How To Configure Layer 3 Static Routes & VLAN’s On HP v1910 24G

In the last how to, we performed the firmware upgrade and initial configuration on the HP v1910 24G.

It’s now time to start  placing some VLAN’s onto our switch.  A good starting point is why do we use VLAN’s?

Well a VLAN enables us to:

  • Logically segment a switch into smaller switches, much same way that ESXi  allows you to run multiple virtual machines on the same physical hardware.
  • Create logical boundaries so that traffic from one VLAN to another VLAN is permitted or not permitted e.g. User VLAN accessing Server VLAN.
  • Reduce the broadcast domains, in the same way that a switch creates a separate collision domain for each device plugged into it.  A VLAN reduces the ARP broadcasts sent out.

Before we move any further, we need to understand what purpose the VLAN’s will serve in our environment and what they will be assigned too.  For me, it’s quite straight forward, the HP v1910 will be used as my main home lab switch and as such I need a VLAN for the following purposes:

  • Management
  • iSCSI
  • vMotion
  • Backup
  • HP Fail Over Manager

With this in mind, I would highly recommend creating a network table containing your VLAN Names, VLAN ID, Subnet and Switch IP Address. You may ask why do you bother? Well I deal with large number of clients infrastructure and I often find that I get confused as what subnet’s are doing what!

You will notice that I have assigned an IP address to the switch on every VLAN.  The reason for this is the HP v1910 can also do layer 3 static routing so in my home environment the switch is the default gateway as well.

Layer 3 Static Routes

OK, lets login to the HP v1910 24G using the IP address and username/password we assigned previously.

Why use layer 3 static routes? Well I want to be able to route between VLAN’s.  This is critical for my HP Failover Manager (FOM VLAN) which needs to be in a logical third site to communicate with the HP Virtual Storage Appliance (iSCSI VLAN).  For each device on each VLAN they will use the switch as there default gateway.  This means that the network traffic will only leave the switch if it has a destination subnet for which it is not responsible e.g. the internet.

To do this, click on Network from the left hand panel then IPv4 Routing

Click Create in the Destination IP Address enter Mask enter Next Hop enter Select Preference and enter 10

So what are we actually doing? Well we are saying to the switch for ‘any destination IP address’ and ‘any subnet’ send all that traffic to this router/firewall whose IP address is (next hop).

Hopefully it should look something like this.

Cool, let’s test it.  Change a computer to use the HP v1910 24G switch as it’s default gateway.

We should now be able to ping the switch, the switches next hop and also something out on the internet.

Boom, it’s all working, let’s move on!

VLAN Configuration

Hopefully, you have already decided on your VLAN configuration and IP address’s for the switch.  So let’s crack on and start configuring.

Select Network from the left hand menu then VLAN and then Create

My first VLAN ID is 10, so we enter this and click Create to the left hand side.   Next Modify the VLAN description from VLAN 0010 to iSCSI and then click Apply.

Rinse and repeat until you have entered all of your VLAN’s into the switch.  Here’s one I made earlier.

TOP TIP, don’t forget to click Save in the top right hand corner on a regular basis.

Great, we have created the VLAN’s now we need to assign them to some switch ports.  We need to understand what happens when we change the port characteristics.  The options we have are:

  • Untagged – what ever device we plug into this switch port will automatically be placed into this VLAN.  Commonly used for devices which are not VLAN aware (most desktops/laptops).
  • Tagged – if a device is VLAN aware and it has been assigned to a VLAN, when it is plugged into the switch port it won’t go into the Untagged VLAN, it will go into the Tagged VLAN (think IP phones)

As this switch is for my vSphere 5 environment and vSphere is VLAN aware.  We are going to set every port to be Tagged into every VLAN.  What will this achieve? Well every device which is not VLAN away will go straight into the Management VLAN.  Then on the port group’s within the vSwitches I can assign VLAN’s.

To do this, click Network from the left hand menu, then VLAN and finally Modify Port

By default every port will be ‘untagged’ in VLAN 1 so we don’t need to make any modifications to this. Click Select All then Tagged and last of all Enter the VLAN ID’s in this case 10,20,30,40 and click Apply.

You will receive a pop up letting you know that Access Ports will change to Hybrid Ports, we are cool with this, so Click OK.

To verify the VLAN’s have been set correctly, go to Port Detail and choose Select All, it should show the following.

Assign An IP Address To Each VLAN

I mentioned earlier on in the post that we wanted to assign an IP address to each VLAN so that the HP v1910 24G becomes the default gateway for all devices.  To do this  select Network from the left hand menu, then VLAN interface and Create.

Now this is when I need to refer back to my network table! We input the VLAN ID e.g. 10 and then enter the IP Address e.g. and Mask e.g.

I always deselect ‘Configure IPv6 Link Local Address’ then click Apply.

Rinse and repeat for the rest of your VLAN’s.  To make sure everything is ‘tickety boo’ click on Summary and you should be greeted with a page similar to this.

Time to test.  So from your computer you should now be able to ping each VLAN IP address on the switch.

Success, that’s our HP v1910 24G configured with VLAN’s.

128 thoughts on “How To Configure Layer 3 Static Routes & VLAN’s On HP v1910 24G

  1. I have followed this post and I’m getting something really bizarre. Not only can I ping the gateway addresses for each VLAN, I can also ping between VLAN’s even though I haven’t setup any access lists yet. But there are some addresses that it won’t ping. Any idea why this would be?

    1. Hi James, in relation to the pings I had the same situation in my test lab, so I would suggest you update the firmware if you haven’t already. The items which you can’t ping are they using the HP v1910G as the default gateway? If not does the gateway they are using have a route back to the HP v1910G?

      1. I tried the firmware that you had in your post plus the latest one and both give me the same results. There is only one device that I can’t ping and I’m guessing its the devices problem because 1. It’s a piece of junk and 2. I think it just can’t form the correct headers for returning the ping over a different subnet. I can only ping it when I’m on the same subnet as that. But as far as everything else, I can’t seem to limit traffic on my VLAN’s. They are all able to inter-vlan communicate even without ACLs. My setup is slightly different than yours where I’m not using VMs so maybe the way I’m tagging my ports is whats causing problems. This is the first time that I’ve used a HP switch instead of a cisco. What I’ve done is untag ports for their specific VLAN assignment and I’ve only tagged ports which would essentially be the same as a cisco trunk. (I’m tagging another switch and an access point that is connected to it) Maybe I should post my config file to see what’s going on?

      2. Hi James, if you go to QoS > ACL IPv4 and create either a Basic or Advanced Access List, whatever traffic you permit will be allowed and everything else will be denied. HP works in the same way as Cisco, they have a silent deny at the end of the ACL.

    2. HI there. Thanks for the great post. I seem to be having the same problem as James. I can ping from the management VLAN (laptop)all addresses on every configured vlan. I can ping between te vlans. However, I cannot access the management vlan from the configured vlans to try and access the internet which I really want and need. So far I am clueless.

      1. Hi, you will need a trunk port to be able to access the internet and your router will need to be able to pass VLAN traffic. Also you will need NAT rules for each subnet on your router/firewall that you want to access the internet.

  2. Yet also no acl’s required. Did another firmware upgrade just now to the latest version (5.20 Release 1513P06 for the V1910-16G). I can still ping all devices on all vlans without acl’s.

    1. Thanks for the feedback, I will reset my switch and see what results I get. It might be a while as I’m currently studying for the VCP510-DT.

  3. Is there any way to connect two HP 1910s to have same subnets on both for server/connectivity mirroring/redundancy?

    1. ‘Stacking’ isn’t a feature offered by the HP1910 switches where they share a single IP Address. I believe the lowest HP switches you can purchase to achieve this are the HP2920G. You can have multiple HP1910’s for redundancy, however if you had a switch failure you would need to change each servers DG to the remaining HP v1910G IP address.

      1. I have went over 1910’s manual and it looks like ‘stacking’ is possible (page 51) but I’m not sure if this is what I’m looking for (something similar to SonicWall High Availability failover option). Simple describing that I have SW-01 ( connected to NSA-SA ( and Web server (main, and then SW-02 ( connected to NSA-HA ( and Web server (mirror, but I want to have ability to communicate between both server on switches level. Also both server have bonded NICs so uses both switches anyway. Goal is to have ability to “switch” traffic on SW-01 or SW-02 when any of them will fail instead of create routing on NSA

        Anyway your blog helps a lot 🙂

      2. Just read the stacking pages, I believe it’s the same as HP 2xxx series where stacking is for management purposes only. You can use the SW-01 as the DG for your Web server and 192.168.37.x devices. Create an interface on your 10.2.0.x VLAN. Then create a route to your NSA-SA. Traffic will route correctly, but you would still need to either change the server DG if SW-01 failed or give SW-02, SW-01 IP address’s.

      3. So it is possible to have same IP address for SW-01 and SW-02 or you are talking when it will fail to re-assign IP address? And yes – it looks like stocking is only for management :\

  4. Well, it looks like there will be human input involved anyway – change switch IP or DG.

    Thanks and have a nice evening! Hope to see more howtos related to 1910 🙂

  5. Hi Craig, I have HP v1910-24G. InterVLAN working only for /24 netmask. If I use /25 or more, it is not working. Have faced anything like that?

      1. To create a backup Device > Configuration > Backup then perform upload the old version of your firmware.

  6. opss… soryy… typing error.. 🙂

    why i cant ping another pc with different subnet…

    1. Make sure you have an interface on that VLAN with an IP address you are trying to ping and that the HP v1910 is the default gateway for both subnets.

      1. thanks Craig..

        i have another question.. how to connect 2 switch hp 1910 together with multiple VLAN

      2. I would recommend creating an LACP between the two switches for port resilience and throughput, then you just tag the ports to carry the VLAN traffic you specify.

      3. can u just give a simple tip or guideline how to configure LACP.. i am understand the concept.. but i am not so clear to do this function works.

  7. Great post it has helped me with some parts. I can not ping between the vlans though. I want to be able to access any thing from any where. I followed the steps. I can not even ping the vlan interfaces except for the one that i am on. thanks for any help

    1. Hi Pete, thanks for reading the blog, make sure you have an interface on the VLAN you are trying to ping with an IP Address and that the HP v1910 is the default gateway.

      1. thanks for the reply. I still can not get it to work. here is my setup

        pc gateway set as

        i can ping vlan1 interface. i cannot ping vlan2 or vlan6 interface. I cannot access the servers that are behind vlan2 and vlan6 from vlan1. I thought by default i could ping across all vlans. I did update to the latest firmware.

  8. Geate post! I am stucked with a SonicWALL firewall that sees all traffic routed from the V1910′s default route as Spoof IP. The V1910 just sends all my VLAN traffic for the internet out on interfaces that is connected to the firewall as VLAN 1 or without VLAN header. Therefore the firewall denys all the outgoing traffic from all VLANs. Internet works from VLAN 1. If I change the default gateway on the switch to e.g. x.x.x.2 (Vlan-interface 100) on VLAN 100 interface on the firewall then only that VLAN can access internet. Everything else is now Spoof IP according to the firewall as everything now being sent out of the switch as VLAN 100.

    Switch IP: (VLAN 1 / no VLAN)
    Firewall IP: (No VLAN)
    VLANs on both devices: 10 and 100
    Default GW on the switch:

    1. Forgot some details:
      Switch IP: Also has x.x.x.1 on every VLAN

      Firewall IP: Also has x.x.x.2 on every VLAN

      Really hope you can help.

      1. If you change the HP1910 to be the default gateway can you route between VLAN’s correctly? You will need to create an Access List on the SonicWall to allow traffic between the two subnets as by default it won’t allow traffic between them. Cisco has a higher to lower Security Level concept which is permitted but not from low to high.

  9. Yes the switch can route between the VLANs, but when the switch uses the default gateway pointing at the firewall, then the firewall sees the traffic as spoof ip. The reason is that VLAN10 ( is sent out of the switch with VLAN 1 / no VLAN tag. Because the switch only have one gateway. Is there any way to add multiple gateway for each VLAN or make the switch VLAN tag traffic from VLAN 10 when routed out on default gateway? Link for more info:

    1. Make sure your SonicWall firmware is up to date. The SonicWall should be using the X0 interface as VLAN1 and then X0:Vxx for your sub interfaces. The sub interface should be VLAN tagged and be in Static IP Mode.

      For the HP v1910, untagged VLAN1 and tagged VLAN10 and make sure you have an interface on every VLAN. The port connected to the SonicWall should be a hybrid port, in this mode, the frame is permitted on the VLAN and the VLAN tag remains intact.

      1. I forgot all about the routes on the firewall, therefor the SonicWALL discarded the traffic from VLANs. Added every VLAN as address objects and created a route to the switch with them. Thanks for all your help.

  10. Craig,

    I have bounced around HP support/extreme support/sonicwall support to get what seems a very simple configuration to work , so after reading you post , and the help you have provided others im hoping you can help….

    Sonicwall NS350 firewall

    HP 2910 switch
    Default Vlan – VID 1 -
    All ports assigned untagged
    except port 21 which is tagged
    Port 24 goes to the firewall
    ———————————————– original setup all worked fine

    added:to HP switch

    Wireless Vlan – VID 2 – –
    port 21 tag

    Port 21 goes to port 21 on a new extreme 450e switch

    Extreme switch is setup as

    ipforwarding enabled

    Default Vlan VID 1 –
    port 21 tagged

    Wireless Vlan VID 2 –
    port 21 tagged
    port 1-10 added untagged
    laptop plugged into port 1
    static ip –
    gateway – if i chose i can only ping up to the extreme switch
    if i chose i can ping all the way to the firewall
    however i cannot get out onto the web.

    Im not familiar enough with static routes -sonicwall support and hp support added some routes but its still not working corruptly.

    Any advice as to what static routes should be applied to each switch and firewall to to allow internet access from the 192.168.3.x would help me tremendously


    1. Morning Brian, just had a look at your switch config and that seems right, but just to confirm:

      Port 24 (Uplink to SonicWall) on HP 2910 is untagged VLAN 1 and tagged VLAN 2
      Port 21 (Uplink to Extreme) on HP 2910 is untagged VLAN 1 and tagged VLAN 2

      On the SonicWall, you should have your X0 interface as VLAN 1 with IP Address You should also have an X0:V2 interface with an IP Address e.g.

      Give your clients the default gateway of the SonicWall on VLAN 2 and everything should work.

      Note you might need to add some NAT rules in on the SonicWall.

      1. Craig,

        Any clue on how to properly setup LACP between two V1910 switches. Been trying with no success.


      2. Hi Mike, I have setup LACP to vSphere, which took a few goes. A great source of information is can be found at WhalNetwork where Chris sets one up on a HP v1910

  11. Hi Craig thanks for getting back

    Port 24 on HP (uplink to firewall) is untagged on vlan 1
    Port 24 on HP switch Vlan 2 i didnt do anything with
    Port 21 on HP (tagged)(link to the extreme switch) on Vlan 1
    Port 21 on HP (tagged)(link to the extreme switch) on Vlan 2

    1. Port 24 needs to be tagged VLAN 2 & you need to configure the Sonicwall as per my previous comments mate

  12. Extreme switch has 2 vlans created

    VLAN 1 – vid1 – – port 21 tagged (uplink to hp)
    VLAN 2 – vid2 – – port 21 tagged (uplink to hp) port 1-10 untagged

  13. Laptop plugged into new vlan on extreme switch port 1

    static ip –
    gateway – only works to firewall using (ip of VLAN 2 on HP)
    can ping
    HP switch,
    clients on 199.95.135.x network

    cannot get out onto web

    Also spent alot of time trying to verify what static routes each switch should have to make this work.
    Also when i added the new VLAN 2 via the HP GUI i think i changed the DEFAULT_GATEWAY on the HP switch.
    I think the deault gateway should be set as the firewall address of however in the running config it say
    which is the ip address i gave to the extreme switch on vlan1

  14. For full CLI on HP V1910 telnet/ssh to the switch

    enter: _cmdline-mode on
    for the password enter: 512900

  15. What firmware version do these instructions apply to? I can’t get even a basic VLAN scenario to work on my switch. I suspect it may be a firmware version issue.

    1. Hi Scott, it applies to this firmware 1910_5.20.R1512P05. If you check out my blog post this should give you all the information needed

  16. Hi, Craig. Our storage manufacture indicates our iSCSI paths from VSphere 5 hosts to the SAN storage processors need redundant paths. Right now, we have 2 hosts, 2 NICs on each that path to 2 separate HP 1910 switches, and then on to the 2 storage processors of the SAN, for redundancy, meanwhile, over 2 separate vlans, for clarity.

