Switches, Hubs, and Modems
1748143 Members
3708 Online
108758 Solutions
New Discussion юеВ

Re: One 5304xl and Routing between vlans and default gateway

 
SOLVED
Go to solution
Justin Glauber
New Member

One 5304xl and Routing between vlans and default gateway

I have a 5304xl-32g switch. I attached the running-config from the switch to this post.

Vlan 1 IP/mask: 192.168.2.253
Vlan 222 IP/mask: 192.168.222.1

For the time being I only have 1 port set for vlan 222 and I have a computer connected to that port. it config is
Name: tester
IP/Mask: 192.168.222.10/24
Default Gateway: 192.168.222.1

On Vlan 1 We have a Cisco Pix Firewall with an Ip address of 192.168.2.1 and I have computer with the following settings:
Name: titan
IP/MASK: 192.168.2.61/24
Gateway: 192.168.2.1

I cannot get the two subnets to talk to each other. The vlan 222 machine (192.168.222.10) can not ping the switch's vlan 1 ip address (192.168.2.1)

I've tried setting the default gateway on titan (192.168.2.61) to the switch (192.168.2.253) but I still cannot talk between the vlans.

Thanks for you help!
6 REPLIES 6
Sergej Gurenko
Trusted Contributor
Solution

Re: One 5304xl and Routing between vlans and default gateway

Check if IP routing enabled on the switch ('ip routing' command)
Check if the PING are allowed by the personal firewall on the host and by 'icmp' command on the PIX.
On the PIX you can only ping the closest interface.
Check if you add a route to the vlan 222 on the PIX.
Justin Glauber
New Member

Re: One 5304xl and Routing between vlans and default gateway

I had the route on the pix set to:
route 192.168.222.0 255.255.255.0 192.168.2.1 1
, I changed the 192.168.2.1 to 192.168.2.253 and now I can ping Vlan1 from Vlan2 and access the internet from Vlan2.

Do the computers in Vlan1 have to have the Hp switch's ip (192.168.2.253) as the gateway, for them to speak with the computers on Vlan2?
Currently they have the Pix (192.168.2.1) as the default gateway.
Matt Hobbs
Honored Contributor

Re: One 5304xl and Routing between vlans and default gateway

It's probably better if you have the VLAN 1 clients pointing to the 5300's IP address instead of the PIX's, otherwise all routed traffic will have to go via the PIX instead which may not give you optimal performance.
Sergej Gurenko
Trusted Contributor

Re: One 5304xl and Routing between vlans and default gateway

You need to place a PIX to a special point-to-point subnet. Only two active IP addresses can be inside - the PIX and the HP 5300.
Sample:
So in case you want to have 2 vlans configure the folowing on the HP 5300:
VLAN 10 - Users 192.168.10.254/24
VLAN 20 - Servers 192.168.20.254/24
VLAN 99 - Connection to the PIX 192.168.99.254/24
On the 5300 the default route to the PIX. On the PIX default to the internet and two routes to inside.
Justin Glauber
New Member

Re: One 5304xl and Routing between vlans and default gateway

Thanks for all of your Help! I like the idea of having server/users/internet on different Vlans. I'm currently setting up 4 computers for Public internet access and want to seperate them from our servers and corp data. Do I need to setup seperate DHCP and DNS servers on each of the Vlans if I don't have VLan aware network cards in the servers?
Matt Hobbs
Honored Contributor

Re: One 5304xl and Routing between vlans and default gateway

Hi Justin,

With the switch you can use the 'ip helper-address' command which will allow you to use just the one DHCP server (you will need to setup additional scopes on the DHCP server).

e.g. If your DHCP server is on VLAN 1, with IP 192.168.2.50:

5300(config)#vlan 10
5300(vlan-10)#ip helper-address 192.168.2.50
5300(vlan-10)#vlan 222
5300(vlan-222)#ip helper-address 192.168.2.50

For DNS there is nothing special you need to do. Specify the DNS server within the DHCP scope as usual, DNS traffic will be routed back to the DNS server like any other traffic.

Matt