ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

5406 VLAN routing issue

robbiem5
Occasional Advisor

5406 VLAN routing issue

Hi Guys,

Hope you can assist me here. I have a situation where we're migrating users from an OLD NETWORK to a NEW NETWORK - which is ultimately going to be made up of 2x 5406 switchs at the core and 2910s as the edge switches with 10Gb links between the cores and the edge switches.
I have an issue where by I am tagging all VLAN's (barr VLAN1 - this is untagged) from the 5406 to the 2910.
I have a two machines connected to the 2910, one in a port which is an untagged member VLAN 30 (172.17.30.0) and the other is in a port that's an untagged member of VLAN 40 (172.17.40.0).
These two machines can ping their respective default gateways (i.e. the VLAN IP's on the 5406) however the machines cannot ping eachother!

I have enabled IP routing on the 5406

Am I missing anything here?

 

Thanks in advance for your assistance.

14 REPLIES
Fredrik Lönnman
Honored Contributor

Re: 5406 VLAN routing issue

Should work. Make sure both PC's got .254 as default gateway and firewall off?

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

robbiem5
Occasional Advisor

Re: 5406 VLAN routing issue

Yeh, both DG's are set to .254 and firewalls are off. I've had HP support looking and they can't get it working either, the helpdesk chap didn't really fill me with confidence that he new about routing/switching/tagged/untagged VLAN's on the hole to be honest that's why I thought I'd put the issue to this forum.

 

Do you have any pointers in regards to what I can do next?

paulgear
Esteemed Contributor

Re: 5406 VLAN routing issue

Hi Robbie,

 

If you post the config of the two switches in question, the output of 'show ip route' (and 'show ip ospf' or 'show ip rip' if you're using dynamic routing), and the output of tracert from one PC to the other, we might be able to point you in the right direction.

Regards,
Paul
robbiem5
Occasional Advisor

Re: 5406 VLAN routing issue

I've attached the sh run and sh ip route from both switches.

When I perform a trace route, I get destination net unreachable.

 

Just a little more information - when I run a constant ping from one of the host to the other, I get destination net unreachable, when I disable IP routing, the ping then times out. When I enable ip roting again I get destination net unreachable so the 5406 switch is definately giving the impression it doesn't know how to route the packets even though the destination network is directly connected.

I did put static routes on the core for all networks (i.e. ip route 172.17.30.0 255.255.255.0 vlan 30) but this didn't help so I've removed them.

 

Hope this information assists.....

paulgear
Esteemed Contributor

Re: 5406 VLAN routing issue

Hi Robbie,

 

You definitely don't need a static route to any VLAN on which you have an IP address.  The connected route (as in your 'show ip route' output) is automatically created when you create the VLAN IP.

 

You've obviously cut some portions out of the config - i hope they weren't important... :-)

 

One issue with your config is that you've got your default route going out your management VLAN.  This won't work, because the management VLAN is not allowed to be routed to or from.  That shouldn't interfere in the problem we're discussing, but i wouldn't rule it out.  You'll need to remove the 'management-vlan' entry for anything on the VLANs to get to the Internet, so i would start by removing it.

 

Your 2910 config seems strange to me.  I thought all of the fixed-port switches used only numeric port ids, not "A1", etc., but i'm not specifically familiar with the 2910.  Are you sure you have the tagging correct?  (If you can ping the default gateway for that VLAN, the answer is yes.)

 

If the issue isn't fixed by the default route, i'd like to have a look at your 'show spanning-tree' and 'show lldp info remote-device'.  Also have a look at 'show mac-address vlan XX' for both VLANs to make sure that the MACs for the workstations are propagating correctly (again, if you can ping the default gateway, this is probably not the issue).

Regards,
Paul
robbiem5
Occasional Advisor

Re: 5406 VLAN routing issue

Thanks for that Paul - removing the management vlan1 command has helped loads - I can now ping from the 10.10.0.0 /16 network to the 172.17.30.0 network.

I'm unable to test connectivity between vlan 30 and 40 until tomorrow so I'll let you know if this is working ok now too.

 

Thanks again for you help.


Robbie.

robbiem5
Occasional Advisor

Re: 5406 VLAN routing issue

Sorry, forgot to mention - the A1 port on the 2910 relates to the AL module that slots in to the back of the switch - this is required so we can use 10Gb fibre SFP's. And the VLAN config on this seems to be working ok for now.

paulgear
Esteemed Contributor

Re: 5406 VLAN routing issue

That sounds like progress - it will be interesting to see if it solves the VLAN routing as well.

Regards,
Paul
robbiem5
Occasional Advisor

Re: 5406 VLAN routing issue

Hi Paul,

 

Just to let you know that it's been confirmed that this is now all working ok so thank you so much for your assistance :)

 

Robbie.

paulgear
Esteemed Contributor

Re: 5406 VLAN routing issue

Hi Robbie,

 

Good to hear you've got it sorted out!

Regards,
Paul
DHow
Occasional Visitor

Re: 5406 VLAN routing issue

I know this was probably a dated issue but your answer on the management vLAN was absolutely correct!

 

I post because while it was s imple fix, it was easy to overlook. And I can'tbegin to number how many searches resulted in people running into this same problem, yet never finding (or posting) a result...so thanks!

paulgear
Esteemed Contributor

Re: 5406 VLAN routing issue

Good to hear it's definitely solved, and thanks for coming back to document the answer.  This site seems to get indexed reasonably reliably by Google, so let's hope that future people finding this problem won't have to look as long or as hard... :-)

Regards,
Paul
TimCampbell
Occasional Visitor

Re: 5406 VLAN routing issue

Hi, Im having a similar issuew where i am getting destination net unreachable when trying to route across 2 vlans. Can someone confirm when the management-vlan command does? And is it safe to remove it?

Thanks

Tim 

Michael Patmon
Trusted Contributor

Re: 5406 VLAN routing issue

Hello.  Management-vlan is a security feature where only the IP address on that VLAN can be used to manage the switch (telnet/ssh/web).  Also, routing, if enabled, to or from the management-vlan is not allowed. 

Removing the management-vlan will allow the switch to be managed from any of its IP addresses.  But there are other ways to secure that (like IP authorized managers) if you want to allow routing to/from the current management-vlan.