HPE Community
Switches, Hubs, and Modems
1752710 Members
5944 Online
108789 Solutions
New Discussion юеВ

5406zl not routing multiple subnets to default dateway

 
SOLVED
Go to solution
Jim Canfield
New Member

тАО11-03-2009 06:22 PM

тАО11-03-2009 06:22 PM

5406zl not routing multiple subnets to default dateway

Hello,

This is my first experience with a zl switch. I have mutliple vlans with routing enabled. However, only the vlan in the gateway subnet can access the default gateway located on vlan 3 port a2:

Gateway Route

ip route 0.0.0.0/24 10.100.153.10

vlan 3 10.100.153.1
vlan 6 10.100.156.1

Config...


ip routing
...

vlan 3
name "BUILDING-AB"
untagged A5
ip address 10.100.153.1 255.255.255.0
tagged A2
exit

...

vlan 6
name "BUILDING-G"
untagged A3
ip helper-address 10.100.153.10
ip address 10.100.156.1 255.255.255.0
tagged A2,Trk6
exit
...

ip dns server-address 10.100.153.10
ip route 0.0.0.0 0.0.0.0 10.100.153.10




0 Kudos
5 REPLIES 5
Mohammed Faiz
Honored Contributor

тАО11-04-2009 02:46 AM

тАО11-04-2009 02:46 AM

Re: 5406zl not routing multiple subnets to default dateway

Hi,

What is the device that is the default gateway?
The first guess would be that the default gateway does not have a route back for the 10.100.156.0/24 subnet.
Are the hosts on vlan 6 are successfully getting DHCP addresses? If so can you can ping the 10.100.153.1 address from a vlan 6 host?
0 Kudos
Jim Canfield
New Member

тАО11-04-2009 05:30 AM

тАО11-04-2009 05:30 AM

Re: 5406zl not routing multiple subnets to default dateway

>What is the device that is the default gateway?

The device is a linux firewall/Content filter. Using an 802.1q interface (A2) with ip in each VLAN.

>The first guess would be that the default >gateway does not have a route back for the >10.100.156.0/24 subnet.

It actually has an interface built on the 156 subnet (vlan6). Keep in mind, if I use 10.100.15x.10 (The Linux Box) as the default gateway for clients on any subnet everything works fine. Internet routing is lost when the HP swtich is the gateway and the client is not in the same subnet a the 0.0.0.0/24 route (ie 10.100.153.0). My goal is to use the HP switch as a router to prevent all the local traffic from congesting the linux box and allow it to manage Internet traffic only.

>Are the hosts on vlan 6 are successfully >getting DHCP addresses? If so can you can >ping the 10.100.153.1 address from a vlan 6 >host?

Disregard the dhcp-helper address. I now have an interface for each subnet built on the Linux box. But to answer yes they are getting addresses and yes they can ping each other.

Thanks,

-Jim
0 Kudos
Franck Guenichot
Occasional Advisor

тАО11-04-2009 06:14 AM

тАО11-04-2009 06:14 AM

Solution

Re: 5406zl not routing multiple subnets to default dateway

Hello,
sounds like an asymetrical routing problem to me.
Try to use only one interface on your firewall (only vlan 3 interface) and add a static route to reach 10.100.156.0/24 through 10.100.153.1


Mohammed Faiz
Honored Contributor

тАО11-04-2009 06:16 AM

тАО11-04-2009 06:16 AM

Re: 5406zl not routing multiple subnets to default dateway

Ok so routing on the HP appears to be working then.
Do you disable the vlan 6 802.1q interface on the firewall when you set the clients to use 10.100.156.1 as their gateway?
One potential issue may be your firewall not liking the fact that it's routing responses out a different interface from which they were received.
For example, a VLAN 6 host pings an internet address, the request will be routed by the HP and come into the vlan 3 interface on the firewall. The firewall would attempt to route the reply through it's vlan 6 interface.
Jim Canfield
New Member

тАО11-04-2009 05:47 PM

тАО11-04-2009 05:47 PM

Re: 5406zl not routing multiple subnets to default dateway

>sounds like an asymetrical routing problem >to me.
>Try to use only one interface on your >firewall (only vlan 3 interface) and add a >static route to reach 10.100.156.0/24 >through 10.100.153.1

Yup, that fixed it. Removed the other VLAN interfaces and created routes on the firewall and it works like a top!

Thanks guys.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.