Tuesday, October 3, 2017

Routing On An HPE 1920S Switch

Lured by a fantastic discount, we picked up an HPE 1920S-24G-PoE switch for a project that needed some wireline power. Now, I've used the OfficeConnect series for other situations were a layer 3 lite switch was a perfect fit. When you're doing a simple subnet and don't want to pay a bunch of money for a big ticket layer 3 switch they're a good solution.

When the time came to do the install I ran into a problem, however. I could not get the switch to route between VLANs. Nothing doing. I triple-checked all my settings, referred to other switch configs, even tried Google. This is one of the few times in my career that a Google search failed me. I have pretty good Google-Foo so this was a surprise!

It appears that, at this point (October 2017), these switches are new enough that there just aren't a lot of them deployed and so no one has posted much about them. The only forum posts I found had responses of RTFM...which is something that gives IT people a bad name. Definitely a pet peeve of mine. But I digress....

Here's my tale of woe and of redemption. How you too can implement VLAN routing on a 1920S series HPE switch without the pain of learning the hard way.

Situation

We have a department in a subnet in a remote building. Nothing special, just need to route between their VLAN and the broader network.

So we have something like this:
Network: 10.10.0.0/24
Default Gateway: 10.10.0.254
Switch IP: 10.10.0.5
Then for the subnet:
Subnet: 10.10.5.0/24
Switch IP: 10.10.5.254

Setup, Attempt 1

So I went ahead and assigned the switch IP (10.10.0.5) to VLAN 1 along with the default gateway. Next up was creating the VLAN for the subnetted network. We'll call that VLAN 10, and assigned the proper ports to VLAN 10.

So now we have ports 1-23 in VLAN 10 and port 24 in VLAN 1. The switch has the IP 10.10.5.254 in VLAN 10 and 10.10.0.5/24 in VLAN1

Next step is configuring routing. The 1920S series is pretty uncomplicated when it comes to routing. You need to enable routing globally, then you need to enable routing and administrative status for each VLAN you want routed.

Go to the Routing menu, select the Global tab. Click on Enabled under Routing mode. Then you'll want to set the Global Default Gateway. THIS is the step that started giving me problems. With VLAN 1 in 10.10.0.0/24, setting the default gateway to be 10.10.0.254 gives an error saying
"Default Gateway Next Hop Address Cannot be in the same subnet"
Oh, this is going to be a problem, isn't it? If you ignore this and leave out the default gateway you'll still have no joy. You can try adding a static default route, but that won't work either. You'll get a similar error about subnetting.

Setup, Attempt 2

"Well, maybe it doesn't like having the default gateway accessible through VLAN 1," I say to myself. After swapping IP addresses around so that VLAN 10 is now 10.10.0.5/24 and VLAN 1 is on 10.10.5.0/24 I attempted to assign the Global Default Gateway again. Still no go. Same error about next hop address. I did note that I could ping 10.10.5.254 from VLAN 1 and I could ping 10.10.0.5 from VLAN 10 but pinging through to the other VLAN was not working.

Cause and Solution

The cause of the problem is the way the 1920S series wants to handle VLAN 1. It really treats VLAN 1 as a management VLAN and would rather you didn't use it for routing. My solution was to assign a bogus IP address to VLAN 1, create another VLAN and assign my network IP (10.10.0.5) to that VLAN. Once you enable routing on that VLAN you'll find everything working and routing.

In the end,  here's the configuration I came out with:

VLAN 1: 10.8.0.1/24
VLAN 10: 10.10.0.5/24
VLAN 11: 10.10.5.254/24
Global Default Gateway: 10.10.0.254

Moral of the Story

The 1920S is a good value for what you get. Just be prepared to ignore VLAN 1 if you need to route between VLANS and you're not using an isolated VLAN for switch management. I know this would be the best practice but sometimes you have to work with what you've got.

Tuesday, October 27, 2015

Ghosts of the Past

Another Outlook reminder popped up on my screen this morning. Wasn't mine; Apparently Katie and Chris got married a few years ago. I have no connection with these people except through my predecessor who passed away earlier this year. It's an awkward sort of thing to be reminded of someone else's life especially one that you had no part of.

I keep that data around because every so often there's something we need from it. So I continue to get a little reminder now and again of his life.

This isn't a new thing - +Chris Dancy has spoken quite a bit about what happens after our physical presence shuffles off but our digital persona continues to live on. My dad passed away just over 2 years ago and his digital, postal, and financial identities still interact with me on a regular basis. These interactions sometimes press upon you like a haunting. It's something like those social media interactions that feel more like an assault than a social exchange. You're not prepared for it as they come out of the blue.

The lesson I take from all of this is to take a more mindful approach to what I do digitally. From code comments to Facebook posts, the data you produce can improve life for those you leave behind or tear them down. It's not just a legacy, it's the YOU that you create to interact with everyone for a very long time.

Wednesday, October 14, 2015

Give The Data To The People

Because I'm one of those last-minute sort of people I was hurriedly trying to figure out if my property taxes had been paid. Really Oct 15th is, like, tomorrow so this is really ahead of the game for me. Naturally the first place to look is my financial institution since my mortgage is setup with escrow. Easy, right?

Nope. After instant messaging with a representative (Great service by the way Kari. Thanks!) the only way for me to check my escrow balance is via my statements. I know that they have that information in their systems. It's not a difficult thing to find. They could send an email notification when the escrow got paid...that'd be cool. How about an app that would notify me when escrow items were paid? I'd use it.

Even after being assured by the rep that my taxes had been paid I still wanted to verify (trust but verify - rule of thumb for all vendor interactions). How could I do this without going to a branch and asking for the proper screen to be brought up? Then my memory finally caught up....my County's website.

Brown County here in MN has a pretty good GIS and Property website. It's evolved quite a bit through the years and there's a great tie-in with their property records system. Looked up my property and, boom, no taxes due. Easy peasy. 


Such a simple thing. The data's sitting there in the database along with all the other property data. No earth-shattering innovations but it saved me time and saved an employee's time to interact with me for something that wasn't all that important. I'm just being thorough and it's not their job to help me with my trust issues.

The data's there. Give it to the people and you'll make their lives easier and you might just make them happy (or as happy as anyone can be with government maybe).