Switching

I am having trouble getting my truck properly configured I have an HP Procurve 2990 that sits between my Juniper Ex2200 and my router. I have 2 VLANs setup on each 1, 10. When connected to 1 (default) I can get to everything I need to through the trunk. When I'm connected to VLAN 10 I can ping the Juniper interface (which I'm connected directly to). I can ping the management interface of the Procurve (which I'm connected to through the trunk). I cannot ping my firewall through the trunk or anything on the other side of the trunk other than the Procurve management interface IP. I will post my configs below. Any help is greatly appreciated.

Procurve:

Startup configuration:

; J9050A Configuration Editor; Created on release #T.11.X1

hostname "ProCurve Switch 2900-48G"

module 3 type J90XXA

trunk 1 Trk1 Trunk

ip default-gateway 192.168.1.1

snmp-server community "public" Unrestricted

vlan 1

   name "DEFAULT_VLAN"

   untagged 2-45,A1-A4,Trk1

   ip address 192.168.1.2 255.255.255.0

   no untagged 46-48

   exit

vlan 10

   name "WLAN"

   ip address 192.168.15.2 255.255.255.0

   tagged 46-48,Trk1

   exit

spanning-tree Trk1 priority 4

ProCurve Switch 2900-48G#

Ex2200:

## Last changed: 2013-08-21 08:59:00 CDT
version 11.4R7.5;
system {
    host-name EX2200;
    time-zone America/Chicago;
    root-authentication {
        encrypted-password "$1$glKqXEv9$cyTizFQddjO9QzzQkdP0X1";
    }
    services {
        ssh {
            protocol-version v2;
        }
        telnet;
        netconf {
            ssh;
        }
        web-management {
            http;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members all;
                }
                native-vlan-id default;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/16 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/17 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/18 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/19 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/20 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/21 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/22 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/24 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/25 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/26 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/27 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/28 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/29 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/30 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/31 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/32 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/33 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/34 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/35 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/36 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/37 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/38 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/39 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/40 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/41 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/42 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/43 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/44 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/45 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/46 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members 10;
                }
            }
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members 10;
                }
            }
        }
    }
    ge-0/1/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    me0 {
        unit 0 {
            family inet {
                address 192.168.254.254/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.5/24;
            }
        }
        unit 1 {
            family inet {
                address 192.168.15.3/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.1.1;
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    storm-control {
        interface all;
    }
}
vlans {
    WLAN {
        vlan-id 10;
        l3-interface vlan.1;
    }
    default {
        vlan-id 1;
        l3-interface vlan.0;
    }
}

This KB explains what's going on...

https://kb.juniper.net/InfoCenter/index?page=content&id=KB17419

This part of your config:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members all;
                }
                native-vlan-id default;
            }
        }
    }

You have the default VLAN as both a tagged and untagged (native-vlan-id) on this port, so the EX is going to accept both tagged and untagged frames on VLAN 1, but will send frames out TAGGED (per the KB).

If you take the default VLAN out of the tagged members, it should work as you expect:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members WLAN;
                }
                native-vlan-id default;
            }
        }
    }

Thank you for the quick response. I have made the change and the trunk is still up, but I will not be able to test the WLAN until I get onsite. Again thank you for your help! I will make as solution as soon as I get onsite and verify VLAN 10 is working properly!

-jb

I am still unable to get any traffic on the other side of the trunk on my VLAN 10 (15.x subnet). I will elaborate on my network if it will help. I have a workstation on VLAN 10 with an IP of 15.200. I can ping 15.3 and 15.2 but I cannot get any traffic past 15.2. Everything works through the trunk on the 1.x subnet.

Sonicwall Tz210

X0 - 192.168.1.x - to Procurve (port 3) default vlan (VLAN 1)

X1 - WAN

X4 - 192.168.15.x - to procurve (port 45) WLAN (VLAN 10)

HP Procurve

Port 1 - trunk to juniper ge-0/0/0

Ports 2 - 45 - default VLAN (VLAN 1)

   VLAN IP 192.168.1.2

Ports 46-48 - WLAN (VLAN 10)

   VLAN IP 192.168.15.2

Juniper

Port 0 - trunk to Procurve (port 1)

   VLAN IP - 192.168.1.5

Port 1 - 45 - default VLAN (VLAN 1)

   VLAN IP - 192.168.15.3

Port 46, 47 - WLAN (VLAN 10)

Here's the new trunk config part of my juniper.

