I was asked to take a look at an HP network the other day where a new camera system was being installed. They asked me to create a new VLAN for the cameras and get the ports set up. The camera installer was bringing their own PoE switches to run the cameras. I just needed to provide a port untagged in the new VLAN. I did as they asked and those little switches they brought are pingable on the new VLAN only. And the only way I could even get that to happen was to create a VLAN interface with an IP in the new VLAN on each switch these camera switches uplinked. I have tried everything I can think of. I am including a few configs and a drawing.
CORE Startup configuration: 409 ; J8698A Configuration Editor; Created on release #K.15.06.0017 ; Ver #02:10.0d:1f hostname "Core-E5412zl" time timezone -360 time daylight-time-rule Continental-US-and-Canada module 1 type J9534A module 2 type J9637A module 3 type J9534A module 4 type J9535A module 5 type J9534A module 6 type J9534A module 7 type J9534A interface A1 name "Cisco_Port_FE0/1" exit interface A2 name "VS4000_Shoretel" exit interface A3 name "Mirror_LanA" exit interface A4 name "Dell-R300-Shoretel" exit interface A5 name "Mirror_LanB" exit interface A6 name "Dell_T620_10.0.1.5" exit interface A7 name "Shoretel_Low-Rt" exit interface A8 name "HP-MSM760-P2" exit interface A9 name "Shoretel_Low-Lft" exit interface A10 name "Wire_69" exit interface A11 name "Shoretel_VC-20" exit interface A12 name "Engenius_AP_FF" exit interface A13 name "Shoretel_Spare-Cable" exit interface B17 name "Port 45 HS Top HP 48" exit interface B18 name "Port 21 ISS HP 24" exit interface B19 name "Port 47 @ Rock Bld HP 48" exit interface B20 name "Port 21 Elementary Gym" exit interface B21 name "Port 21 Admin HP 24" exit interface B22 name "Port 21 Work Room HP 24" exit interface B23 name "Port 21 Transportation HP 24" exit interface B24 name "Port 45 Lower Elem HP 48" exit trunk A24 Trk1 Trunk trunk B19 Trk2 Trunk ip default-gateway 10.0.0.1 ip routing vlan 1 name "DEFAULT_VLAN" untagged A1-A23,B1-B18,B20-B24,Trk2 ip address 10.0.15.1 255.255.240.0 no untagged C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,Trk1 exit vlan 100 name "MediaCenter" untagged C1-C24,D1-D24,E1-E24,F1-F24,G1-G24 ip helper-address 10.0.10.1 ip address 10.1.0.1 255.255.254.0 exit vlan 110 name "Admin" ip helper-address 10.0.10.1 ip address 10.1.2.1 255.255.254.0 tagged B21 exit vlan 120 name "HS" ip helper-address 10.0.10.1 ip address 10.1.4.1 255.255.254.0 tagged B17 exit vlan 130 name "Maintenance" ip helper-address 10.0.10.1 ip address 10.1.6.1 255.255.254.0 tagged B18,B20,B23 exit vlan 140 name "Rock" ip helper-address 10.0.10.1 ip address 10.1.8.1 255.255.254.0 tagged B22,Trk2 exit vlan 150 name "LowerElem" ip helper-address 10.0.10.1 ip address 10.1.10.1 255.255.254.0 tagged B24 exit vlan 500 name "Security" untagged Trk1 ip helper-address 10.0.10.1 ip address 172.16.100.1 255.255.255.0 tagged B17-B18,B20-B24,Trk2 exit mirror 1 port A3 timesync sntp sntp unicast sntp server priority 1 96.226.242.9 sntp server priority 2 199.7.177.206 ip timep dhcp interval 30 ip route 0.0.0.0 0.0.0.0 10.0.0.1 router rip redistribute connected enable exit interface A1 monitor all both mirror 1 exit snmp-server community "public" unrestricted spanning-tree spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 no autorun no dhcp config-file-update no dhcp image-file-update password manager
Rock Startup configuration: ; J9148A Configuration Editor; Created on release #W.14.38 hostname "RockBldg-2910al-48G-PoE" time timezone -360 time daylight-time-rule Continental-US-and-Canada module 1 type J9148A module 2 type J9165A module 3 type J9165A interface 19 speed-duplex auto-100 exit interface 45 name "Port 21 @ Cafe HP 24" exit interface 47 name "LC Port B19 HP Core" exit interface 48 name "24 Port HP Below" exit trunk 45 Trk1 Trunk trunk 47 Trk2 Trunk ip default-gateway 10.0.15.1 vlan 1 name "DEFAULT_VLAN" untagged 1,48-A1,B1,Trk1-Trk2 ip address 10.0.15.2 255.255.240.0 no untagged 2-44,46 exit vlan 140 name "VLAN140" untagged 2-44 ip address 10.1.8.2 255.255.254.0 tagged 48,Trk1-Trk2 exit vlan 500 name "Security" untagged 46 ip address 172.16.100.104 255.255.255.0 tagged 48,Trk1-Trk2 exit timesync sntp sntp unicast sntp server priority 1 199.7.177.206 3 sntp server priority 2 50.7.64.4 3 snmp-server community "public" unrestricted snmp-server location "Rock Building Principal's Office" spanning-tree spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 no tftp server no autorun password manager
Cafe Startup configuration: ; J9146A Configuration Editor; Created on release #W.15.14.0007 ; Ver #05:18.63.ff.35.05:b1 hostname "CAFE-HP-2910al-24G-PoE" module 1 type j9146a module 2 type j9008a module 3 type j9008a trunk 24 trk1 trunk trunk 21 trk2 trunk timesync sntp sntp unicast sntp server priority 1 199.7.177.206 sntp server priority 2 50.7.64.4 time daylight-time-rule continental-us-and-canada time timezone -360 ip default-gateway 10.0.15.1 interface 5 disable exit interface 21 name "Port 45 on Rock Building HP_48" exit snmp-server community "public" unrestricted snmp-server location "Cafeteria Office" vlan 1 name "DEFAULT_VLAN" no untagged 1-20,Trk1 untagged 22-23,A1-A2,B1-B2,Trk2 ip address 10.0.15.15 255.255.240.0 exit vlan 140 name "VLAN140" untagged 1-20 tagged Trk2 ip address 10.1.8.4 255.255.254.0 exit vlan 500 name "Security" untagged Trk1 tagged 5,Trk2 no ip address exit spanning-tree spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 no tftp server no autorun no dhcp config-file-update password manager
I have since removed the trunk groups I created since they didn't have any in the first place. I like to use them just because I know its a trunk that way without having to look thru the VLANs to see if it has multiple tags.
Again, the little camera switches are reachable from VLAN 500 only but the VLAN interfaces I built on VLAN 500 are reachable from all VLANs. I've been looking at this for two days and just can't think about it anymore. But if I don't get this figured out today I will have to make a 2 hr drive to the site tomorrow, so I am hoping someone here can help me out.
No comments:
Post a Comment