Aruba & ProVision-based
1748002 Members
4373 Online
108757 Solutions
New Discussion юеВ

Re: Vlan routing on HP 5412zl

 
SOLVED
Go to solution
elfordty
Occasional Advisor

Vlan routing on HP 5412zl

Hi there,

 

I have been working to reconfigure my network with Vlans.  The current network has every device on the same subnet of 192.168.0.0 / 21.

 

I have been working on separating traffic out onto Vlans based on devices and everything is going great until the new Vlans try to access to the gatway.

 

Each vlan's gateway is my core 5412 switch and then I have a static route set as

ip route 0.0.0.0 0.0.0.0 192.168.0.5

 

192.168.0.5 is currently the address of the firewall, which acts as the Internet gateawy.  Now the old network can access this just fine but any of the new Vlans cannot get to this address. 

 

Any insight would be great below I have posted some of the config of the switch

 

-------------------------

 

Running configuration:

; J8698A Configuration Editor; Created on release #K.15.08.0008
; Ver #02:1b.ef:f6
hostname "ITRoom5412zl"
module 1 type j8705a
module 2 type j8705a
module 6 type j8702a
module 8 type j9154a
module 9 type j8702a
module 11 type j8702a
module 12 type j8702a
power-over-ethernet pre-std-detect
ip route 0.0.0.0 0.0.0.0 192.168.0.5
ip routing

snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no untagged A13-A19,B14,F1-F3,F5,F7,F12,H1-H2,I1,I15-I24
   untagged A1-A12,A20-A24,B1-B13,B15-B24,F4,F6,F8-F11,F13-F24,I2-I14,K1-K24,L1-L24
   ip address 192.168.0.27 255.255.248.0
   exit
vlan 3
   name "DEPLOYMENT"
   tagged B24
   ip address 172.16.3.254 255.255.255.0
   exit
vlan 16
   name "DEVICES"
   untagged H2,I1,I15-I24
   tagged B24
   ip address 172.16.16.254 255.255.255.0
   ip helper-address 172.16.17.10
   exit
vlan 17
   name "SERVERS"
   untagged F7,F12,H1
   tagged B24
   ip address 172.16.17.254 255.255.255.0
   exit

 

------------------------

show ip route

 


                                                   IP Route Entries

 Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
 ------------------ --------------- ---- --------- ---------- ---------- -----
 0.0.0.0/0          192.168.0.5     1    static               1          1
 127.0.0.0/8        reject               static               0          0
 127.0.0.1/32       lo0                  connected            1          0
 172.16.3.0/24      DEPLOYMENT      3    connected            1          0
 172.16.16.0/24     DEVICES         16   connected            1          0
 172.16.17.0/24     SERVERS         17   connected            1          0
 192.168.0.0/21     DEFAULT_VLAN    1    connected            1          0

 

 

Any help would be great

7 REPLIES 7
EckerA
Respected Contributor
Solution

Re: Vlan routing on HP 5412zl

Hi, does the Firewall (192.x.x.5) know a route to the new vlans? .. hth Alex
elfordty
Occasional Advisor

Re: Vlan routing on HP 5412zl

Hi Alex,

 

I have added routes to my firewall as seen here.  I have only added the one for VLAN 17 at the moment

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.17.254   *               255.255.255.255 UH    0      0        0 lan-1
172.16.17.0     172.16.17.254   255.255.255.0   UG    0      0        0 lan-1
10.129.96.0     *               255.255.248.0   U     0      0        0 wan-1
192.168.0.0     *               255.255.248.0   U     0      0        0 lan-1
default         10.129.96.18    0.0.0.0         UG    0      0        0 wan-1

Interface lan-1 is the inside and wan-1 is the outside.

 

Is there something else that I have to add to the switch config for this to work?  The firewall is currently on Default Vlan 1 and is the rest of the 192.168.x.x network.

 

The switch can ping 192.168.0.5 (Firewall address)

The firewall can ping 192.168.0.27 (Switch VLAN 1 address)

The firewall cannot ping 172.16.17.254 (Switch VLAN 17 address)

 

Any suggestions would be greatly appreciated.

EckerA
Respected Contributor

Re: Vlan routing on HP 5412zl

well.. the switchconfig is just fine.. no problem there.. it must be the fw... hth Alex
paulgear
Esteemed Contributor

Re: Vlan routing on HP 5412zl

I agree with Alex - what does the routing table on your firewall look like?
Regards,
Paul
elfordty
Occasional Advisor

Re: Vlan routing on HP 5412zl

HI there,

 

The problem was the Firewall.  Needed to create routes back to the switch for the other networks.

 

Just for completeness if anyone is curious, I have an IPCop firewall, I had to SSH into it and run the following command for each VLAN or network:

 

route add -net 172.16.3.0 netmask 255.255.255.0 gw 192.168.0.27

 

Where 172.16.3.0 was the network needed to connect and 192.168.0.27 is the IP of the routing HP Switch.

 

Also IPCop does not remember these beyond reboots so it has to be added to the rc.d scripts that run on startup.  IPCop has some documentation on how to do this on their site for the different version.

 

Thanks for the suggestions everyone

Tyson

paulgear
Esteemed Contributor

Re: Vlan routing on HP 5412zl

Don't forget to mark Alex's post as the solution!
Regards,
Paul
alrahhal
New Member

Re: Vlan routing on HP 5412zl

I need your help, I have the same problem. https://community.spiceworks.com/topic/2100617-intervlan-is-not-working-please-i-need-help?page=1#entry-7462410 

 

This is my post please I need your help, have you solved your problem....my problem that my active directory is in a separate vlan and it is not recognized by a host in a separate vlan. I want to do inter vlan communication through the 5412 core switch...

 

Thanks