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members WLAN;
                }
                native-vlan-id default;
            }
        }
    }

Well I think I've narrowed it down to something on the Procurve VLAN 10. I can connect 2 devices directly into the ports that are part of the same VLAN 10 on the procurve and they cannot ping each other. I can connect the same devices into VLAN 10 directly into the Juniper and they work fine.

Any ideas?

---

@drago354 wrote:

Well I think I've narrowed it down to something on the Procurve VLAN 10. I can connect 2 devices directly into the ports that are part of the same VLAN 10 on the procurve and they cannot ping each other. I can connect the same devices into VLAN 10 directly into the Juniper and they work fine.

---

Well... this is a Juniper support forum and it's been a while since I've had a ProCurve in front of me...  

I don't think you want a "trunk" port configured on the ProCurve.  I don't think it means what I think you think it means.  A "trunk" in this context means a LAG or aggregation port, LACP/802.3ad, etc.

Confusing terminology -- yes.  No doubt.

You've got a few problems, it looks like...

Your descriptions say that the Sonicwall X4 interface goes to HP port 45 on VLAN 10, but your Procurve description says port 45 is part of VLAN 1.  You've got ports 46-48 tagged in VLAN 10 on the HP, but no untagged ports.  Do ports 46-48 connect to another switch?

How about if you cleaned up your topology and configs a bit... maybe your topology could look something like this:

                         (WAN)
                           |
         |-----------|---(X1)
         | Sonicwall |
   -(X0)-|-----------|-(X4)-
   |                       |
   |(VLAN 1)      (VLAN 10)|
   |                       |
   ---(2)--|-----------|--(3)
           | Procurve  |
      (1)--|-----------|--(4-45)--(VLAN 1)--[...]
       |            |
       |(Trunk)     ----(46-48)--(VLAN 10)--[...]
       |
      (0)--|-----------|
           |  EX2200   |
           |-----------|--(1-45)--(VLAN 1)--[...]
                    |
                    ----(45-47)--(VLAN 10)--[...]

You can (from what I can see) delete the trunk port config on the ProCurve and the cleaned up ProCurve config would look like this:

vlan 1
   name "DEFAULT_VLAN"
   untagged 1-2,4-45,A1-A4
   ip address 192.168.1.2 255.255.255.0
   exit
vlan 10
   name "WLAN"
   ip address 192.168.15.2 255.255.255.0
   untagged 3,46-48
   tagged 1
   exit

Based on that, your description of your network now looks like this:

Sonicwall Tz210
X0 - 192.168.1.x - to Procurve port 2 (VLAN 1 - default VLAN)
X1 - WAN
X4 - 192.168.15.x - to Procurve port 3 (VLAN 10 - WLAN)
 
HP Procurve
Port 1 - trunk to juniper ge-0/0/0
Port 2 - to Sonicwall X0 (VLAN 1 - default VLAN)
Port 3 - to Sonicwall X4 (VLAN 10 - WLAN)
Port 4-45 - to end stations/clients (VLAN 1 - default VLAN)
            (VLAN 1 IP 192.168.1.2)
Port 46-48 - to end stations/clients (VLAN 10 - WLAN)
            (VLAN 10 IP 192.168.15.2)
 
Juniper
ge-0/0/0 - trunk to Procurve port 1
ge-0/0/1 - ge-/0/0/45 - to end stations/clients (VLAN 1 - default VLAN)
                        (VLAN 1 IP - 192.168.1.5)
ge-0/0/46 - ge-0/0/47 - to end stations/clients (VLAN 10 - WLAN)
                        (VLAN 10 IP - 192.168.15.3)

Now you've got another problem... your EX is going to want to route between VLANs 1 and 10, because you've configured L3 interfaces on both VLANs.  I think, based on what I'm seeing, that you want your Sonicwall to do the routing and your switches to just be switches.

Assuming your gateways on the client machines point to the Sonicwall, this shouldn't cause a major issue, but it can certainly start to get confusing on down the line.  I'd recommend that eventually you set your EX to only have an IP on one VLAN, just so that you can access it for management via SSH/etc.

I got it figured out. Everything is working great now, thank you for your help. The last problem was fixed but making the tagged ports untagged on the Procurve. I thought it was a problem with my juniper config but it ended up being all on the Procurve. Again, thank you for your help, I truly appreciate it.

The only way I can get to the VLAN 10 management Ip on the procurve is through the trunk. I cannot access it through the vlan directly on the procurve.