- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Access to Internet from VLANs on 3500
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 02:18 AM
тАО07-03-2007 02:18 AM
We have a 3500yl acting as a routing switch with 3 Vlans (let's say 192.168.100.0-Data1; 192.168.101.0-Voice1; 192.168.102.0-Data2). Gateway to Internet is through a seperate router(#1) on Vlan-Data1 with ip 192.168.100.2. A default static route of 0.0.0.0/0 192.168.100.2 is programmed for sending to this router. This router acts as a firewall and then it connects to another main gateway router(#2) that serves another LAN and out to the world.
The 3500 seems to work fine as it routes between Vlans. The problem is access to Internet. On Data1 there is no problem going out. It seems to use the static 0.0.0.0/0 route. On Voice1 and Data2, you can only ping as far as Router #1 (192.168.100.2). I think the return path is the problem. Do I need static routes in the 3500 or Router #1 or #2? I've tried variations of this but can't seem to have PCs on Data2 go out past router #1.
The 3500 has ip routing enabled of course along with RIP. Any suggestions for this newbie?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 02:39 AM
тАО07-03-2007 02:39 AM
Re: Access to Internet from VLANs on 3500
Have you add static route on your router?
Your router static route may look like:
192.168.102.0/24 192.168.100.1
192.168.101.0/24 192.168.100.1
assuming 192.168.100.1 is your Data1 VLAN ip address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 03:09 AM
тАО07-03-2007 03:09 AM
Re: Access to Internet from VLANs on 3500
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 04:28 PM
тАО07-03-2007 04:28 PM
Re: Access to Internet from VLANs on 3500
Try to solve this problem with the first hop, Router1.
If you are able to ping router1 from Vlan2,3 then you have no problem in routing between the 3500 switch and router1.
Also you should be able to ping your DNS or ping www.hp.com
If you didn't get a reply from the DNS then check move to next Hop, Router2.
From router2 you should be able to ping Vlan1, 2 and 3.
If you have routing on the 3500 enabled, on Router1 static route entries for Vlan2,3 and RIP (as you mentioned) enabled between Router1 and 2 then be sure you read the routing table of both routers and you should be able to an entry(ies) for Vlan2 and 3
Other wise telnet to router2, and simply ping Vlan2 or 3 and you should be able to if you have the correct routing table on both router1,2
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 11:55 PM
тАО07-03-2007 11:55 PM
Re: Access to Internet from VLANs on 3500
Possible solution: define another VLAN interface on the 3500 yl especially for a subnet with the Gateway to Internet: assign say 10.1.1.1/24 to the newly switch interface and put 10.1.1.2/24 to the Gateway to Internet. Define "ip route 0.0.0.0 0.0.0.0 10.1.1.2 255.255.255.255" on 3500yl, instead of the old one. Define an "ip route 192.168.100.0 0.0.3.255 10.1.1.1 255.255.255.255" on the Gateway to Internet (return route for the Internet responses).
End result of change: Clients are happy with their DGW (3500yl, for all internal subnets), and traffic not destined to the internal subnets will be routed to and from 10.1.1.2.
Should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2007 11:59 PM
тАО07-03-2007 11:59 PM
Re: Access to Internet from VLANs on 3500
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 02:26 AM
тАО07-04-2007 02:26 AM
Re: Access to Internet from VLANs on 3500
Mr. Kharnoub: On router #2 would you have suggestion for static routes to take me back to Vlans?
OLARU Dan: It seems like this might be the more elegant solution and then use ACL to restrict access to internet. As mentioned in your first paragraph, 192.168.100.0 has no problem getting to Internet or other Vlans. I'm not sure i understand your last posting but if you have suggested example I'd appreciate it. Thanks again for all help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 08:41 AM
тАО07-04-2007 08:41 AM
Re: Access to Internet from VLANs on 3500
Now I can ping Router #2 and through to Router #1, but cannot go past to Internet. Router #1 is NAT and has static routes 10.1.1.0 255.255.255.0 192.168.10.2 (i/f for Router #1) and 192.168.100.0 255.255.240.0 192.168.10.2. Is there some other static route(s) I am missing?
Interestingly, PC on Router #2 LAN can ping right through to Vlans. I will restrict that after, but at least it seems to me the routing in the 3500 and Router #2 is ok. I just can't go the other way out through the main router #1 to Internet. Or, may not have the right static routes in place for responses from internet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 04:44 PM
тАО07-04-2007 04:44 PM
SolutionIt seems to me that the situation begins to getting complicated for no reason.
I just wanted to ask, what are the brands for Router1 and 2.
If they are good ones, then they can do NAT from multiple subnets.
Suggestion: you can test doing routing between the 3 Vlans on Router1 not on the 3500.
Regarding restriction of traffic between Router2 and some Vlans, it has to be done on Router2 because its the final HOP to internet.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2007 02:41 AM
тАО07-05-2007 02:41 AM