Need vlan and cable modem help from the experts on anandtech!

[IBuyUFO]

I have an HP A5120-48G SI switch that has 48 ports in my home office. What I'm trying to do is to have 2 cable modems connected to the switch. I've created 2 vlans (Vlan1 and Vlan2). Vlan1 contains 32 untagged ports. The internet connection comes from the router which has the cable modem connected to it. The router is connected to vlan port 1 and it's taking care of all the dhcp requests. It's assigning 192.168.1 ips and this part works fine.

Vlan2 has ports 33 to 48 and are also untagged. The cable modem is connected straight into port 33 and any computer connected to any of the other ports in the vlan2 range is assigned a 24.xxx.xxx.xxx ip from comcast. This is the part that doesn't work correctly. If there is any internet it's very slow or not working at all.

So does anyone know what I did wrong? I am not too experienced with setting up these vlans and switches of this caliber. Thanks!

 

[ShagglestheLion]

are you allowed to make firmware updates with that on

hp's site?

 

[IBuyUFO]

are you allowed to make firmware updates with that on

hp's site?

Yeah you can download the firmware updates from HP.

https://h10145.www1.hp.com/download...?ProductNumber=JE072A&lang=&cc=&prodSeriesId=

 

[kevnich2]

I have an HP A5120-48G SI switch that has 48 ports in my home office. What I'm trying to do is to have 2 cable modems connected to the switch. I've created 2 vlans (Vlan1 and Vlan2). Vlan1 contains 32 untagged ports. The internet connection comes from the router which has the cable modem connected to it. The router is connected to vlan port 1 and it's taking care of all the dhcp requests. It's assigning 192.168.1 ips and this part works fine.

Vlan2 has ports 33 to 48 and are also untagged. The cable modem is connected straight into port 33 and any computer connected to any of the other ports in the vlan2 range is assigned a 24.xxx.xxx.xxx ip from comcast. This is the part that doesn't work correctly. If there is any internet it's very slow or not working at all.

So does anyone know what I did wrong? I am not too experienced with setting up these vlans and switches of this caliber. Thanks!

I assume you do know that any computer with a public IP on your VLAN 2 is pretty much wide open on the internet with zero firewall protection, correct? I would recommend obtaining another router for your vlan 2 cable modem and plug the cable modem into that and use the router, it'll probably take care of your speed issues. Just to clarify - on your vlan 2 cable modem from comcast, how many IP's do you have from comcast and what exact model of modem are you using? How many computers do you have, simultaniously on your vlan 2?

Just out of curiosity - what is the purpose of having your LAN setup this way anyway?? What reasons do you have for it?

 

[Mushkins]

Vlan2 has ports 33 to 48 and are also untagged. The cable modem is connected straight into port 33 and any computer connected to any of the other ports in the vlan2 range is assigned a 24.xxx.xxx.xxx ip from comcast. This is the part that doesn't work correctly. If there is any internet it's very slow or not working at all.

This sounds like your problem right here. Your cable modem is not a DHCP server, and 24.x.x.x is not a private IP range. You would need to lease static IPs for each and every one of the devices connected to VLAN 2 and manually configure each device to use a unique static IP.

You're getting intermittent connectivity because each device is trying to steal the single IP available from that modem and it's getting passed back and forth all willy-nilly.

Gotta put another router in between the modem and VLAN2.

 

[Cabletek]

This sounds like your problem right here. Your cable modem is not a DHCP server, and 24.x.x.x is not a private IP range. You would need to lease static IPs for each and every one of the devices connected to VLAN 2 and manually configure each device to use a unique static IP.

You're getting intermittent connectivity because each device is trying to steal the single IP available from that modem and it's getting passed back and forth all willy-nilly.

Gotta put another router in between the modem and VLAN2.

This depends on what he is using, comcast only issues gateway devices for Business class, which are indeed modems and routers in one, but a business can purchase their own MODEM which is a straight bridge and use it, so long as they do not want static IP's. or at least the last time I was given the rules, this was the case. Been a few years, heard a lot of salesmen rumor talk never seen it in writing when asked though.
The only issue I can see after that is both devices will default to 10.1.10.1 ip ranges and gateway IP's if this is the case, so one device will not be distinguishable from another in which case still passed back and forth willynilly or IP confilict issues would ensue? Changing one device to 192.168.1.1 for the ip range should solve that as far as that goes, but then your on to how to determine which gateway a device will use, which is only half the problem solved.