    Here’s the basic pathing:
    Host 1 > NIC 1 > vlan 100 on HPswitch 1 > storage processor 1
    Host 1 > NIC 2 > vlan 101 on HPswitch 2 > storage processor 2
    Host 2 > NIC 1 > vlan 100 on HPswitch 1 > storage processor 1
    Host 2 > NIC 2 > vlan 101 on HPswitch 2 > storage processor 2

    This layout, with the addition of HA, I see no single point of failure. Unfortunately, we take on frequent iSCSI logouts on the storage processors that supposedly point to configuration issues in the fabric between the VMs and the storage. Now mind you, these ‘logouts’ last about 10 seconds before reconnecting. The manufacturer has suggested that I should create a path (one for each VLAN) between HPswitch 1 and HPswitch 2 in order to satisfy round-robin. They have suggested that storage processing wants load balance by using both processors yet our configuration is tying communication to one or the other. I’m not confident this causes the storage logout errros, however, this might improve throughput and overall performance.

    Is there a way to link these 2 HP 1910’s together through the mini-GBIC ports using CAT6 Ethernet cables? (For your amusement, I tried to link the switches using VLANs on ports 9 and 10 and it brought down the entire show.) Our Cisco switches have ports dedicated to uplinks, and I’m not sure which ones would serve that purpose here. This assumes linking them together is not the same as stacking. I don’t care to have them share IP addresses.

    I appreciate any direction you can offer.


    1. I see what your manufacturer is saying. Using the inbuilt vSphere Software iSCSI Adapter 1,000 IOPS are sent down each path A, then the next 1,000 down path B etc etc.

      You have a choice, either plug in a single network cable between the switches. Or create a Dynamic LACP between HPSwitch1 and HPSwitch2 (Cisco terms it’s a Port Channel Group). To do this:

      On both switches Network > Link Aggregation > Create > Dynamic LACP > Select Ports > Apply

      Double check that you have the correct VLAN’s assigned to the LACP on both switches and uplink them.

      1. Thanks, Craig. Choice 1 sounds less complex and therefore most attractive, but isn’t that what I essentially tried already? I created a path for vlan100 from port 9 to port 9, and a path for vlan101 from port 10 to port 10. That config brought everything to its knees. If I simply plug the switches together via a single port without any mgmt, the VLANS won’t talk over it. Are you recommending I take one port, say port 9, and allow it to talk over VLAN 100 *and* VLAN 101? How about the mini-GBIC ports, are those more appropriate for this? Meanwhile, I’ll research the LACP feature you mention.

        Thanks for your help,


      2. You inadvertently created a loop in your configuration, hap

        Yes you are right I’m saying one network cable carrying VLAN traffic for 100 and 101. Doesn’t really matter which ports you use.

        LACP is good but if you are unsure, then I would always advise to keep it simple.

        Good luck!

  17. Craig,
    I’ve just found your blogs and they are great, however I have some problems with BAGG and VLAN Tagging.

    We have two 1910 with port 23&24 in BAGG-1. Two CAT6 cables between the ports (23 to 23 and 24 to 24).

    All ports are untagged in vlan1. After adding vlan 2 and tagging it to all ports on both switches, we’re unable to ping either switch from the other.

    Seems bagg is not the option to look for. (isn’t bagg the same as creating trunk on older ‘real’ HP ProCurve ?)

    1. Hi Peter, can’t say I have heard of ‘bagg’.

      First of all remove one of the uplinks and make sure you can ping both interfaces on vlan 1 and vlan 2. Once this is working, perform the following:

      On both switches Network > Link Aggregation > Create > Dynamic LACP > Select Ports > Apply

      Double check that you have the correct VLAN’s assigned to the LACP on both switches and uplink them.

  18. Hi Craig,
    Thank you, you really made things more clear with your post. I can ping between the subnets. But when I want to connect my 1810 switches to the 1910 after assigning vlans to them, I don’t have connection to the internet. You have any idea why? Thanks for your help.

  19. Hi Craig,
    I want to thank you for your post. I can ping to the different subnets. When I connect my 1810 procurve switch to my 1910 switch and connect a computer to the 1810 switch I can’t get connection with the internet. I assigned different vlans to the 1810 switch. Do you have any idea why this doesn’t work? Thanks for your help.

    1. Hi, you will need to make sure that the port on the v1910 that the 1810 plugs into has the VLAN’s fro the 1810 assigned to it e.g.

      1810 – VLAN 5,6,7
      1910 – VLAN 5,6,7 on the port that plus into the 1810

      You then need to make sure that the port that plugs from the 1910 into your router/firewall is configured the same way. Then last of all your router/firewall needs to have the subnets/vlans assigned to the interface that connects to the 1910 with all the relevant NAT rules/ACL’s assigned to it.

  20. Hi Craig,

    I’m trying to setup a home lab similar to yours.
    VLAN 10 ( – LAB MGMT
    VLAN 20 ( – VMotion
    VLAN 30 ( – NFS
    VLAN 40 ( – VM Portgroup.

    HP 1910 Mgmt IP is, Verizon Home router IP is Added static routes in my home router for all VLANs 172.21.x.0 –> (HP 1910 IP address).

    Problem is I can ping my ESX host ( from my desktop ( and get into VI client but I cannot ping vmotion IP ( or get my Windows 2k8 VM (static IP or even since vlan 10 (ESX) is pingable) on the internet. VM can ping the HP switch, ping the verizon home router but cannot get out to the internet. I followed all the steps here added tagged vlans (10,20,30,40) and static route on HP 1910 for, to (verizon home router)

    I have 4 nics in my HP DL380 (ESX server) with two uplinks for each vswtich.

    vswtich1 (mgmt, vmotion & VM port group)
    –> uplinks vmnic0 & vmnic 1
    this vswitch needs to carry vlans 10,20 and 30

    vswitch2 (NFS)
    –> uplinks vmnic2 & vmnic 3
    this vswtich needs to carry vlan 40 only but I want to
    add Link aggregation to the mix.

    How can I complete this networking ? I’m fairly new to home labs and networking in general.

    1. Couple of things:

      1. Make sure that each VLAN has an interface (IP Address) otherwise it won’t be routable.
      2. Make the HPv1910 the DG for your laptop and make sure you can ping every VLAN IP Address on the HP v1910
      3. If 2 above works, then you need to look at your vSwitches
      4. Your Verizon Router will need to have the VLAN subnets and NAT statements for any network you want to be able to access the internet.


  21. Hi,
    I am setting up small size private datacenter using VM Ware Essentials plus on 3 servers and 2 storage.

    I will be running 14 to 18 VMs with failover. Here I have different IP segments. Since I need a Gigabit support I bought HP V1910 24 G Switch and followed your instructions for VLAN setup, but I got struck in DHCP.

    My network schematics is given below

    ISP A- – VLAN10 – Port 3
    ISP B- For WAN Failover – VLAN -20 – Port 4
    Internal LAN – – VLAN30 DHCP Enabled – Port 5,6
    Guest LAN – – VLAN40 – DHCP Enabled – Port 7,8

    Then on the servers side., I will be connecting

    Port 09,10 Connected to Storage 1
    Port 11,12 Connected to Storage 2
    Port 13,14 Connected to Server 1
    Port 15,16 Connected to Server 2
    Port 17,18 Connceted to Server 3

    Port 19,20 – May be connecting to another HP 1910 for redundancy.

    On the switch I configured VLANs and Tagged all switch ports with all VLAN codes(10,20,30,40)

    When I enabled DHCP on Guest LAN all ports are giving IP to connected device. I tried untagging specific port and tagging to specific port. But still its same. Please guide me here and correct me if i am going any where wrong in my plan mentioned above. I should configure only certain ports for Admin LAN DHCP and certain ports to Guest LAN DHCP.

    Server side VM Ware connected and other side, I will be connecting to unmanaged switches.

    and one more important thing is, since I am having VM Ware with redundancy on servers, I want redundancy solution on switch side also. Can I buy one more HP V1910 24 Gig switch and configure in a way where I will get good throughput between servers and when any one switch fails, it still communicates with one switch with out any failure.
    I am not sure how clear I am in explaining my scenario and the problem, I will be able to provide more information with your inputs.


    1. Hi Prakesh, I haven’t used DHCP on the HP v1910 before, so can’t give you any guidance on this.

      A few things to note:

      1. Tagging ports means that the device you are plugging into the switch has to be VLAN aware.
      2. Untagging a port means the device plugged into the switch goes into the ‘untagged VLAN’
      3. You can link 2 x HP v1910 together using LACP

      1. Hi Craig,
        I tried untagging the VLAN for a port. Bit it didnt work.
        how to mention to ports, to carry specific VLaNs?

        and Advanced New Year..!

  22. Hi Craig

    I have a question about hp 1910-24port switch vlan configuration
    My setup

    I have created 3 Vlans

    1. Vlan 100 port 1 untagged port 21 and 23 tagged port 1 connected to my firewall interface 4 that will use for public wifi all the roles and routed has been configured

    2. vlan 200 port 2 untagged port 21 and 23 tagged port 2 connected to my firewall interface 4 that will use for corporate wifi roles and routed has been configured in the firewall

    3. Vlan 300 port 3 and 4 and port 21 and 23 untagged port 3 connected to my firewall interface 5 and the roles is setup as we’ll in the firewall
    Ports 21 and 23 used by my access points that uses 172.16.x.x network.

    All the routes and roles configured on the firewall interfaces.

    The some setup was working on the hp switch 1801 24 ports I just replace this switch with hp 1910 and relate the some config from my old switch.
    The problem is I cannot reach the internal wifi network and the management vlan 300

    Can you please advice.



    1. Hi Leon, first of all you should only have a single VLAN untagged on a port. The purpose of this is to force a non VLAN aware device e.g. laptop into the specific VLAN. The rest of the ports should be tagged e.g.

      VLAN 100 – Public WiFi
      VLAN 200 – Corporate WiFi
      VLAN 300 – Management

      Port 1 – Connected to Firewall should be untagged in the Firewalls default VLAN (check your config) and tagged in the subnets defined as sub interfaces (you would have applied VLAN’s to them). e.g. Untagged VLAN 300 – Tagged VLAN 100 & 200

      Port 21 & 23 – If your devices ARE NOT VLAN aware then the ports need to be untagged in the VLAN’s they need to go into e.g VLAN 100

  23. Hi Craig, Thank you so much for your help and prompt response.

    I have remove 3 VLAN’S and recreated them again

    VLAN 100 port 1 untagged and port 21,23 tagged
    VLAN 200 port 2 untagged and port 21,23 tagged
    VLAN 300 port 3 and 4 untagged and port 21,23 untagged

    The problem was that some how the port 21,23 has a default value of PVID 1 this is a default VLAN.

    Thank you so much for your directions and help.


  24. Hi Craig

    Awesome post. had some issues with the routing but got it sorted with a firmware update (was a little behind). the only issue i am having is the routing to my firewall/router from the vlans for internet access.

    I have vlan 1 in the 172.16.0.X range which my firewall/router is in.
    I have created vlan 10 and vlan 20 with range 192.168.110.X and 192.168.120.X i set machines in those ranges with the v1910 as the default gateway (i have set an ipaddress per vlan interface on the switch) and i have created the ipv4 acl for everything to my firewall/router.

    This works for any device i have on the 172.16.0.X range but not from the other ranges.
    From my laptop on the vlan 2 range i can ping the ip address on the vlan 1 interface on the switch but i cannot ping the firewall.

