Community
LAN Routing
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

29s0F -firewall default route issue.

 
raj567
Advisor

‎01-24-2021 01:24 AM

‎01-24-2021 01:24 AM

29s0F -firewall default route issue.

Hi

I am using 2930f switch as core switch.i connected port 2 to my firewall .I wrote default route to firewall.firewall port  ip connected to switch is 192.168.1.1.still not workig.pls find 2930f configuration.

; JL253A Configuration Editor; Created on release #WC.16.10.0011
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname "Aruba-2930F-24G-4SFPP"
module 1 type jl253a
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip routing
snmp-server community "public"
vlan 1
name "DEFAULT_VLAN"
no untagged 2-18,23
untagged 1,19-22,24-28
no ip address
ipv6 address dhcp full
exit
vlan 10
name "VLAN10"
tagged 1-2,21-22,24
ip address 10.10.10.1 255.255.255.128
exit
vlan 20
name "VLAN20"
untagged 3-4,6-18
tagged 1-2,21-22,24
ip address 10.10.20.1 255.255.255.192
exit
vlan 30
name "VLAN30"
untagged 23
tagged 1-2,21-22,24
ip address 10.10.30.1 255.255.255.128
voice
dhcp-server
exit
vlan 50
name "VLAN50"
tagged 2,23
ip address 10.10.50.1 255.255.255.0
dhcp-server
exit
vlan 60
name "VLAN60"
untagged 5
tagged 1-2,21-24
ip address 172.16.10.1 255.255.255.0
dhcp-server
exit
vlan 70
name "VLAN70"
ip address 10.10.70.1 255.255.255.0
exit
vlan 80
name "VLAN80"
tagged 1-2,21-24
ip address 192.168.1.2 255.255.255.0
dhcp-server
exit
management-vlan 10
spanning-tree
dhcp-server pool "VLAN-50"
default-router "10.10.50.1"
network 10.10.50.0 255.255.255.0
range 10.10.50.2 10.10.50.254
exit
dhcp-server pool "VLAN-60"
default-router "172.16.10.1"
network 172.16.10.0 255.255.255.0
range 172.16.10.2 172.16.10.254
exit
dhcp-server pool "VLAN-30-VOIP"
default-router "10.10.30.1"
network 10.10.30.0 255.255.255.128
range 10.10.30.2 10.10.30.126
exit
dhcp-server pool "Vlan-80-DATA"
default-router "192.168.1.2"
network 192.168.1.0 255.255.255.0
range 192.168.1.51 192.168.1.254
exit
dhcp-server enable

 

 

0 Kudos
Reply
3 REPLIES 3
akg7
HPE Pro

‎01-24-2021 02:32 AM

‎01-24-2021 02:32 AM

Re: 29s0F -firewall default route issue.

Hi,

Is FW directly connected to 2930 switch?

What is the firewall IP?

Is VLAN 80 on both side?

I believe routing is not required if FW is directly connected.

Thanks!

I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
support_s
System Recommended

‎01-24-2021 07:25 AM

‎01-24-2021 07:25 AM

Query: 29s0F -firewall default route issue.

Hewlett Packard Enterprise (HPE) recommends:

1. ArubaOS-CX 10.04 Command-Line Interface Guide (8320, 8325 Switch Series)

 

2. ArubaOS-CX 10.04 Command-Line Interface Guide (6300, 6400 Switch Series)

0 Kudos
Reply
Ivan_B
HPE Pro

‎01-25-2021 02:19 AM - edited ‎01-25-2021 02:22 AM

‎01-25-2021 02:19 AM - edited ‎01-25-2021 02:22 AM

Re: 29s0F -firewall default route issue.

Hi Raj!

 

What traffic are you trying to filter with the firewall? The one that goes between local VLANs, like between VLAN 50 and 60 or the traffic from local VLANs to Internet?

First won't be possible on this switch  as such config requires PBR and as far as I know it's not supported on 2930f.
Second should be possible if you want to push all traffic from local VLANs to go out of VLAN 80 and land on your firewall 192.168.1.1 , however don't forget that you need a static route on your firewall to all the subnets of your VLANs behind the 2930f with next-hop 192.168.1.2

 

Also, I don't see any point to include port 2 to all VLANs, just untagged in VLAN 80 should be enough, since all your local hots behind 2930f use 2930f as default gateway.

 

 

I am an HPE employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.