Should this be the case he should be able to log into a device by ethernet in to one of the extra ports [it will have 4 if its not just a modem] and 10.1.10.1 in a browser get him to the login, after that cusadmin and highspeed to get to the config ui, and from there we don't touch anything in the company, his IT guy is to take over [which would appear to be him].

 

[Mushkins]

This depends on what he is using, comcast only issues gateway devices for Business class, which are indeed modems and routers in one, but a business can purchase their own MODEM which is a straight bridge and use it, so long as they do not want static IP's. or at least the last time I was given the rules, this was the case. Been a few years, heard a lot of salesmen rumor talk never seen it in writing when asked though.
The only issue I can see after that is both devices will default to 10.1.10.1 ip ranges and gateway IP's if this is the case, so one device will not be distinguishable from another in which case still passed back and forth willynilly or IP confilict issues would ensue? Changing one device to 192.168.1.1 for the ip range should solve that as far as that goes, but then your on to how to determine which gateway a device will use, which is only half the problem solved.

Should this be the case he should be able to log into a device by ethernet in to one of the extra ports [it will have 4 if its not just a modem] and 10.1.10.1 in a browser get him to the login, after that cusadmin and highspeed to get to the config ui, and from there we don't touch anything in the company, his IT guy is to take over [which would appear to be him].

Also true. I'm not sure what his ISP is or what he's really trying to accomplish, just speculating based off the information given.

If the OP wants us to find the root cause of the issue he's gonna have to go into more detail based on his overall goal and the configuration of the devices.

 

[imagoon]

The only issue I can see after that is both devices will default to 10.1.10.1 ip ranges and gateway IP's if this is the case, so one device will not be distinguishable from another in which case still passed back and forth willynilly or IP confilict issues would ensue? Changing one device to 192.168.1.1 for the ip range should solve that as far as that goes, but then your on to how to determine which gateway a device will use, which is only half the problem solved.

As long as the modems are in to seperate VLANs, other than being confusing to the end user it won't matter as the addresses exist on two different layer 2 segments and the "fake" 10.1.10.1 route wouldn't hit the other unless the end user specifically set up routes for it.

 

[IBuyUFO]

Thanks everyone for the help! Yes, later on last night after posting I realized this was a bad thing to do as anything connected to vlan2 would be exposed to the outside world. After I realized that I was going about it all wrong I did end up putting in another router with the cable modem to vlan2. My entire idea was not to use another router if I could get away with it but that wouldn't work. I was testing vlan2 and the modem with just 1 computer and the connection to the internet was very sporadic as mentioned by Mushkins before the introduction of the router.
The vlan2 side was made so it could be dedicated to my side business which is photography. I wanted to set a separate connection for the web server where clients could login to access their photos. I didn't want the home usage impact the web server. Yes, I should probably be paying for business class but I am not making that much from the side business.
You guys are really awesome with the help! Now I just need to figure out how to connect the vlans so there is access to each other.

 

[imagoon]

You would need an actual router for that or if the switch has layer 3 support, set up the proper routing rules, gateways etc.

 

[Mushkins]

You would need an actual router for that or if the switch has layer 3 support, set up the proper routing rules, gateways etc.

This. The vlans for all technical purposes are two separate networks. A router is what lets two separate networks talk to each other. You'd have to configure the proper routes and all that between the two.

 

[kevnich2]

Thanks everyone for the help! Yes, later on last night after posting I realized this was a bad thing to do as anything connected to vlan2 would be exposed to the outside world. After I realized that I was going about it all wrong I did end up putting in another router with the cable modem to vlan2. My entire idea was not to use another router if I could get away with it but that wouldn't work. I was testing vlan2 and the modem with just 1 computer and the connection to the internet was very sporadic as mentioned by Mushkins before the introduction of the router.
The vlan2 side was made so it could be dedicated to my side business which is photography. I wanted to set a separate connection for the web server where clients could login to access their photos. I didn't want the home usage impact the web server. Yes, I should probably be paying for business class but I am not making that much from the side business.
You guys are really awesome with the help! Now I just need to figure out how to connect the vlans so there is access to each other.

You could either purchase a small layer 3 capable switch (Cisco 300 series small business series I think does this for around $300 or so) or purchase a sonicwall firewall for around $500 and use one interface for one of your vlan's and another interface for the other one, you could tell the firewall through it's access rules which vlan has access to what. Not sure what you're budget is for something like that.