ProCurve 2910al-48G-PoE+ (J9148A) configuration

Question

I'm (re-)configuring a ProCurve 2910al-48G-PoE+ (J9148A). Although I thought I had a reasonable understanding of routing etc, I've never done this with enterprise hardware. I can't seem to make the switch work the way I want.

Here's the situation:

I'm using the 2910al as a switch/router that has port 1 connected to another switch that is connected to the internet. This other switch is configured to provide any router that is attached to its port 0 the following through DHCP:

IP Address: 89.188.30.198 
Netmask: 255.255.255.252 
Gateway: 89.188.30.197

I then want the 2910al to do the routing from there on, for 2 separate VLANs. Ports 3-24 are in VLAN 10 (Dep1), and ports 25-36 in VLAN 20 (Dep2). (Ports 37-48 are still in DEFAULT_VLAN, VLAN 1, and unused, as is VLAN 20 for now).

VLAN 10 (Dep1) has 5 WiFi Access Points connected to it, yet to be configured.

I've configured the switch through a console connection as follows (output from show run):

Running configuration:

; J9148A Configuration Editor; Created on release #W.14.38

hostname "ProCurve 2910al-48G-PoE Switch"
time timezone 1
time daylight-time-rule Western-Europe
module 1 type J9148A
interface 1
   name "WAN"
exit
interface 3
   name "AP1"
exit
interface 4
   name "AP2"
exit
interface 5
   name "AP3"
exit
interface 6
   name "AP4"
exit
interface 7
   name "AP5"
exit
ip default-gateway 89.188.30.197
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-2,37-48
   ip address dhcp-bootp
   no untagged 3-36
   exit
vlan 10
   name "Dep1"
   untagged 3-24
   ip address 172.0.1.1 255.255.255.0
   exit
vlan 20
   name "Dep2"
   untagged 25-36
   ip address 172.0.2.1 255.255.255.0
   exit
web-management ssl
ip route 0.0.0.0 0.0.0.0 89.188.30.197
snmp-server community "company" unrestricted
snmp-server contact "team@company.com" location "City"

show ip returns this:

 Internet (IP) Service

  IP Routing : Enabled


  Default TTL     : 64
  Arp Age         : 20
  Domain Suffix   :
  DNS server      :

  VLAN                 | IP Config  IP Address      Subnet Mask     Proxy ARP
  -------------------- + ---------- --------------- --------------- ---------
  DEFAULT_VLAN         | DHCP/Bootp 89.188.30.198   255.255.255.252 No
  Dep1                 | Manual     172.0.1.1       255.255.255.0   No
  Dep2                 | Manual     172.0.2.1       255.255.255.0   No

show ip route:

                               IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          89.188.30.197   1    static               1          1
  89.188.30.196/30   DEFAULT_VLAN    1    connected            1          0
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0
  172.0.1.0/24       Dep1            10   connected            1          0

I think I should be close to a working configuration, but I'm still doing something wrong, as none of the ports provide a network connection, let alone internet.

I've tried following the HP ProCurve 2910al Switches Installation and Getting Started Guide, and the more in-depth HP 2910al ProCurve Switches Management and Configuration Guide , to no avail.

What am I missing?

Answer 1

Short answer: no go.

The 2910al is a layer 3 switch, meaning it can't do any NAT between private and public IP addresses - that would require a layer 4+ switch. So, need another router for NAT.

I'm assuming you're trying to use 172.0.0.0/16 for private addresses, which they actually aren't (they belong to AT&T). You'll need to use proper private IP addresses from RFC 1918 like 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8. Otherwise, your LAN clients won't be able to connect to those AT&T addresses if they wanted to.

Basically, you can route between e.g. 172.16.1.0/24 and 172.16.2.0/24 on the 2910al at wire speed but you'll also require a NAT router for Internet access. In case you run your WAN link on a VLAN connected via the 2910al you should not configure an IP address on the VLAN to prevent any form of routing - the 2910 is no firewall.

By the way, you might also want to update the firmware. W.14.38 is ancient (2010?). The current and possibly final version is W.15.14.0018 (05/2020).