Re: Procurve 2910 VLAN routing (546 Views)
Reply
Advisor
Dennes Meeusen
Posts: 28
Registered: ‎10-13-2005
Message 1 of 4 (590 Views)

Procurve 2910 VLAN routing

[ Edited ]

Question,

I have a Procurve 2910al switch as a "core" switch. Attached to this switch are my servers (untagged VLAN1) and 4 other switches all attached to ports untagged in their own VLANs2-5. So i have dedicated switches for workstations, printers, wifi etc. all untagged ports each in their own private subnets.

Also attached to the 2910 is a Cisco ASA firewall.

I enabled ip routing on the switch and setup ip addresses for all the VLANs.

Now to enable all the VLANs to access the internet, do i just create a default route on the 2910 to route 0.0.0.0 0.0.0.0 192.168.100.1 (the address of the Cisco on VLAN1)? And do i need to additionally enable NAT for every subnet on the Cisco?

And do i need to make the uplink to the Cisco tagged in all VLANs? No, right? Because i want the switch to do the inter VLAN routing.

 

Thanks,

Dennes

Please use plain text.
Trusted Contributor
Vince_Whirlwind
Posts: 401
Registered: ‎02-25-2013
Message 2 of 4 (566 Views)

Re: Procurve 2910 VLAN routing

You are correct that you don't want your VLAns trunked to the Cisco.

 

Additionally, your link to the Cisco should not be in the same VLAN as all your server hosts.

Please use plain text.
Advisor
Dennes Meeusen
Posts: 28
Registered: ‎10-13-2005
Message 3 of 4 (556 Views)

Re: Procurve 2910 VLAN routing

OK, but Cisco not in same VLAN as servers, for security reasons? Because if i put them in another VLAN/subnet, i'll probably have to change all the NAT/PAT rules in the Cisco.

 

Just one final question. In the Cisco, do i only setup NAT for the (private)subnet that it is directly attached to, or do i have to put a NAT rule for every subnet/VLAN in it? I'd think i dont have to, but just want to make sure.

 

Thanks,

Dennes

Please use plain text.
Trusted Contributor
Vince_Whirlwind
Posts: 401
Registered: ‎02-25-2013
Message 4 of 4 (546 Views)

Re: Procurve 2910 VLAN routing

Put the link to the Cisco in another subnet: a point-to-point link is how you should join layer-3 devices.

 

I'm not sure about your NATing question. Presumably you need a NAT rule for any subnet you want to enable for internet access.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation