HPE Community
LAN Routing
1751969 Members
4519 Online
108783 Solutions
New Discussion юеВ

Re: HP 2920 Aruba Inter Vlan Problem

 
execcr
Occasional Contributor

тАО08-19-2016 10:15 AM

тАО08-19-2016 10:15 AM

HP 2920 Aruba Inter Vlan Problem

Hello,

i'm a little noob in networking.

I'm trying to implement VLAN in my network but i'm in trouble.

I have 3 switch, one 2920 layer 3, one 2530 layer 2 and an old 3com baseline switch. For the network wan connectivity i use Kerio Control 

I have created 3 VLAN: VLAN10 VLAN20 VLAN90. Vlan 1, the default, is not used.

This is the configuration of the 2920 is this:

Running configuration:

; J9728A Configuration Editor; Created on release #WB.16.01.0004
; Ver #0b:34.59.14.29.eb.8f.fc.f3.ff.37.2d:d5

hostname "mgz-b-cs-1"
module 1 type j9728a
trunk 43-48 trk1 lacp
trunk 39-42 trk2 lacp
trunk 35-38 trk3 lacp
trunk 33-34 trk4 lacp
logging severity error
timesync sntp
sntp unicast
sntp server priority 1 10.0.10.100 4
ntp unicast
ntp server 10.0.10.100
time timezone 120
ip default-gateway 10.0.10.1
ip route 0.0.0.0 0.0.0.0 10.0.10.1 metric 250 name "verso_RGCFW"
ip routing
interface 33
   name "Trunk4-To-LAB-PT-CS-0"
   exit
interface 34
   name "Trunk4-To-LAB-PT-CS-0"
   exit
interface 35
   name "Trunk3-TO-VLL-P1-CS-0"
   exit
interface 36
   name "Trunk3-TO-VLL-P1-CS-0"
   exit
interface 37
   name "Trunk3-TO-VLL-P1-CS-0"
   exit
interface 38
   name "Trunk3-TO-VLL-P1-CS-0"
   exit
interface 39
   name "Trunk2-TO-MGZ-B-CS-0"
   exit
interface 40
   name "Trunk2-TO-MGZ-B-CS-0"
   exit
interface 41
   name "Trunk2-TO-MGZ-B-CS-0"
   exit
interface 42
   name "Trunk2-TO-MGZ-B-CS-0"
   exit
interface 43
   name "Trunk1-To-SRV-SO-CS-0"
   exit
interface 44
   name "Trunk1-To-SRV-SO-CS-0"
   exit
interface 45
   name "Trunk1-To-SRV-SO-CS-0"
   exit
interface 46
   name "Trunk1-To-SRV-SO-CS-0"
   exit
interface 47
   name "Trunk1-To-SRV-SO-CS-0"
   exit
interface 48
   name "Trunk1-To-SRV-SO-CS-0"
   exit
snmp-server community "public" unrestricted
snmp-server contact "Boldori Federico" location "Armadio B Magazzino Officina"
oobm
   ip address dhcp-bootp
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-32,Trk4
   tagged Trk1-Trk3
   no ip address
   ip helper-address 10.0.10.100
   exit
vlan 10
   name "VLAN10 Server"
   untagged 1-32,Trk4
   tagged Trk1-Trk3
   ip address 10.0.10.15 255.255.255.0
   ip helper-address 10.0.10.100
   exit
vlan 20
   name "VLAN20 Workstation"
   tagged Trk1-Trk3
   ip address 10.0.20.15 255.255.255.0
   ip helper-address 10.0.10.100
   exit
vlan 90
   name "VLAN90 Management"
   tagged Trk1-Trk3
   ip address 10.0.90.15 255.255.255.0
   exit
primary-vlan 90
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4

I made a trunk between the 2920, the 2530  and the 3com.

Now the problem: if i try to move one pc to vlan20, let say i use the port 14 of the 3com switch, it take only the dhcp from the server but i can't ping nothing in vlan 10, i can ping only the gw address (10.0.10.15) from a client from vlan20, no anything else (and neither the dhcp server who has release correctly the address.). This happen also if i made a port of the 2920 a member of vlan20. 

