- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: Firewall connection to A5800 series switches d...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2013 06:02 AM
07-03-2013 06:02 AM
I am having a problem getting a connection to my firewall to work with 2 a5800 series switches doing intra vlan routing. Here is my current config:
<switch1>system-view
System View: return to User View with Ctrl+Z.
[switch1]display cu
[switch1]display current-configuration
#
version 5.20, Release 1211P08
#
sysname switch1
#
irf domain 10
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 32
#
domain default enable system
#
vlan 1
#
vlan 2
description vlan 2
#
vlan 100
description vlan 100
#
vlan 110
description vlan 110
#
vlan 120
description vlan 120
#
vlan 130
description vlan 130
#
vlan 140
description vlan_140
#
vlan 150 to 200
#
radius scheme system
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user blockjs
password simple XXXXXXXXXXX
authorization-attribute level 3
service-type ssh
#
interface Bridge-Aggregation10
description Storage 1 aggregation
port access vlan 190
link-aggregation mode dynamic
#
interface Bridge-Aggregation20
description Storage 2 aggregation
port access vlan 190
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
ip address dhcp-alloc client-identifier mac Vlan-interface1
#
interface Vlan-interface100
ip address 10.10.100.1 255.255.255.0
#
interface Vlan-interface110
ip address 10.10.110.1 255.255.255.0
#
interface Vlan-interface120
ip address 10.10.120.1 255.255.255.0
#
interface Vlan-interface130
ip address 10.10.130.1 255.255.255.0
#
interface Vlan-interface140
description Vlan 140
ip address 10.10.140.1 255.255.255.0
#
interface Vlan-interface150
description VLAN_150
ip address 10.10.150.1 255.255.255.0
#
interface Vlan-interface160
description VLAN_160
ip address 10.10.160.1 255.255.255.0
#
interface Vlan-interface170
description VLAN_170
ip address 10.10.170.1 255.255.255.0
#
interface Vlan-interface180
description VLAN_180
ip address 10.10.180.1 255.255.255.0
#
interface Vlan-interface190
description VLAN_190
ip address 10.10.190.1 255.255.255.0
#
interface Vlan-interface200
description VLAN_200
ip address 10.100.10.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/5
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/6
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/7
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/8
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/9
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/10
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/11
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/12
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/13
port link-mode bridge
description Storage-1 nic 3
port access vlan 200
#
interface GigabitEthernet1/0/14
port link-mode bridge
description Storage-1 nic 4
port access vlan 200
#
interface GigabitEthernet1/0/15
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet1/0/16
port link-mode bridge
description Storage-2 OA
port access vlan 200
#
interface GigabitEthernet1/0/17
port link-mode bridge
description C7000 OA
port access vlan 200
#
interface GigabitEthernet1/0/18
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet1/0/19
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet1/0/20
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet1/0/21
port link-mode bridge
description NAS-2 Port 1
port access vlan 190
#
interface GigabitEthernet1/0/22
port link-mode bridge
description NAS-2 Port 2
port access vlan 190
stp edged-port enable
#
interface GigabitEthernet1/0/23
port link-mode bridge
description Storage-1 net 1
port access vlan 190
port link-aggregation group 10
#
interface GigabitEthernet1/0/24
port link-mode bridge
description Storage-1 net 2
port access vlan 190
port link-aggregation group 10
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet2/0/3
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/4
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/5
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/6
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/7
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/8
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/9
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/10
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/11
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/12
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/13
port link-mode bridge
port access vlan 200
#
interface GigabitEthernet2/0/14
port link-mode bridge
description Storage-2 nic 4
port access vlan 200
#
interface GigabitEthernet2/0/15
port link-mode bridge
description Storage-2 nic 3
port access vlan 200
#
interface GigabitEthernet2/0/16
port link-mode bridge
description NAS-2 OA
port access vlan 200
#
interface GigabitEthernet2/0/17
port link-mode bridge
description Storage-2 OA
port access vlan 200
#
interface GigabitEthernet2/0/18
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet2/0/19
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet2/0/20
port link-mode bridge
port access vlan 190
#
interface GigabitEthernet2/0/21
port link-mode bridge
description NAS-1 Port 1
port access vlan 190
#
interface GigabitEthernet2/0/22
port link-mode bridge
description NAS-1 Port 2
port access vlan 190
#
interface GigabitEthernet2/0/23
port link-mode bridge
description Storage-2 net 1
port access vlan 190
port link-aggregation group 20
#
interface GigabitEthernet2/0/24
port link-mode bridge
description Storage-2 net 2
port access vlan 190
port link-aggregation group 20
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
shutdown
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
shutdown
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
description Trunk to vconnect 1
port link-type trunk
port trunk permit vlan all
stp edged-port enable
#
interface Ten-GigabitEthernet2/0/25
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/27
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/28
port link-mode bridge
description Trunk to Vconnect 2
port link-type trunk
port trunk permit vlan all
stp edged-port enable
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet2/0/26
#
rip 1
version 2
#
ssh server enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface aux 0 1
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
user-interface vty 5 15
#
irf-port 1/1
port group interface Ten-GigabitEthernet1/0/25 mode enhanced
#
irf-port 2/2
port group interface Ten-GigabitEthernet2/0/26 mode enhanced
#
return
[switch1]
I am new to hp switches and any inputs are definately appreciated
Solved! Go to Solution.
