- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: Inter-vlan routing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2019 02:26 AM
04-26-2019 02:26 AM
Inter-vlan routing
Hello everyone,
i’m an intern and i have to create one network for multiple entreprises.
Here what i have to do :
Create an VLAN for each entreprise, and have one VLAN that contains my DHCP server, my firewall, and a printer.
I have a switch HP A3600 (JG 304A).
For the DHCP service, i did a dhcp relay and it’s working : the right adress for the right VLAN (i also add the DHCP snooping security)
My two problems are about inter-vlan.
I would like that each vlan can access the printer, and to have a default route on the firewall.
But it’s seem that i can’t ping my firewall or my printer.
For the configuration :
vlan 20 : 192.168.20.230 /24
vlan 32 : 192.168.32.230 /24
my two computer that i use for test :
computer 1 : 192.168.20.1 /24 (vlan 20), gateway : vlan adress
computer 2 : 192.168.32.1 /24 (vlan 20), gateway : vlan adress
As for the routing table, i left it in default :
Destination mask protocol Priority Next hop interface
127.0.0.0 255.0.0.0 Direct 0 127.0.0.1 InLoopBack0
127.0.0.1 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0
192.168.20.0 255.255.255.0 Direct 0 192.168.20.230 Vlan-Interface20
192.168.20.230 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0
192.168.32.0 255.255.255.0 Direct 0 192.168.32.230 vlan-Interface32
192.168.32.230 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0
From computer 1, i ping vlan 20 address, and the vlan 32 address but not computer 2.
Same thing if i’m on computer 2. (for précision : both computer can ping each other on the same network)
I try to add ACL, but no result.
If anyone has ideas, i’m more than welcome to try.
Thank in advance,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2019 04:12 AM
04-26-2019 04:12 AM
Re: Inter-vlan routing
You need default gateways, if you want to do intervlan routing.
Who is the gateway for all those vlans? is the gateway configured on your computers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2019 04:47 AM
04-26-2019 04:47 AM
Re: Inter-vlan routing
on the DHCP server i have the vlan address on the switch as gateway.
so for an ip address 192.168.32.5 i have for gateway 192.168.32.230
on the switch i execute the command : ip route-static 192.168.20.254 255.255.255.0
witch is my firewall (the internet acces is above).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2019 04:50 AM
04-26-2019 04:50 AM
Re: Inter-vlan routing
Is it possible to show your switch config?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2019 05:31 AM
04-26-2019 05:31 AM
Re: Inter-vlan routing
Here my config so far :
i delete all my test of acl, so there is no mention here :
#
version 5.20.99, Release 2108P01
#
sysname A3600-SW-01
#
super password level 3 cipher
#
dhcp relay server-group 1 ip 192.168.20.200
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
#
domain default enable system
#
telnet server enable
#
password-recovery enable
#
vlan 1
description default
name default
#
vlan 20
description Infrastructure
name Infrastructure
#
vlan 31
description Bureau_1
name Bureau_1
#
vlan 32
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$wSI0s4KurNK0n2TORCsI4QWb+LN+U379AknLPqs=
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
cwmp
undo cwmp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.80.230 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface20
ip address 192.168.20.230 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface31
ip address 192.168.31.230 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface32
ipv6 address auto link-local
ip address 192.168.32.230 255.255.255.0
dhcp select relay
#
interface Ethernet1/0/1
port link-mode bridge
#
interface Ethernet1/0/2
port link-mode bridge
dhcp-snooping trust
#
#
interface Ethernet1/0/5
port link-mode bridge
port access vlan 20
#
interface Ethernet1/0/6
port link-mode bridge
port access vlan 31
#
interface Ethernet1/0/7
port link-mode bridge
port access vlan 32
#
interface Ethernet1/0/24
port link-mode bridge
#
interface GigabitEthernet1/0/25
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 31 to 32
#
interface GigabitEthernet1/0/26
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 31 to 32
#
interface GigabitEthernet1/0/27
port link-mode bridge
#
interface GigabitEthernet1/0/28
port link-mode bridge
#
nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 10.10.255.254
frequency 270000
#
dhcp-snooping
#
ip route-static 192.168.20.0 255.255.255.0 192.168.20.254
#
snmp-agent
snmp-agent local-engineid 800063A20344319205D145
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact DSI
snmp-agent sys-info location laFabrik
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 10.10.10.30 params securityname public v2c
#
dhcp enable
#
nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
#
ssh server enable
ssh user admin service-type all authentication-type password
#
load xml-configuration
#
load tr069-configuration
#
user-interface aux 0
authentication-mode password
set authentication password cipher $c$3$f4vRjPo6qwxklSwRKXu9XxrgrmRpLHDSAHSzs3g=
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
user-interface vty 5 15
#
return
thank for your contribution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 01:56 AM
05-06-2019 01:56 AM
Re: Inter-vlan routing
Your config seems ok.
Note that your static route does nothing, you should create e default route 0.0.0.0 0 192.168.20.254
Try to diasble firewall on your computers and check if you can reach the gateways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 04:37 AM
05-06-2019 04:37 AM
Re: Inter-vlan routing
if i understand correctly, on level 3 switch,, all routing operation are done as default ?
If so, why can't i reach my second computer with a ping ? Specially if i access the vlan address....
i just don't understand how i wan access the vlan interface, but not the network.
thank for your advise on default route, i'll try it tomorrow (today i work on something else)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 07:28 AM
05-06-2019 07:28 AM
Re: Inter-vlan routing
can you see arp entries for your computers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 11:29 PM
05-06-2019 11:29 PM
Re: Inter-vlan routing
hello
i have the same result with no windows firewall.
Yes i can see the arp table.
i've tried to reset to default-configuration, but nothing change.
i think i'm going to try another switch.
My main goal is to change the current configuration : all inter-vlan routing are done by the firewall (except for the printer, which is a new demand). Same for DHCP relay. It's working, but it's far from perfect.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2019 04:03 PM - edited 05-16-2019 04:04 PM
05-16-2019 04:03 PM - edited 05-16-2019 04:04 PM
Re: Inter-vlan routing
@MikaelBoyer wrote: My main goal is to change the current configuration : all inter-vlan routing are done by the firewall (except for the printer, which is a new demand). Same for DHCP relay. It's working, but it's far from perfect.
If that is your main goal then you simply need to remove IP Addresses assigned to your VLANs defined on the Switch and tag (permit) them to the uplink to your Firewall (so the uplink port from your Switch and your Firewall become a Trunk port in Comware jargon...so a port which carries multiple - tagged - VLAN Ids and just one - default - untagged VLAN). Your Firewall need to become responsible for your inter-VLANs routing by enabling it (basically you need to define all required VLAN Ids on downlink interface to your Switch) by means of its configuration (Routing+Access rules...I figure). At this point your L3 Switch acts as a pure L2 Switch and you need only to worry about untagging relevant ports to their VLAN Id (to the VLAN Id they need to belong). Clients need to use the Firewall's VLAN IP Addresses (you have defined) as their default gateway.
Another approach would require you to define a "transport VLAN" with IP Routing enabled on your Switch...then communications between your L3 Switch and your Firewall should happen by using this "transport VLAN" only (but this is not your main goal scenario).
@MikaelBoyer wrote: if i understand correctly, on level 3 switch,, all routing operation are done as default ?
Yes, as long as there is a VLAN Id with an associated IP Address the IP Routing is automatically enabled and your Switch starts acting as a Layer 3 one.
I'm not an HPE Employee