The dhcp (a W2012 R2 machine) in configured to deploy as Gw the address 10.0.20.15 that is the address of the VLAN 20 itnerface on the 2920. In fact the dhcp deploy this conf to the client:

IP 10.0.20.3

NETMASK 255.255.255.0

GW 10.0.20.15

DNS 10.0.10.100

On kerio control  i've added a route to let know the kerio control (10.0.10.1) that 10.0.20.0 have 10.0.10.15 as gateway (the address of the VLAN10 interface, visibile to kerio, to let the 2920 do the routing.

But i can't ping any machine outside vlan 20 execpt the kerio machine 10.0.10.1 and the vlan10 interface on the 2920 (10.0.10.15) and obviusly the VLAN20 address (10.0.20.15). 

Any hint???

0 Kudos
3 REPLIES 3
Ian Vaughan
Honored Contributor

тАО08-20-2016 03:31 AM

тАО08-20-2016 03:31 AM

Re: HP 2920 Aruba Inter Vlan Problem

Howdy,

I can't see much wrong with what you have done. I don't think that you need ip default gateway as well as a static default route and I don't think that you need a dhcp on the oobm port if you are not using it. Other than that sin problema. :-)

Just to be sure:

1) Are the hosts / nodes / servers / things that you are trying to ping actually pingable or are their own firewalls preventing them from replying to the iCMP traffic? Sounds odd but many hours have been lost by network engineers looking for problems that were hosts not responding rather than broken networks. Getting an address via DHCP seems to suggest an end to end working network so lack of pings might be a red herring. Can a host ping all the way through to the outside world internet say one of Googles nameservers at 8.8.8.8 or 8.8.4.4 ?? Is there something else in the server network that you know for sure *should* respond to pings other than the kerio box?

2) If you had a simple (not a trunk) access port of each vlan 10, 20, 90 on say the 29, 30 and 31 ports would they then be able to ping each other. This limits the scope of the issue to one switch and takes the other switches out of the problem. Start as simple as you can and add just one complexity at a time and when it breaks thats probably where your problem is.

I often use a headless (no monitor) Raspberr Pi as a handy network tool that you can drop a copy of linux on and use for ping testing / ssh / network discovery etc.

Hope that helps (pls give Kudos if it does) :-)

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
execcr
Occasional Contributor

тАО08-20-2016 06:27 AM

тАО08-20-2016 06:27 AM

Re: HP 2920 Aruba Inter Vlan Problem

Hello,

thanks a lot for the respond!

Yes all the host are pingable: i enabled a GPO policy to activate ICMP on all windows firewall momentally. but i cant ping Win pc or linux boxes..

I cant ping from any machine to outside world... i have to take a look at kerio control (who is the router/firewall of the network)

I made a progress thinking about the problem:

i thought: "Before kerio control was the router, it was the GW of all the computer in lan. Now the router is the hp layer 3 switch, so maybe i should change the GW address of all the pc/server that are on VLAN10 from the old 10.0.10.1 of kerio control to the new 10.0.10.15 of the layer 3"

And Bam, as soos a moved the GW of the assett on the VLAN10, client from VLAN20 could ping all the pc/server that i've changed the gateway. I'm modifying all the gw of the static ip machines now.

What I couldn't understand is why that. On kerio control i have a route that say to redirect all network 10.0.20.0/24 to the gateway 10.0.10.15, to let the VLAN20 be rechable...

Ian Vaughan
Honored Contributor

тАО08-20-2016 08:45 AM

тАО08-20-2016 08:45 AM

Re: HP 2920 Aruba Inter Vlan Problem

Cool,

Glad I could get you thinking along the right lines even if I couldn't nail the problem directly.

You might want to think longer term about migrating the Kerio in an additional "transit" VLAN of its own.

Then you have a nice logical division between servers / workstations / management and WAN access. At the moment you are essentially hair pinning traffic back through the server LAN to hit the Kerio LAN port to gain external connectivity. Nothing wrong with that as such but it will make your troubleshooting easier going forward (traceroute output, traffic statistics & logging etc) if outbound fraffic goes off into its own dedicated IP space. Plus now that youv'e abstracted the Internet behind the default / static route on the switch you only need to make two changes (on the switch and the kerio LAN port ) when you move it.

Hope that makes sense.

thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.