- Tags:
- firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2013 04:25 PM
07-03-2013 04:25 PM
Re: Firewall connection to A5800 series switches doing intra vlan routing
Hi blockjs,
I'm afraid "having a problem getting a connection to my firewall" is too vague a description for anyone to help you. What exactly is not working? Which connections are working? What steps have you tried to troubleshoot?
If you can be more specific about defining the problem we can be a lot more helpful.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2013 05:12 PM
07-03-2013 05:12 PM
Re: Firewall connection to A5800 series switches doing intra vlan routing
I don't see a default route on your switch.
Is your firewall receiving RIP updates? Check its routing table.
Did you mean "inter"-VLAN routing?
Otherwise, what Paul said - what's the problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 08:33 AM
07-04-2013 08:33 AM
Re: Firewall connection to A5800 series switches doing intra vlan routing
My problem is understanding how to set up the port that the firewall is connected to. the port is gigabitethernet 2/0/1. Here are the settins that i initially had on that port:
interface GigabitEthernet2/0/1
port link-mode route
ip address 10.10.10.2 255.255.255.252
I also added the following static route
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet2/0/1 10.10.10.1
I I set the firewall inside interface ip as 10.10.10.1 255.255.255.252
I can ping 10.10.10.2, but not thru to 10.10.10.1 Also, I can ping 10.10.10.2 from the firewall side.
I feel that I am missing something but I have not been using HP switches very long and this is the most complicated config that I have tried to implement
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 09:11 AM
07-04-2013 09:11 AM
SolutionOK, given what you have in your switch config now, you need to add an IP address to VLAN 2:
interface Vlan-interface2
ip address 10.10.10.2 255.255.255.252
And you need to keep your static route. But i would suggest removing the interface name from it, because the switch will know where to find 10.10.10.1 based on its connected routes.
I haven't used RIP on Comware in quite a while (or maybe at all), but i'm guessing you are planning to use it to communicate routes to the firewall? In that case you'll need to tell it to talk on VLAN 2 by using
rip 1
version 2
network 10.10.10.0
You probably can't ping the firewall from client VLANs because RIP is not working and the firewall has no route to your client VLANs (but that's only a guess; a copy of your routing tables on the switch and the firewall would help to confirm this).
Once you have RIP working, you can probably dispense with the default route as well, assuming your firewall is distributing a default route correctly.
Hope that helps - good luck!
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 09:12 AM
07-04-2013 09:12 AM
Re: Firewall connection to A5800 series switches doing intra vlan routing
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 07:10 AM
07-05-2013 07:10 AM
Re: Firewall connection to A5800 series switches doing intra vlan routing
That pushed me over the top. The configuration changes that Paul suggested plus some changed to the firewall config did it. Thanks to all for their suggestions. They all helped me alot about understanding HP switches
Jeffrey Block
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 02:37 PM
07-05-2013 02:37 PM
Re: Firewall connection to A5800 series switches doing intra vlan routing
Paul