- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Inter-VLAN routing on A5830
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2014 08:06 PM
06-09-2014 08:06 PM
Inter-VLAN routing on A5830
Hi,
I've been thrown in at the deep end with some equipment to install a switch into an existing network, and with far too little expertise in this area.
===================
Simplified Scenario
===================
The real network is obviously far more complex, but if I can resolve the problem of this simplified scenario, then I should be able to apply the logic to the full implementation.
Two HP switches - an A5830 and an E2910
Two VLANS exist - VLAN-10: Standard-Clients
VLAN-90: Management-Clients & Devices
An LACP trunk is configured between them, with both VLANS tagged.
-------------------------
Current Config Diagram
-------------------------
See .jpg Attachment
---------------
Requirements
---------------
- Clients on VLAN-10 need access to other clients on VLAN-10 and hence the internet via the network gateway.
- Clients on VLAN-90 need access to clients on both VLAN-90 and VLAN-10 and hence the internet via the network gateway.
- Clients on VLAN-10 should NOT have access to clients on VLAN-90.
- The network gateway can't be modified (it's a multi-node TMG array, and more than my job is worth to even ask for that to be touched).
----------------
Current Status
----------------
- Both switches (at the CLI) can ping addresses on either vlan and hence ping external addresses through the network gateway.
- OK. - Clients on VLAN-10 can ping addresses on VLAN-10 and hence ping external addresses through the network gateway.
- OK. - Clients on VLAN-10 can NOT ping any addresses on VLAN-90.
- OK. - Clients on VLAN-90 can ping addresses on VLAN-90.
- OK. - Clients on VLAN-90 can ping both VLAN addresses on both switches.
- OK. - Clients on VLAN-90 can NOT ping Clients on VLAN-10 and thus not ping external addresses via the network gateway.
- PROBLEM.
---------------
Need to resolve
---------------
- How to allow Clients on VLAN-90 to access Clients on VLAN-10, and hence access the internet (if allowed by gateway policies).
I believe that I can resolve this at the A5830 switch, using a static route, but I'm lost at this point.
I'd appreciate any guidance on this from people who understand this better than I do (which is probably everyone).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2014 05:53 AM
06-10-2014 05:53 AM
Re: Inter-VLAN routing on A5830
Hi MB99,
I am new in HP, but, Please try the below:
on A5830
=======
IP ROUTE-STATIC 192.168.0.0 255.255.0.0 192.168.10.202
ip route 0.0.0.0 0.0.0.0 192.168.10.254 (G.W)
on E2910
========
ip route
ip route 0.0.0.0 0.0.0.0 192.168.10.201 (MNGMT VLAN10 of A5830 )
VLAN10 | Clients:
IP: 192.168.10.x
MASK : 255.255.255.0
G.W:192.168.10.201 (vlan 10)
VLAN90| Clients:
IP: 192.168.90.x
MASK : 255.255.255.0
G.W:192.168.10.202 (vlan 90)
Hope it will work , especially the first route :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2014 05:28 PM
06-10-2014 05:28 PM
Re: Inter-VLAN routing on A5830
Hi,
Thanks for taking the time, but unfortunately, it didn't seem to help.
Using my IP Addressing
A5830
VLAN-10: (Clients) 192.168.10.201
VLAN-90: (Mgmt) 192.168.90.201
E2910
VLAN-10: (Clients) 192.168.10.202
VLAN-90: (Mgmt) 192.168.90.202
Then I read this:
"IP ROUTE-STATIC 192.168.0.0 255.255.0.0 192.168.10.202"
as meaning:
Route all 192.168.x.x subnets to the Clients VLAN on E2910
and that didn't seem to help.
----
The guys responsible for the main network are reasonably co-operative, but are baulking a bit at me messing with their main switch, just so I can get my new infrastructure equipment to work. I thought that this should be quite simple to do on the A5830, but I'm starting to fear that I'm going to need to introduce my own "router-on-a-stick" just so that I can get the equipment on the management VLAN to have full access to the network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2014 05:39 PM
06-10-2014 05:39 PM
Re: Inter-VLAN routing on A5830
1) Make sure that routing is disabled on the 2910 (saves problems later)
2) Change the VLAN 10 clients gateway IP to 192.168.10.201 (the switch rather than the upstream TMG address) this will allow routing between VLAN10 & VLAN90 as the L3 switch has a directly connected interface in both subnets - no static route needed.
3) put a packet-filter ACL on the VLAN90 VLAN interface of the 5830 to deny traffic into VLAN90 originating from 192.168.10.0 /24
HTH
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2014 01:34 AM
06-11-2014 01:34 AM
Re: Inter-VLAN routing on A5830
A5830:
Trunking between A5830 and E2910:
int x (connected to E2910)
port link-type Trunk
port permit vlan all (or whatever vlans you need)
quit
save
int vlan-inter|k (Connected to your G.W)
ip address 192.168.10.3 255.255.255.0 .............. (same subnet as your G.W interface ip address)
int y (CONNECTED TO G.W)
port link-type access
port access vlan k
quit
save
Routing:
ip route-static 0.0.0.0 0.0.0.0 192.168.10.3 {IP-OF-INTERFACE VLAN-INTERFACE|K (route to G.W)}
Please Note:
DONOT FORGET THE ROUTE BACK ON YOUR G.W, to your network (192.168.0.0 255.255.0.0)
======================
E2810:
int|w--- connected to your A5910
SHOULD BE TAGGED INSIDE YOUR PERMITTED VLANS
vlan 10
tag intW
vlan90
tag intW
ROUTING
ip route (FOR INTER-VLAN)
ip route 0.0.0.0 0.0.0.0 192.168.90.201 (ip add of A5830 - FOR INTERNET)
WR MEM
-----------
-----------
G.W
IP ROUTE 192.168.0.0 255.255.0.0 192.168.10.3 (IP ADD OF THE INTERFAVE VLAN K)
Int H (CONNECTED TO A5830)
ip add 192.168.10.4 255.255.255.0
(this configuration debending on type of your G.W, i.e if it is a switch then do that configuration - A OR E
SERIES | IF it is a firewall then configure static route to your network 192.168.0.0 on firewall as well as the
ip address of the interface connected your A5830)
-------------------
CLIENTS
VLAN10 | Clients:
IP: 192.168.10.x
MASK : 255.255.255.0
G.W:192.168.10.201 (vlan 10)
VLAN90| Clients:
IP: 192.168.90.x
MASK : 255.255.255.0
G.W:192.168.10.202 (vlan 90)
----------
hope it will work, and do not forget to upgrade your switches (just in case)