Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

engarde
Occasional Contributor

Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

I'm quite baffled by this problem and would
appreciate some advice. I have a Cisco PIX
515E Version 6.1(4), HP Procurve 5308XL and
2650 edge switches. Given a 10.0.0.0/8
network which I am subnetting as /13, for
example,

10.0.0.0 255.248.0.0
10.8.0.0 255.248.0.0
10.16.0.0 255.248.0.0
10.40.0.0 255.248.0.0

I create 4 VLANs for each. Four ports on the
5308XL are configured -- the last for Internet
access:

A1 goes to an apropriately-configured
Procurve 2650 via fibre and has a host with
IP address 10.40.0.2 on VLAN 40.

F13 goes directly to a server with IP
address 10.16.0.2 on VLAN 16

H3 goes directly to this PC with IP address
10.0.0.2 on VLAN 1

H4 goes to PIX with inside IP address
10.0.0.254

With this setup I can ping between the hosts
on the three distinct subnets off A1, F13 and
H3. I can also access the Internet from the
PC on H3. But neither of the hosts on A1 and
F13 can access the Internet.

In short, the 5308XL is taking care of the routing between VLANs, but the "ip route
0.0.0.0 0.0.0.0 10.0.0.254" isn't helping the
VLANs besides VLAN 1 access the Internet.

What am I doing wrong? I'm aware of PIX
support tagging but my version (6.1) needs
upgrading. Is there something I can do with
static routes and rip ? There is a Cisco
3662 (IOS 12.1) that connects the PIX to the
Internet, if that is any help for a temporary
workaround.

Thanks very much,
engarde
____

; J4819A Configuration Editor; Created on release #E.06.03

hostname "core"
snmp-server contact "CS"
snmp-server location "Basement"
max-vlans 30
time daylight-time-rule None
cdp run
module 7 type J4821A
module 8 type J4821A
module 6 type J4820A
module 3 type J4878A
module 2 type J4878A
module 1 type J4878A
ip default-gateway 10.0.0.254
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A3-A4,B1-B4,C1-C4,F1-F12,F14-F24,G1-G4,H1-H4
ip address 10.0.0.1 255.248.0.0
no untagged A1-A2,F13
exit
vlan 8
name "VLAN8"
ip address 10.8.0.1 255.248.0.0
tagged H4
exit
vlan 16
name "VLAN16"
untagged F13
ip address 10.16.0.1 255.248.0.0
tagged H4
exit
vlan 40
name "VLAN40"
ip address 10.40.0.1 255.248.0.0
tagged A1-A2,H4
exit
ip route 0.0.0.0 0.0.0.0 10.0.0.254
no aaa port-access authenticator active
5 REPLIES
engarde
Occasional Contributor

Re: Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

The PIX, by the way, has IP address
10.0.0.254, hence the
"ip route 0.0.0.0 0.0.0.0 10.0.0.254"
Elmer Zaglauer
Occasional Visitor

Re: Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

Can you reach the PIX 10.0.0.254 from 10.16.0.0, 10.40.0.0, 10.8.0.0?
If not, I think you have to give the PIX a static
route to that networks.

Elmer
engarde
Occasional Contributor

Re: Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

Oh dear. I discovered that I neglected
such a route after checking Cisco FAQ
Document ID: 15247. Thanks for replying
though!
Ron Kinner
Honored Contributor

Re: Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

I suspect your problem is all of the tagging on the H4. There is no point in tagging the connection to the PIX unless you want it to do the routing. Let it talk to the switch without tagging. The switch should then do the routing for you. The PIX (I suppose it is at 10.0.0.254) just needs to know that the 10.0.0.0 255.0.0.0 can be reached by talking to 10.0.0.1.

Ron

Sietze Reitsma
Respected Contributor

Re: Procurve 5308XL - Internet access from multi-VLANs thru Cisco PIX

Hello,

I see in the config that you are using 6.03 firmware. I suggest that you upgrade to the latest firmware (7.34), because there are a few fixes on default routes. I didn't dig in your problem, but a upgrade can be useful.

Free upgrades you can find on:
http://www.hp.com/rnd/software/switches.htm

Suc6