    I have also created the vlan interfaces on my firewall/router and assigned an ip to each interface which works if i set my laptop to use the firewall/router as the DG but i lose the communication between the vlans on the switch. also if i change the ipv4 acl with the next hop of the ip address of the vlan interface on the firewall/router i can get that vlan segment working but the rest drop. i have tried creating the acl for all the vlans but it seems to only allow 1.

    If you can assist that would be great

    1. Hi Anthony, couple of things you need to make sure of:

      1. The firewall has a route back to the HP v1910 for all VLAN’s otherwise it will send the traffic out to it’s route.
      2. The ports for vlan 10 and vlan 20 are untagged if the machines are not VLAN aware. Make sure you can ping the HP v1910.

      1. Hi Craig

        Thanks for the reply.
        The firewall didn’t have the route back to he v1910 so have added that now and the port i am connecting my laptop to is definitely untagged but still not able to get out to the web.
        but the firewall isn’t even logging that it is receiving the traffic.

        With my laptop on vlan 10 i can ping the v1910 on any of the vlan ip address interfaces but just can’t get web access unless i set my DG as the firewall

        If i do a traceroute to i get a response from the v1910 gateway address but no response from the firewall

      2. Okay got the firewall to see the traffic now. this should be a firewall issue now and not a switch issue. Thank you for all the help Craig.

  25. Hello Craig.. Awesome post. But I have a problem I just got an HP 2920 24G..
    I will explain how is my network right now..
    vlan1- – port 1&11 untagged
    vlan2- – port 2&12 untagged
    vlan3- – port 3&13 untagged
    vlan4- – port 4&14 untagged
    vlan5- – port 5&15 untagged
    I did connect a different cisco rvs4000 router set to DHCP to port (1,2,3,4 and 5)
    If I connect a laptop on port (11,12,13,14 or 15) I can’t ping between vlan’s!!!!!

    1. Hi Ergueen, thanks for reading, been a while since I used a HP 2920, great bits of kit especially with the 10G modules.

      Couple of things to check:

      1. Have you assigned the VLAN’s an IP address?
      2. Set your laptop on the same IP range and see if you can ping the HP2920G default gateway on each VLAN
      3. Are you on the latest firmware release?

      1. 1. The VLAN’s obtained an IP (DHCP) from the router (Each VLAN have 2 ports in the switch.. soo I connect the router in the port 1 and the laptop in the port 11).
        2.- The laptop obtained an IP (DHCP) from the router.
        3.- Yes.

      2. Set your laptop to use the HP 2920G as the default gateway, can you ping each VLAN IP Address? If yes, try again using the Cisco Router as the default gateway. If this doesn’t work then your issue is with the Cisco Router, most likley your static routes.

  26. Hi,
    I’m having the same routing issue with the V1910.
    Got 2 VLANs:
    ID | Subnet | Interface
    1 | |
    2 | |

    IPv4 Routing was edited automatically: Vlan-interface1 Vlan-interface1 Vlan-interface2 is default GW

    All ports are untagged to vlan1 or vlan2.
    Via console I can ping the interface2 ( from subnet 1, but I cannot ping a PC (static IP connected to a vlan2-port!?

    I tried tagging and untagging the ports and 2 different firmwares:
    5.20 R1513P62
    5.20 R1513P81

    dhcp-relay is enabled too.
    Did I miss something?

    1. If you are using as your Default Gateway then it has to have a route to the HP v1910 on VLAN 2.

      On the device which is enter a static route as follows:

      Destination 255.255.0 Gateway

  27. Craig, thx for your patience. problem solved! it was not the vlan/routing! the portmode seemed to switch after several changes…

  28. Hi Craig, first up congratulate for this clear document and others. I have same issue as top of list. Even though I created ACL so that deny vlans traffic to eachother, I have able to ping from every vlan to them all. Actuaclly when I created VLANs and interface with ip they could acces to eachother without doing any configurations.

    1. Hi Mustafa, thanks for reading. This is the default behavior on the HP v1910. To set up ACL correctly is a royal pain, it’s far easier to control the inter VLAN routing by a firewall.

      1. I know you say ACLs are a royal pain, but that is exactly what I need to do. Have you found any good guides regarding the ACL setup?

  29. dear craig..
    i just follow your instructions, but still have no luck..
    i’m trying to build 2 VLANs:

    ID | Subnet | Interface
    1 | |
    2 | |

    All ports are tagged to vlan1 or vlan2.
    from the diagnostic menu i can ping both vlan interfaces..
    but when i plugged a pc to each vlan, i cannot ping those pc from the diagnostic menu, and also from the pc i cannot ping the vlan interface ( their default gateway )..
    is there something wrong??

    1. Hi Imanuel, thanks for reading my blog. First of all your Subnet and IP Address are wrong on VLAN ID 1, this may just have been a typo.

      Port 1 – Untag VLAN 1 (check to make sure it is an access port)
      Port 2 – Untag VLAN 2 (check to make sure it is an access port)

      Don’t forget you have to use ‘untagged’ access ports for any device which is not VLAN aware e.g. laptop

      1. Dear Craig,
        thanks for enlightening me, it worked perfectly…
        i hope you dont mind if i’ll drop by again to ask you few stupid question regarding this device…

  30. Hi Craig,

    Is there a way to change the default VLAN 1 on Hp 1910 switches ? I want to change the primary VLAN of 1 to another VLAN ID and I cannot find it in the HP 1910 GUI .


