HPE Community
Aruba & ProVision-based
1752511 Members
4526 Online
108788 Solutions
New Discussion юеВ

Re: Internet for VLAN

 
SOLVED
Go to solution
trannghia
Visitor

тАО12-10-2015 12:43 AM - edited тАО12-10-2015 12:46 AM

тАО12-10-2015 12:43 AM - edited тАО12-10-2015 12:46 AM

Internet for VLAN

Hi All,

Now, I'm using the sw HP 2610-48 and have created 3 vlan on it.
     - Default VLAN IP: 192.168.30.10 MS: 255.255.255.0
     - VLAN 10 IP: 192.168.10.10 SM: 255.255.255.0
     - VLAN 20 IP: 192.168.20.10 SM: 255.255.255.0
     - DHCP Server IP: 192.168.30.7, created 3 scopes for 3 vlans and all the computers on each the vlan can be get the IP from the DHCP server.
     - Firewall IP: 192.168.30.2 SM: 255.255.255.0
The problems:
I have inter-vlan routing turned on, each vlan is able to ping each other. But, only the devices connected to the default-vlan is able to ping the firewall and get onto the internet, VLAN 10, 20 cannot ping to the gateway and go to the internet.
I thinks the problems from my routing table. But, i don't know how to fix it.
Please help.
Switch configuration:

; J9088A Configuration Editor; Created on release #R.11.112

hostname "VLAN" 
ip default-gateway 192.168.30.2 
ip routing 
snmp-server community "public" Unrestricted 
vlan 1 
   name "DEFAULT_VLAN" 
   untagged 25-52 
   ip address 192.168.30.10 255.255.255.0 
   no untagged 1-24 
   exit 
vlan 10 
   name "VLAN_10" 
   untagged 1-12 
   ip address 192.168.10.10 255.255.255.0 
   ip helper-address 192.168.30.7 
   exit 
vlan 20 
   name "VLAN_20" 
   untagged 13-24 
   ip address 192.168.20.10 255.255.255.0 
   ip helper-address 192.168.30.7 
   exit 
ip route 0.0.0.0 0.0.0.0 192.168.30.2

 

0 Kudos
2 REPLIES 2
EricAtHP
Esteemed Contributor

тАО12-10-2015 08:21 AM

тАО12-10-2015 08:21 AM

Solution

Re: Internet for VLAN

Your firewall needs a route back to vlans 10 and 20. Otherwise, it is going to send all traffic for those VLANs out to the Internet based on its default route.

A static route on the firewall would look something like:
192.168.10.0/24 - 192.168.30.10
192.168.20.0/24 - 192.168.30.10

trannghia
Visitor

тАО12-10-2015 06:54 PM

тАО12-10-2015 06:54 PM

Re: Internet for VLAN

@EricAtHP wrote:

Your firewall needs a route back to vlans 10 and 20. Otherwise, it is going to send all traffic for those VLANs out to the Internet based on its default route.

A static route on the firewall would look something like:
192.168.10.0/24 - 192.168.30.10
192.168.20.0/24 - 192.168.30.10

Thanks you somuch.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.