HPE Community
Aruba & ProVision-based
1753720 Members
4927 Online
108799 Solutions
New Discussion юеВ

Routing and switching

 
JamesL
Contributor

тАО06-08-2015 08:35 AM

тАО06-08-2015 08:35 AM

Routing and switching

I had this problem that i have no idea what goes wrong.

Procurve 3800 switch (192.168.1.254) with 2 VLAN (10 and 20)
My firewall in vlan 10 (192.168.1.1) - manage by me
MPLS router in vlan 10 (192.168.1.5) - manage by ISP, connect to my remote office (192.168.100.0/24)
in VLan 10, all servers have thier gateway set to 192.168.1.1
I added a static route in my firewall as to route 192.168.100.0/24 to 192.168.1.5(mpls router)

My desktop in vlan 20 (192.168.5.0/24)
All desktop configure with dhcp client with gateway 192.168.5.254 (that is my switch)

NOW, desktop can ping all devices in VLAN 10 and 20, except my mpls router in vlan 10. as a matter of fact, desktop can access to my remote office network.
No problem with servers in vlan 10.

Did i missed something? Many Thanks!

0 Kudos
3 REPLIES 3
henca
Advisor

тАО06-09-2015 02:14 AM

тАО06-09-2015 02:14 AM

Re: Routing and switching

My guess is that all your machines in VLAN 10 except your MPLS router are configured to know which gateway (maybe the default gateway 192.168.1.1) to use to reach 192.168.5.0/24.

 

Are you able to somehow login to the MPLS router and run some tool like traceroute? If traceroute is unable to find its way to 192.168.5.0/24 you will not be able to ping those addresses and those addresses will not be able to ping you.

 

regards Henrik

0 Kudos
JamesL
Contributor

тАО06-09-2015 07:43 AM

тАО06-09-2015 07:43 AM

Re: Routing and switching

thanks, that what i suspected too. apperantly, ISP is not helpful to look at this together, just blaming is my switch configuration.

Any guys out there have similar experience?

0 Kudos
Vince-Whirlwind
Honored Contributor

тАО06-09-2015 10:42 PM

тАО06-09-2015 10:42 PM

Re: Routing and switching

You have a design issue.

 

You have 3 layer3 devices on VLAN10. You don't want this. You have routing happening all over the place.You need static routes on the FW as well as the WAN router.

 

For example, your PC packets go to the switch which routes them to the servers. The server packets go to the router then go to the switch to go to the PCs. Asymmetric routing.

 

You need to decide where your routing "core" is going to be: either the switch or the router.

If you make it the switch (best idea), then you need to make the server default gateway be on the switch.

You then need to use a new subnet/VLAN to do the point-to-point routing to the FW.

You need another new subnet/VLAN to do the point-to-point routing to the WAN.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.