    1. Hiya, if you ‘un tag’ each port into your chosen then VLAN and make sure it is in Access Mode.

      Double check that you have removed VLAN 1 from each port 🙂

  31. Hi Craig,
    I have 5 untagged vlans (1-5) on my hp1910-8g switch. Every device connected to a vlan has it’s default gw set to the vlan interface IP. So I can ping across all vlans. I’ve created a default gw static route on the switch to my router’s IP on vlan5. I’m trying to access internet from other vlans(1-4) through my router. It’s somewhat strange because from other vlans (1-4) I can resolve host names (e.g but I can’t access or ping outside networks. Pls help with any tips you have.

    1. Hi Joe, does your router have a route back to the HP 1910 for each VLAN’s? Also have you configured NAT on your router for the VLAN’s?

  32. Hi Craig, I have a problem with VLAN 1 ( I plug a laptop with IP and I ping the SW and I get a response but from SW to my laptop I don’t get a response, the port 23 is untaged, hybrid on PVID 1, thanks.

    1. Thank for reading the blog, try changing the port type to ‘access’.

      Hope that helps

  33. Apart from the whole VMWare discusison, I got a question on how to set up the switch to act additionally as a WAN router.
    On a simple “consumer” router, e.g. the Airport Express, the only thing to do is the following:
    1. Network section: Define IP address of the router.
    2. Internet section: Choose “DHCP” in case of cable provider.
    3. Finito!

    On a linux system it is somehow clear to understand, e.g.
    ip route add $P1_NET dev $IF1 src $IP1 table T1
    ip route add default via $P1 table T1 …

    How do I set up IPv4 Routing in case of the 1910, any idea??? Thanks!

    1. Hi thanks for reading my blog. I’m not 100% sure what you are trying to achieve?

      The HP v1910 can have a VLAN IP Address configured by DHCP, just select DHCP when creating the VLAN Interface and tag/untag the port as appropriate.

      If you want to send all traffic to a next hop, then just create an interface on the same VLAN and create a static route. Note that the next hop needs to have a return path back to the HP v1910.

      1. Well, see … I’d like to hook up my cable modem directly to the 1910 without using a consumer router in between. Hence, the 1910 shall play the role of the router. It shall be assigned the ISP WAN to port 8 using DHCP on VLAN 1 (that is, I hook up my modem to port 8). It shall then be routed between VLAN 1 and my other VLANs for my internet traffic.
        One of my static route imho should look like with next hop to be the IP on interface at port 8.

  34. Hello Craig,

    pretty nice article, I followed your guide spet-by-step with my HP v1910 48G and it all works as expected. I’m just a bit confused about the Esxi configuration, what would you suggest? In my lab I have 8 vlans ( 1 switch managenet, 4 iscsi, 1 vmotion, 1 vsphere management, 1 clients lan) and I’d like to know what is, in your opinion, the best practice because Hp suggests to use td-trunks and to configure the v-switches to route vlan based on IP hash

    1. Hi thanks for reading, for the iSCSI traffic I generally use dedicated ports in untagged mode.

  35. Hi Craig,

    I have created some vlans which the setting are similar with you,
    Router IP
    switch static route
    Router ip route

    Now the pc connected to vlan1, 10, 20 can ping each other interface and the gateway. All vlan can access to interent now. But what i want to do now is allow a vlan access by another vlan. My vlan now cannot ping another vlan device . What should i do to allow all vlan to access each other?

  36. Hi Craig

    Thank you for your post. I have updated the firmware to latest.

    My issue is:
    I have configured the vlans and vlan interface and consists of 3 vlans.
    vlan 1 management + interface as
    vlan 10 network + interface as
    vlan 20 network test + interface as

    Since am connecting two laptops I am untagging as such:
    vlan 10,20 untagged port1-28
    I can ping all the 3 interfaces when i configure the latop with the 37 network and gateway but unable to do same with the other two network’s

    Can you advise please

    1. Hi Anand, thanks for reading my blog. HP allow you to ‘untag’ a port on two different VLAN’s which I think is a bit crazy! Try the following:

      Port 1 – Untag VLAN 10 only
      Port 2 – Untag VLAN 20 only

      Make sure both ports aren’t in Hybrid mode and try again.

  37. Hi, when I have a star network with all HP 1910 switch, I must configure each switch with an IP address of the VLAN? Or only the central switch?

    1. Hi Juan, thanks for reading. The answer is no, you can configure a Layer 2 VLAN on each switch and then have your central HP v1910 as the Layer 3 default gateway.

      However, I would recommend having an IP Address for each switch on a Management VLAn

  38. Hi Craig, Thanks for a great explanation of inter-vlan routing the ProCurve way!

    I’ve just aquired a couple of these switches for my home network, actually the 3Com Baseline branded ones. Do you have any idea what the throughput is like at layer 3 compared with layer 2? I’m undecided as to whether to let my Cisco 871 do the inter-vlan routing (as a router-on-a-stick) or the ProCurve.

    1. Thanks for reading Nick. I would recommend doing the inter VLAN routing on your Cisco 871 as trying to apply ACL’s onto the v1910 is extremely challenging!

  39. Hi Craig, first of all I want to say that my English is not very good, but I will do my effort to understand me.

    All network devices, PCs, servers and access points are on the same network (
    I want to configure VLANs on Switch HP V1910 48G, in your post you mention that you used the same switch as the default gateway, but in my case the default gateway is the firewall. Could you help me with the settings for my particular case?

    Thank you very much in advance.

      1. It depends !!
        When Carlos uses a single vlan to connect his firewall he needs:
        1.) a default route ala “ip route on the switch
        2.) static routing on the firewall for ALL VLAN IP networks he runs on the switch except the transfer vlan IP to the switch.

        Without a transfer vlan just configure a tagged uplink from the switch to the firewall. Here you then have a virtual IP Interface per VLAN tag and hence have the gateway ips directly on the firewall.

