Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

2910al-24g - Packets seem to be routing incorrectly randomly

Coldfirex00
Occasional Advisor

2910al-24g - Packets seem to be routing incorrectly randomly

Howdy,
We have a 2910al-25G as our core switch with routing enabled. It hosts a number of different untagged VLANs. Those VLANs are then connected to different switches which are completely separate of each other. Each endpoint on the VLANs use the IP address of the VLAN as their gateway. All VLANs are then routed to our Internet router for outbound access. The problem is that randomly we will see traffic destined for different internal servers (IIS, SQL ,etc) respond with a SSL Certificate error. When we look at the certificate it is the certificate of our internet router. We see this behavior both internally as well as when we are accessing the internal resources externally. If we refresh our app/site, etc then it starts working again to the correct server.

Since we since this while working on the LAN (Office VLAN), then it makes me think that something is misconfigured with our switch. We are running the latest firmware for it. Attached is our config.

Any advise would be appreciated.
Thanks!
3 REPLIES
Pieter 't Hart
Honored Contributor

Re: 2910al-24g - Packets seem to be routing incorrectly randomly

as you are talking "internet/external" and "10.x.x.x" you are probably using some NAT to map public adresses to internet adresses?

Both need it's DNS-entry.
so you need two certificates
- one for the public adress / public FQDN
- one for the private adress /internal FQDN

Or some firewalls like a Cisco ASA can modify the internal DNS-response to replace the internal adress with the external (NAT)adresss, before the response is sent to the internet.
but you still need separate certificates
Coldfirex00
Occasional Advisor

Re: 2910al-24g - Packets seem to be routing incorrectly randomly

Thanks for the reply.
Here is basic diagram of our setup:

3 WAN
|
----------
|Untangle (NATing traffic)|
----------
|
-------------------------
L3 Switch with VLANs |
-------------------------
| | | |
| | | |
VLAN1 VLAN2 VLAN3 VLAN4

Untangle Internal interface: 10.254.254.254
Switch Vlan 1 (Public Vlan which is connected to internal interface of Untangle (10.254.254.253).
Switch Vlan 2 static IP: 192.168.251.254
Switch Vlan 3 static IP: 192.168.252.254
Switch Vlan 4 static IP: 192.168.253.254
Switch Vlan 5 static IP: 192.168.254.254

Aliases have been created for each VLAN space under the internal interface of Untangle (192.168.251.0/24 for example).
There are Active Routes for each VLAN address space in Untangle pointed at the Internet interface.

The devices in each VLAN have their gateway set for the particular VLAN's static IP (192.168.X.254).
The default route for all switch traffic is to Untangle (10.254.254.254).

We are only NATing once, at the Untangle router. Hopefully this helps.
Coldfirex00
Occasional Advisor

Re: 2910al-24g - Packets seem to be routing incorrectly randomly

Does everything seem OK?