- Integrated Systems
- About Us
- Integrated Systems
- About Us
11-18-2015 01:38 AM
Looking for some advice, we have had a new office installed and it is joined to our head office by a direct Fibre connection (BT ADVA at each site)
Mikrotik (CCR1009-8G-1S-1S+) -------->ADVA--------->ADVA-------> HP 5406zl
The remote site is to be run on a different subnet to the head office, so i have added a 172.16 vlan (VLAN10) in the middle, however I am unable to get the link to work the procurve can ping the mikrotik but the mikrotik cannot ping the procurve traffic stops at the vlan 10 on the procurve.
Is there something i am missing on the procurve vlan config to allow this to work? I have attached both sets of config in case that helps.
The port to the ADVA is setup as a trunk, which is tagged on vlan1 and untagged on vlan10.
Any help would be appreciated.
Solved! Go to Solution.
11-18-2015 12:16 PM
Re: Procurve inter vlan routing doesnt appear to work
You say the Microtik can't ping the Procurve, but then you say the traffic reaches the Procurve on VLAN10? So the Microtik can ping 172.16.250.254?
Let's assume you are trying to ping the 5400 VLAN1 interface - 10.10.36.249
I am supposing that the following line in the Microtik config is a Route statement?
add check-gateway=ping distance=1 dst-address=10.10.32.0/19 gateway=\
So first step is checking if all the stuff in that line is correct.
You say the Procurve can ping the Microtik, which makes sense, because from what you are saying the Microtik can ping the Procurve. A ping proves both paths - there and back.
Maybe you should be using devices other than the switch/router for this testing: each device has multiple IP addresses on different interfaces so it might be getting confusing when you can't be sure what the *source* IP address of each ping test is.
Still, it looks like the only other IP interface on the Microtik is 10.10.173.252, and the 5400 has a route for 10.10.173/24 pointing at the right place anyway.
All in all, I reckon your config is probably perfectly sound, and there is just one of the usual simple dumb reasons making it look like it's not working.
For example, if you are doing your test against an IP address on the 5400-side of the network, on VLAN1 - what I often see is that even though you think the 5400 is routing your traffic, in fact the hosts using the subnet on the 5400's VLAN1 are using as a default gateway a different Layer3 device that is also sitting on that VLAN, and that 2nd Layer-3 device has no route for your new remote subnet.
(And I see you have 6 Layer-3 devices on your VLAN1, as well as having the VLAN extended out to what looks like all the hosts on your network - this is a big no-no in my book)
This is why I always try to tell people: 1 layer3 device per subnet, unless it is a point-to-point link between two Layer3 devices in which case that should be a /30 or /29 with absolutely no other devices on it.
Otherwise people end up with weird asymmetric routing issues and confusion.
11-20-2015 05:51 AMSolution
Thanks for the input, i actually managed to solve this, there was a line in the 5406 config "managemet-vlan 1" that was stopping the routing to other subnets. I can now ping in all directions and DHCP relay is also working.
Thanks for the help though.