I would like to replace a simple five port unmanaged desktop switch with a VLAN on our HP 5406 zl. I need to distribute our Internet connection to two firewalls and figured I could do with one less piece of hardware running on the rack and use a VLAN instead of the aforementioned desktop switch. I set up the VLAN and it works, but it times out every 10 packets or so when I ping an external site. If I plug the Internet line into a physical five port switch and bypass the 5406 altogether, everything works fine. So, it seems to have something to do with the VLAN. Tracert follows the correct (and the same) route when I'm using the VLAN and when I'm using the desktop switch.
I do not want other VLANs on the switch to be able to route to/from this VLAN, so I didn't give it an IP address. I just want it to blindly pass traffic to/from our firewalls, which do all the packet filtering and provide Internet access to the rest of our network. This is what the VLAN config looks like when I view it on the 5406's configuration report:
vlan 4
name "wan1"
untagged C20,C22,C24
no ip address
exit
One thing the report doesn't show is that the VLAN has the default gateway set to the IP that is the default route for the switch. However, I don't think it should matter because tracert shows that it doesn't send traffic to that IP anyway, which it shouldn't.
Something else I tried and might be worth mentioning: If I plug the Internet line into an unmanaged switch and then connect the unmanaged switch to the vlan on the 5406, I can hook my laptop up to that vlan and the connection works perfectly. If I take the unmanaged switch out of the picture and plug the Internet line right into the vlan, it starts timing out again. So, to sum it up:
Works: Internet -> unmanaged switch -> vlan (5406) -> ping from laptop
Works: Internet -> unmanaged switch -> ping from laptop
Doesn't work (times out frequently): Internet -> vlan (4506) -> ping from laptop
Any suggestions would be much appreciated!
Best Answer
Your VLAN configuration shouldn't be causing any issues. I'd check for a duplex mismatch on one of the involved ports.