HPE Community
Aruba & ProVision-based
1752782 Members
6397 Online
108789 Solutions
New Discussion

Re: VLAN / Routing Question

 
DaHawks
Occasional Contributor

‎01-19-2016 02:21 PM

‎01-19-2016 02:21 PM

VLAN / Routing Question

Hi all -

Feeling a little silly here as this has me scratching my head. I have just sent over a pair of new 2920 switches to a new facility we are standing up. We have verified with our ISP that the MPLS at this new site is up and running. In fact, I can access each of the 2920's in the new facility from our corporate HQ no problem... so the basics are certainly in place.

So, I can ping the switch's default VLAN IP address (192.168.54.5) no problem (VLAN ID 1). I can ping the IP address of what will be a WiFi VLAN as well (192.168.56.1, which is VLAN ID 2). I can ping each of these from my corporate HQ network, over the MPLS, so I think my setup and routing is OK. BUT, if I plug in a device into VLAN ID 2 on the remote switch, I get nothing. The endpoint device will not get DHCP, and even if I statically configure IP on the endpoint device, I cannot access it. not even from the default VLAN on the same switch...? This is my config. I can't show the config of the default (MPLS) router as it is managed by the ISP... Not sure what I am missing?? THANKS!!

Running configuration:

; J9727A Configuration Editor; Created on release #WB.15.12.0015
; Ver #05:18.41.ff.35.0d:9b

hostname "net-florida-05"
module 1 type j9727a
dhcp-snooping vlan 2
time timezone -5
ip default-gateway 192.168.54.1
ip route 0.0.0.0 0.0.0.0 192.168.54.1
ip route 172.16.0.0 255.255.0.0 190.1.200.5
ip route 172.16.0.0 255.255.255.0 190.1.200.5
ip routing
interface 23
   speed-duplex 1000-full
   exit
snmp-server community "nacoi" operator unrestricted
snmp-server contact "David Levine" location "Flaggler"
oobm
   no ip address
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 19-20
   untagged 1-18,21-24,A1-A2,B1-B2
   ip address 192.168.54.5 255.255.255.0
   ip helper-address 190.1.1.17
   ip helper-address 190.1.1.19
   exit
vlan 2
   name "WiFiVLAN"
   untagged 19-20
   tagged 23-24
   ip address 192.168.56.1 255.255.255.0
   ip helper-address 190.1.1.17
   ip helper-address 190.1.1.19
   exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator

0 Kudos
3 REPLIES 3
Vince-Whirlwind
Honored Contributor

‎01-19-2016 04:20 PM

‎01-19-2016 04:20 PM

Re: VLAN / Routing Question

uess you need to break that down into two seperate issues to troubleshoot.

First issue:
When you configure a host with an address in the 192.168.54.0/24 subnet, then patch it to the 2920 on a switchport between 1-18 or 21-24
- can it ping its default GW?
- can it ping 192.168.56.1?
- can it ping 192.168.54.1?

Second issue:
After attempting to use DHCP on the remote site on a switchport between 1-18 or 21-24, does your scope on your DHCP server show that any lease has been reserved for an offer?

More generally, you have a serious design issue: you have hosts on the same subnet as a Layer-3 link. You should never do this.
Your hosts will use 54.5 as their default GW (presumably) which will then route the packets to 54.1. Return traffic will arrive at 54.1 which will see the destination address as a local subnet and attempt to switch it directly to the host.
This gives you asymmetric routing.
Also, you are assuming the device with 54.1 has a mac-address-table big enough for all your VLAN1 hosts PLUS the switch. Very bad design.
Your link to 54.1 should be on a dedicated VLAN/subnet with no other devices.

0 Kudos
DaHawks
Occasional Contributor

‎01-20-2016 08:59 AM

‎01-20-2016 08:59 AM

Re: VLAN / Routing Question

Thanks for the reply Vince.

So, I understand what you are saying about design. I guess I didn't think about the MAC address table on the gateway router. This is for a pretty small network - I don't expect us to grow beyond 15 hosts in total.

I can plug hosts into the switch (VLAN 1) and access everything required. The laptop, desktop, etc. will obtain a DHCP address from the remote DHCP server. It will be given an IP address such as 192.168.54.30-60/24 with a default gateway of 192.168.54.1. Everything works fine. Pings to  192.168.54.1, 192.168.56.1 are OK. Internet Is good as is access to our corporate HQ on the other side of the MPLS.

Where I have the issue when I put a host on VLAN 2 on the switch (192.168.56.0/24). I would expect the host plugged into this VLAN to get a DHCP address such as 192.168.56.30-60/24 with a default gateway of 192.168.56.1. This is not happening though. I did test this on our bench before the switch was shipped.

Talking to the ISP / MPLS provider now. Maybe we had a miscommunication there...?

Thanks!!

 

0 Kudos
DaHawks
Occasional Contributor

‎01-20-2016 09:18 AM

‎01-20-2016 09:18 AM

Re: VLAN / Routing Question

Update - for some reason the ISP put a sub-interface / IP address on thier router that was 192.168.56.1. They also had a route that said the next hop for the 192.168.56.0/24 network was 192.168.54.5 (our 2920 switch). 

This was a problem.

As soon as they removed 192.168.56.1 from thier router, everything started working.

Yeesh :)

Thanks!

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.