Wired Intelligent Edge

Greetings everyone,

I'm having some trouble on creating two very basic configs on HP 1920s: 1- internet port router share between many vlans; 2- intervlan connection.

Here is the scenario: I have 10 VLANs (1-10 -> say 10.10.01.YY, 10.10.02.YY, ...). In one port of VLAN 10 (say p23)  I have my ISP route connection wich I need to share between almost all others VLAN. I've already tried to add routing and ACL but nothing works i.e. I only ping the other resources (Untagle) on the same VLAN.

On ISP port I also set it as Tagged and applyed to each VLAN that shall use it.

Any example will be very appreciated since almost everything that I've tried did not work for me. Tks

Hi RafaelV, I suggest you another approach: use your first ten VLANs - VLAN 1, 2, 3, 4, 5, 6, 7, 8, 9 and 10 (those related to 10.10.x.0/y subnets where x = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 as per your example and y represents the mask value owned by each subnet). Create the eleventh VLAN and assign to it one of two possible addresses of the Subnet 10.10.255.252/30 (Subnet Mask /30 = 255.255.255.252)...so, as example, assign to VLAN 255 (just to have a matching with the third octect, as above) the IP Address 10.10.255.254 (/30). Once done configure the Route of Last Resort (0.0.0.0/0.0.0.0 to 10.10.255.253) route on your HPE 1920S so it will point to your Router's LAN interface, change your Router's LAN interface in order to tag its packets with the VLAN id = 255 (this would be generally achieved by creating a VLAN subinterface with VLAN id = 255 starting from your Router's LAN and, once done, assign to that subinterface the IP Address 10.10.255.253 with Subnet Mask 255.255.255.252). On your Router define as many static routes as many Switch's subnets it needs to be able to route the traffic back (example: add the static route to 10.10.2.0/y subnet via the VLAN 255 IP address 10.10.255.254...which is the IP Address of your "Core" Switch HPE 1920S seen by your Router on the only one VLAN they can talk through). Basically all this was made to let your HPE 1920S Switch and your Router to speak through a Transit VLAN (here VLAN id 255) which is related to a very tiny subnet that admit only them. Your Switch to speak with the "external" world will use the Last Resort Route to route all non-local traffic to your Router and, viceversa, your Router will do the same back with the help of its static routes (those help your Router to find the way to your Switch's internal VLANs). Hope it is clear. 

Now - to cope with what was done on your Router's LAN - on the HPE 1920S Switch configure the uplink port to your Router's LAN to be a tagged member of the very same VLAN id 255 (you could remove any VLAN id 1 untagging membership for that port). That's all. Now your Switch and your Router are one-to-one connected through your uplink using tagged traffic and on that segment there are only them and them only. The Switch knows how to reach your Router for all traffic destinations it doesn't own and your Router knows how to reach back VLANs routed by your Switch.

An host connected to a port untagged member of VLAN ids 1-10 (or 2-10 if you want to exclude VLAN id =1 which is the default) once has proper IP addressing (its default gateway should be the VLAN's IP Address of the VLAN it was landed into) will be able to reach your Router 10.10.255.253 and any network behind it (so potentially Internet if your Router connect you to Internet)....while being able to reach any other host on any other internal VLAN (provided that that remote host has a proper IP address configuration applied).

So to recap:

• HPE 1920S needs to have IPv4 Routing feature enabled
• VLAN ids defined on HPE 1920S need to have their IP Addresses well specified
• a particular VLAN id will be used as Transit VLAN to route traffic between your Switch and your Router 
• the Router's LAN need to be configured to match the Switch's uplink port (both in terms of VLAN tagging and IP addressing).
• HPE 1920S will be responsible of all inter-VLAN routing
• a Last Resort Route will route traffic to non local destinations to your Router using its Transit VLAN IP address as next hop
• static routes on your Router will route traffic to your local VLANs through your Switch IP address on Transit VLAN

ACL on your internal VLANs can be deployed over that. It works.

Greetings Parnassus and I'm sorry for the late reply. I’m struggling to get correct route configs on HP1920S… let me explain what I have so far:

• As suggested I’ve created 11 VLANs, where the first 10 (VLAN 1, VLAN 2,…, VLAN 10) has assigned IP addresses 10.10.X.Y/32 (where X Is the VLAN ID). All those, points to VLAN default GW 10.10.X.1/32, configured on HP1920 GUI (Routing Menu à Configuration à VLAN/Interface Configuration. Select the VLAN, Enable Admin and Routing Mode and finally set IP Address Configuration Method to Manual and gave the specific IP to the VLAN interface, ie. 10.10.X.1/32). So far so good. If I put a host on these VLAN, I can ping the default gateway flawlessly. However I cannot ping external hosts (ie 8.8.8.8) and I suppose the problem is related to the config below;
• The eleventh VLAN was assigned to the IP 10.10.255.253/30 on port 23 of my HP1920 switch. It connects to 10.10.255.254/30 IP of my router (Pfsense without any firewall rules applied). The problem here is, since I’m using port 23 interface, I cannot tag this interface (the switch does not accept tag the interface on VLAN 255 using GUI). On the other hand, if I use the VLAN interface as 10.10.255.254/30, I can tag this VLAN traffic but I lose the connection between Pfsense and HP1920 (all packets starts to get lost).

If I maintain the port 23 assigned to IP 10.10.255.254/30 I cannot ping hosts from my router (only default gw) and if I assign VLAN 255 the IP 10.10.255.254, I lose my route between then (no gateway on pfsense).

I’m almost certain that my config issue is related to the tag config issue presented, however I’m not understand the logic of VLAN/Port interface configuration and for now, I cannot get it working. Any thoughts about what is going on and if it is related to the tag misconfiguration, the correct config for this?

Tks

Greetings Parnassus, still got any luck on this matter... Is there any HP 1920 configuration tip that you can give to solve this one? tks

Hi! have you solved?