Tuesday, October 3, 2017

Routing On An HPE 1920S Switch

Lured by a fantastic discount, we picked up an HPE 1920S-24G-PoE switch for a project that needed some wireline power. Now, I've used the OfficeConnect series for other situations were a layer 3 lite switch was a perfect fit. When you're doing a simple subnet and don't want to pay a bunch of money for a big ticket layer 3 switch they're a good solution.

When the time came to do the install I ran into a problem, however. I could not get the switch to route between VLANs. Nothing doing. I triple-checked all my settings, referred to other switch configs, even tried Google. This is one of the few times in my career that a Google search failed me. I have pretty good Google-Foo so this was a surprise!

It appears that, at this point (October 2017), these switches are new enough that there just aren't a lot of them deployed and so no one has posted much about them. The only forum posts I found had responses of RTFM...which is something that gives IT people a bad name. Definitely a pet peeve of mine. But I digress....

Here's my tale of woe and of redemption. How you too can implement VLAN routing on a 1920S series HPE switch without the pain of learning the hard way.

Situation

We have a department in a subnet in a remote building. Nothing special, just need to route between their VLAN and the broader network.

So we have something like this:
Network: 10.10.0.0/24
Default Gateway: 10.10.0.254
Switch IP: 10.10.0.5
Then for the subnet:
Subnet: 10.10.5.0/24
Switch IP: 10.10.5.254

Setup, Attempt 1

So I went ahead and assigned the switch IP (10.10.0.5) to VLAN 1 along with the default gateway. Next up was creating the VLAN for the subnetted network. We'll call that VLAN 10, and assigned the proper ports to VLAN 10.

So now we have ports 1-23 in VLAN 10 and port 24 in VLAN 1. The switch has the IP 10.10.5.254 in VLAN 10 and 10.10.0.5/24 in VLAN1

Next step is configuring routing. The 1920S series is pretty uncomplicated when it comes to routing. You need to enable routing globally, then you need to enable routing and administrative status for each VLAN you want routed.

Go to the Routing menu, select the Global tab. Click on Enabled under Routing mode. Then you'll want to set the Global Default Gateway. THIS is the step that started giving me problems. With VLAN 1 in 10.10.0.0/24, setting the default gateway to be 10.10.0.254 gives an error saying
"Default Gateway Next Hop Address Cannot be in the same subnet"
Oh, this is going to be a problem, isn't it? If you ignore this and leave out the default gateway you'll still have no joy. You can try adding a static default route, but that won't work either. You'll get a similar error about subnetting.

Setup, Attempt 2

"Well, maybe it doesn't like having the default gateway accessible through VLAN 1," I say to myself. After swapping IP addresses around so that VLAN 10 is now 10.10.0.5/24 and VLAN 1 is on 10.10.5.0/24 I attempted to assign the Global Default Gateway again. Still no go. Same error about next hop address. I did note that I could ping 10.10.5.254 from VLAN 1 and I could ping 10.10.0.5 from VLAN 10 but pinging through to the other VLAN was not working.

Cause and Solution

The cause of the problem is the way the 1920S series wants to handle VLAN 1. It really treats VLAN 1 as a management VLAN and would rather you didn't use it for routing. My solution was to assign a bogus IP address to VLAN 1, create another VLAN and assign my network IP (10.10.0.5) to that VLAN. Once you enable routing on that VLAN you'll find everything working and routing.

In the end,  here's the configuration I came out with:

VLAN 1: 10.8.0.1/24
VLAN 10: 10.10.0.5/24
VLAN 11: 10.10.5.254/24
Global Default Gateway: 10.10.0.254

Moral of the Story

The 1920S is a good value for what you get. Just be prepared to ignore VLAN 1 if you need to route between VLANS and you're not using an isolated VLAN for switch management. I know this would be the best practice but sometimes you have to work with what you've got.