HPE Community
Switches, Hubs, and Modems
1754020 Members
6910 Online
108811 Solutions
New Discussion юеВ

Re: Communication between VLANS

 
SOLVED
Go to solution
NPSwitching88
Occasional Contributor

тАО02-09-2020 03:53 PM - edited тАО02-09-2020 04:07 PM

тАО02-09-2020 03:53 PM - edited тАО02-09-2020 04:07 PM

Communication between VLANS

Hi,

Setup a new site with Aruba as core switch with 7 switches connected in.

PC's+WiFi are on VLAN1 and Phones on VLAN20. Setup trunks between Aruba and access switches, untagged ports generally 1-24 for Phones (POE) and 25-48 for PC's/WiFi AP's. 

Post deployment having some issues with phone app which is possibly related to communication between VLAN1 and 30, how do I go about making VLAN20 accessible from VLAN1?

Router --> Aruba 2930F

Aruba --> 3x HPE Office connects 1950 JG963A

Aruba --> 4x HP 1920S JL381A

 

VLAN1: 192.168.10.0/24 --> PC's/WiFI

VLAN20: 192.168.20.0/24 --> Phones

VLAN30: 192.168.30.0/24 --> N/A

 

 

0 Kudos
5 REPLIES 5
michelle79
Advisor

тАО02-09-2020 07:52 PM

тАО02-09-2020 07:52 PM

Re: Communication between VLANS

Assuming the core switch is the router for those VLANs has it got an IP assigned for each VLAN? And are the VLANs stretched across the trunks to other switches?

0 Kudos
NPSwitching88
Occasional Contributor

тАО02-10-2020 01:35 AM

тАО02-10-2020 01:35 AM

Re: Communication between VLANS

Sorry miscommunication with my arrows, the Aruba is not the router, the Router is Fortigate which the Aruba plugs into, the other HP switches all plug into the Aruba.

I don't think the VLAN's have an IP (not at work so cannot confirm right now) only a subnet. Is this perhaps the problem? Each switch has VLAN1 and 20 Ip address though.

Trunks stretch across all devices, Fortigate to all switches, no problems picking up a VLAN1 or 20 Address on any switch depending on which port.

0 Kudos
parnassus
Honored Contributor

тАО02-10-2020 08:04 AM

тАО02-10-2020 08:04 AM

Solution

Re: Communication between VLANS

If your Fortigate is the IPv4 Router for your entire local area network then it means you "core" switch Aruba 2930F has only the topological role of being the center of a star to which the Fortigate and all your access layer switches are connected to.

If the above is correct then the uplink between the Aruba 2930F and your Fortigate Firewall would carry all the VLANs (Layer 2) to the LAN port of your Fortigate and thus the Fortigate should then route your VLANs applying routing and access policies accordingly, the Aruba 2930F has no power in routing VLAN X with VLAN Y because the Fortigate Firewall owns the routing role.

So please once verified that the VLANs tagging on the uplink port X to your Fortigate Firewall (show vlan port X detail) is correct move your investigations aginst your Fortigate Routing&Access Policies.


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
NPSwitching88
Occasional Contributor

тАО02-12-2020 06:35 PM

тАО02-12-2020 06:35 PM

Re: Communication between VLANS

Thanks parnassus, as you pointed out the routing was through Fortigate and once I implemented policies between the VLAN's communication between VLAN was a go. Still facing issues with certain phone services transferring between the VLANs but that's a Fortigate/phone vendor problem.

0 Kudos
raj567
Advisor

тАО01-24-2021 12:42 AM

тАО01-24-2021 12:42 AM

Re: Communication between VLANS

Hi I Have the issue.I have 2930f switch as core switch and 1950 switches 3 nos as access switch.servers connected to L3 switch .my uplink to Fortinet firewall is port 2 of 2930f switch.I enable IP Routing and wrote static routing.firewall IP is 192.168.1.1.but unable to reach firewall.pls find configuartion below:

JL253A Configuration Editor; Created on release #WC.16.10.0011
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname "Aruba-2930F-24G-4SFPP"
module 1 type jl253a
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip routing
snmp-server community "public"
vlan 1
name "DEFAULT_VLAN"
no untagged 2-18,23
untagged 1,19-22,24-28
no ip address
ipv6 address dhcp full
exit
vlan 10
name "VLAN10"
tagged 1-2,21-22,24
ip address 10.10.10.1 255.255.255.128
exit
vlan 20
name "VLAN20"
untagged 3-4,6-18
tagged 1-2,21-22,24
ip address 10.10.20.1 255.255.255.192
exit
vlan 30
name "VLAN30"
untagged 23
tagged 1-2,21-22,24
ip address 10.10.30.1 255.255.255.128
voice
dhcp-server
exit
vlan 50
name "VLAN50"
tagged 2,23
ip address 10.10.50.1 255.255.255.0
dhcp-server
exit
vlan 60
name "VLAN60"
untagged 5
tagged 1-2,21-24
ip address 172.16.10.1 255.255.255.0
dhcp-server
exit
vlan 70
name "VLAN70"
ip address 10.10.70.1 255.255.255.0
exit
vlan 80
name "VLAN80"
tagged 1-2,21-24
ip address 192.168.1.2 255.255.255.0
dhcp-server
exit
management-vlan 10
spanning-tree
dhcp-server pool "VLAN-50"
default-router "10.10.50.1"
network 10.10.50.0 255.255.255.0
range 10.10.50.2 10.10.50.254
exit
dhcp-server pool "VLAN-60"
default-router "172.16.10.1"
network 172.16.10.0 255.255.255.0
range 172.16.10.2 172.16.10.254
exit
dhcp-server pool "VLAN-30-VOIP"
default-router "10.10.30.1"
network 10.10.30.0 255.255.255.128
range 10.10.30.2 10.10.30.126
exit
dhcp-server pool "Vlan-80-DATA"
default-router "192.168.1.2"
network 192.168.1.0 255.255.255.0
range 192.168.1.51 192.168.1.254
exit
dhcp-server enable

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.