HPE Community
Comware Based
1753867 Members
7584 Online
108809 Solutions
New Discussion юеВ

Re: 7750 VLAN Problem

 
sparrie2k
New Member

тАО09-24-2009 08:41 AM

тАО09-24-2009 08:41 AM

7750 VLAN Problem

I have a 7750 with 2 x 48-port gigabit cards, and the 96Gbps Fabric with 4 fibre ports connecting to another 7750 on a separate VLAN.



VLAN 1 is all the RJ-45 ports, IP interface is 10.0.0.5/24



VLAN 2 is the 4 fibre ports, IP interface is 10.77.0.3/16



Routing between the VLANS is working fine, but I'm having some issues accessing the switch from VLAN 1.



My PC is IP 10.0.0.90, and I can see it fine, ping works as does accessing telnet etc.

My boss is 10.0.0.92, and he cannot see the switch for management, pinging shows failure about 50% of the time. He can, however, reliably ping 10.77.0.3, and communicate with servers connected to the switch.



Not too much of a problem, but it's affecting static routes also. There are a few defined for VPN connections through an alternative router and they work fine for me, but refuse to route for my boss.

If he changes his IP to 10.0.0.90 he can ping and route reliably. (We're both connected via an uplink to a dumb switch on the same port).



Anyone got any ideas? To my knowledge no packet filtering is being implemented but I'm not a 3Com expert (unless you hadn't already guessed!)



display version

3Com Corporation

Switch 7750 Software Version 3.03.00r

Copyright (c) 2004-2007 3Com Corporation and its licensors. All rights reserved

Switch 7750 uptime is 3 weeks, 3 days, 6 hours, 23 minutes



FAB96 0: uptime is 3 weeks,3 days,6 hours,23 minutes

Switch 7750 with 1 MPC8245 Processor

256M bytes SDRAM

32768K bytes Flash Memory

512K bytes NVRAM Memory

PCB Version : VER.C

BootROM Version : 531

CPLD Version : 003

Second CPLD Ver : 005



MOD 1: uptime is 3 weeks,3 days,6 hours,5 minutes

Switch 7750 MOD with 1 MPC8241 Processor

128M bytes SDRAM

0K bytes Flash Memory

0K bytes NVRAM Memory

PCB Version : VER.C

BootROM Version : 531

CPLD Version : 002



MOD 2: uptime is 3 weeks,3 days,6 hours,8 minutes

Switch 7750 MOD with 1 MPC8241 Processor

128M bytes SDRAM

0K bytes Flash Memory

0K bytes NVRAM Memory

PCB Version : VER.C

BootROM Version : 531

CPLD Version : 002

0 Kudos
6 REPLIES 6
sparrie2k
New Member

тАО10-06-2009 03:08 AM

тАО10-06-2009 03:08 AM

Re: 7750 VLAN Problem

OK - maybe I confused the issue a little but after some work at the weekend I found the following...



Everyone can ping the management interface of VLAN1 - don't know what was causing the problems before but these appear to have been a red herring.



I cannot access the switch management through the interface for VLAN2 - I believe this is the correct behaviour since I am on VLAN1



People who cannot route via the static route CAN access the switch through VLAN2 as well as VLAN1 - according to the documentation I've read, they shouldn't be able to.



Over the weekend I upgraded the switch to the latest firmwar, and also deleted VLAN2 to check behaviour but the problem IP addresses were still ignoring the static route. There are no access rules defined in the switch, and 802.1x is disabled.



Anyone got any ideas?

0 Kudos
Fred_Mancen_1
Super Advisor

тАО10-21-2009 02:45 PM

тАО10-21-2009 02:45 PM

Re: 7750 VLAN Problem

Hi.



VLAN interfaces on L3 are directly connected and routed automatically by the core switch. Since you don't have routing policies with ACLs blocking undesirable traffic through VLANs, everyone can reach IPs on different network segments. I didn't understand exactly what you need to do...



Regards.

Regards,
Fred Mancen
0 Kudos
sparrie2k
New Member

тАО01-14-2010 09:40 AM

тАО01-14-2010 09:40 AM

Re: 7750 VLAN Problem

Hi, and thanks for looking.



Routing is (mostly) working correctly and the VLANS can see eachother correctly. What is puzzling me is that there appears to be some sort of access restriction going on despite there being no ACL's present.



What's happening is that only certain IP addresses on VLAN1 can actually ping the switch on that interface, others cannot see VLAN1 but CAN ping the VLAN2 interface (even though the clients' default gateways are set as the IP address of VLAN1)



Switch has:



VLAN1 - 10.0.0.5 / 255.255.255.0



VLAN2 - 10.77.0.3 / 255.255.0.0



 



PC1 is 10.0.0.90, can PING and Tracert 10.0.0.5, cannot PING but CAN tracert 10.77.0.3 (I think this is correct behaviour)



PC2 is 10.0.0.92, cannot PING but CAN tracert 10.0.0.5, can PING and tracert 10.77.0.3



The real problem is there is a static route on the switch to another router, 10.0.0.1 which PC 1 will use but PC2 won't. Default gateway is 10.0.0.2 which works fine from both PC's, as does seeing hosts on VLAN2.



If I swap the IP addresses on the PC's, the behaviour stays with the IP, not the machine. Both machines are connected to the same port but others that do or don't work are connected to different ports.



 



0 Kudos
Fred_Mancen_1
Super Advisor

тАО01-14-2010 02:07 PM

тАО01-14-2010 02:07 PM

Re: 7750 VLAN Problem

This is really, really weird...



These IPs are allocated with a DHCP Server? If the answer is "yes", are these scopes of IP addresses configured with persistent routes designated? If not, maybe the 7750 switch is configured with another route or some feature in L3 which is causing this behavior. At this moment I cannot think of anything else...



Regards



This message was edited by Fred_Mancen on 1-14-10 @ 2:08 PM
Regards,
Fred Mancen
0 Kudos
sparrie2k
New Member

тАО01-15-2010 02:20 AM

тАО01-15-2010 02:20 AM

Re: 7750 VLAN Problem

Phew - if nothing else I'm glad it's not just me who finds it wierd!



The 2 mentioned are actually static IPs but I have random ones assigned both statically and via a Win 2k3 DHCP server that exhibit the same symptoms.



I've even deleted the config and done it from scratch again and the same symptoms happened with the same IP addresses.



Yhanks for taking the time to come back and have a look - now I'm a little happier it's not somethign glaringly obvious that I've done I'll put it down to a hardware problem with the fabric and see if our service provider has a spare we can try.



0 Kudos
Fred_Mancen_1
Super Advisor

тАО01-15-2010 07:08 AM

тАО01-15-2010 07:08 AM

Re: 7750 VLAN Problem

Yes, you're right...I think this is the only way you have from now on. Unfortunately I cannot see nothing else that you could do, I already faced a problem similar to this one, but the problem were the persistent routes delivered by the DHCP Server to the hosts. If you finally figure out what is happening, let us know.



Regards



Regards,
Fred Mancen
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.