Switches, Hubs, and Modems
L2 switching of Multiple subnets

Occasional Visitor

I have a 2650 switch and I am using it as a DMZ switch where I have multiple subnets connecitng to it.


2 Firewalls using 2 different public IP addys'

A few Private address ranges as well.


I take my Service provider Ethernet connection and plug that into the HP switch then I connect my 2 firewalls.


Issue is this:


The primary Firewall is using .170 IP and is in production. I have another Firewall at .171


I cant connect to the .171 IP for A VPN Connection, Ping etc.

I CAN ping that IP form the .170 Device.


same setup for my MPLS WAN:

I am not using both connections at the same so this one isnt a big deal. What happens is that If I fail over to the other connection for my WAN, wont work until I bounce the Connection.


Dont understand this behaivior. Any ideas? Is this just an HP thing or my design?



Frequent Advisor

Re: L2 switching of Multiple subnets

I'm a bit unclear on what you are doing which you say "doesn't work", but if you have a suspected Layer-2 problem with the switch, next time instead of "bouncing", issue a "clear ARP" comnman on the switch.


Having said that, it's more likely to be a layer 3 issue I think.

It might be better to look at the specific connection that isn't working - what route is it taking, etc...?


If you have a host communicating with google.com and you fail ISP1, how does the host know to use the 2nd firewall?


What is the host using as default GW? On that router, what is the routing table looking like?


You might be able to add a secondary default route (higher metric) to each router pointing at the other one. Either way, this won't work if the ISP link is still active, but the ISP is dead. To deal with that scenario, you will have to monitor an upstream service.