  40. Hi Craig,
    I have a 1920 switch, the setting as below
    switch IP:
    port 1: VLAN ID=1, untagged 1,100,900, tagged 800,850
    VLAN1,100,900 ip:
    VLAN 800, 850 ip:

    I also have a Draytek 2925 router (connected to port 24, VLAN IP=1, untagged 1,100,900, tagged 800,850)
    Router IP: it also provide dhcp service for VLAN 1,100,900(
    beside, the router can support second DHCP server and as gateway
    IP= and also support DHCP service for

    I have a AP(TP=link EAP120) connected to port 1, ip =
    The AP have 3 SSID
    SSID A, no VLAN tagged
    SSID B, tagged 800
    SSID C, tagged 850

    When my laptop connect…..
    SSID A the ip is 192.168.216.x
    SSID B and C, ip is 192.168.2.x
    **SSID C need portal login (the function is build in)

    The problem is when my laptop connected SSID C, the ip is 192.168.2.x and it redirect to portal for ask my login but the portal IP is and failed.

    I have enabled the inter-LAN route in draytek router, my laptop can ping but cannot access the portal page.

    What can I do?

    Thank you.


    1. Sorry Pong, not sure I can help with this one, those Drayteks have quirky settings which aren’t normal.

  41. Hi Craig,

    I have a question about all this networking with Vlan and layer 3 static routing. How do you assign the switch IP as the default gateway in an environment where all computers are getting ip addresses from a DHCP server (consumer grade router)?

    In the past when I assigned static IP to the guest computer in the Vlan, I could ping each of the guests, but external internet connection would not work.

  42. I followed your directions and it worked perfectly bit I cannot ping from an ip devices not on the same up as the switch to a VLAN ip address. Also, how would I setup the switch so that those items on the other VLANS have internet access?

  43. Hi All,

    I have four ip pools on my 1910:

    and want to connect these so it is possible to ping from to or etc etc how can can realize this with ipv routing?

    Thanks a lot for your reply.

    1. My setup:

      VLAN ID 1
      VLAN ID 10
      VLAN ID 20
      VLAN ID 30
      VLAN ID 40
      VLAN ID 50

      VLAN Port Detail

      GE1/0/44 1 10,20,30,40,50 Hybrid 1
      GE1/0/45 1 10,20,30,40,50 Hybrid 1
      GE1/0/46 1 10,20,30,40,50 Hybrid 1
      GE1/0/47 1 10,20,30,40,50 Hybrid 1
      GE1/0/48 1 10,20,30,40,50 Hybrid 1

      Active route table

      Destination IP Address Mask Protocol Preference Next Hop Interface Static 60 Vlan-interface1 Direct 0 InLoopBack0 Direct 0 InLoopBack0 Direct 0 Vlan-interface1 Direct 0 InLoopBack0 Direct 0 Vlan-interface10 Direct 0 InLoopBack0 Direct 0 Vlan-interface20 Direct 0 InLoopBack0 Direct 0 Vlan-interface30 Direct 0 InLoopBack0 Direct 0 Vlan-interface40 Direct 0 InLoopBack0 Direct 0 Vlan-interface50 Direct 0 InLoopBack0

      1. Craig,

        I have a total of 3, 1910-8 port layer 3 switches. This is the first time messing with these devices. I have the Master switch setup to have 3 different VLANS. They are and you guessed it I am able to ping each Vlan through the console terminal session with no issues. However if I am connected via laptop I cannot hit any of the VLANs. I also want to know if it’s possible to use the STACKING option and make the other two switches part of Vlan 2 and 3?

        For, example Master Switch will be, PEER 2 switch “STACK” will be 2.1 and PEER 3 == 3.1


        Here is my current conf.

        version 5.20.99, Release 1116
        sysname HPE
        domain default enable system
        cluster enable
        stack stack-port 1 port GigabitEthernet1/0/9
        stack stack-port 1 port GigabitEthernet1/0/10
        ssl version ssl3.0 disable
        password-recovery enable
        vlan 1
        description Management
        vlan 10
        description Master
        vlan 20
        description Peer_1
        vlan 30
        description Peer_2
        domain system
        access-limit disable
        state active
        idle-cut disable
        self-service-url disable
        user-group system
        group-attribute allow-guest
        local-user admin
        password cipher *****************************************************
        authorization-attribute level 3
        service-type ssh terminal
        service-type web
        stp mode rstp
        stp enable
        interface NULL0
        interface Vlan-interface1
        ip address dhcp-alloc
        interface Vlan-interface10
        ip address
        interface Vlan-interface20
        ip address
        interface Vlan-interface30
        ip address
        interface Ethernet1/0/1
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/2
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/3
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/4
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/5
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/6
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/7
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface Ethernet1/0/8
        port link-type hybrid
        port hybrid vlan 1 10 tagged
        port hybrid vlan 20 30 untagged
        port auto-power-down
        stp edged-port enable
        undo ntdp enable
        interface GigabitEthernet1/0/9
        port link-type hybrid
        port hybrid vlan 1 20 tagged
        port hybrid vlan 10 30 untagged
        combo enable copper
        port auto-power-down
        stp edged-port enable
        interface GigabitEthernet1/0/10
        port link-type hybrid
        port hybrid vlan 1 30 tagged
        port hybrid vlan 10 20 untagged
        combo enable copper
        port auto-power-down
        stp edged-port enable
        ip route-static preference 10
        undo info-center logfile enable
        ssh server enable
        load xml-configuration
        user-interface aux 0
        authentication-mode scheme
        user-interface vty 0 15
        authentication-mode scheme

  44. Excellent Tutorial.

    What additional steps would I need to do in order that the devices on VLAN 1 use a different router for internet access to the devices on VLAN 2?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s