwartz, Dec 16 '14 at 16:17

pxed · Accepted Answer · 2015-01-08T20:03:45.520

So it looks from your setup that you're using the HP 2920 as a router. In order to do this you will need to add static routes on the 2920 to allow for communication between the vlans. If you add the following to your config it should fix it. Put the route to the outside world as your default route- I put it as 1.1.1.1 for the sake of illustration, replace with whatever you need it to be (most likely the ip of your firewall, if you have one)

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 192.168.0.0 255.255.255.0 192.168.0.3
ip route 192.168.1.0 255.255.255.0 192.168.1.3
ip route 192.168.2.0 255.255.255.0 192.168.2.3

The first IP represents the network, the second is the next-hop address after the gateway. Traditionally when doing it this way, you would have the vlan interfaces on the switch set to the first IP and use that as the default gateway and the next hop address would b a .2. I've never seen the interface set as a .2, so I'm presuming next hop would be set as .3 but someone here may correct me. Eitherway, you need the routes- give it a shot.

EDIT: To further clarify, whenever you want traffic to go from one vlan (or subnet) to another it has to be routed. You can ping the different vlans from the switch because the traffic never has to leave that vlan. Its failing from 192.168.0.1 to 192.168.1.1 because they are in two different subnets and there is no route telling the traffic how to get to the other network.

score 0 · Answer 2 · edited Jul 28 '15 at 06:44

0

Seems to be a change in default behaviour: HP Q&A

With routing enabled, any VLAN that has an IP address configured is a routed VLAN. If you do not wish to have traffic routed on a particular VLAN, do not configure an IP address on that VLAN.

This is certainly how the current edge switches are set up here.

edited Jul 28 '15 at 06:44

kasperd

29,894
16
72
122

answered Jul 28 '15 at 00:01

mitch

1

HP Procurve 2920 VLANs with DHCP cannot ping

2 Answers2