- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: VLAN + routing problems
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2009 05:53 AM
тАО04-29-2009 05:53 AM
VLAN + routing problems
I have two 5412zl connected with a trunk.
- Internet == firewall ==backbone== 5412zl Nr.1 =LACP= 5412zl Nr.2
What can I do?
- I can reach both switches from outside, enter web interface...
- telneted on both switches themselves, I can successfully ping www.hp.com
- When I connect my notebook to one of the ports with vlan 104 enabled, I get IP,gateway, DNS address vie the DHCP server.
- From the laptop, I can ping both HP 5412zl switches
- From the laptop, I can┬┤t ping other switches, being on the same subnet, as the 5412zls
- From the laptop, T can┬┤t reach internet or other servers/switches within my network
- Btw, when I try to "ip routing" I lose connection from outside
This seems to be a routing problem, but I can┬┤t find out what┬┤s wrong
================5412zl Nr. 1=========================
trunk A21-A22,B21-B22 Trk1 LACP
ip default-gateway 192.23.137.110
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A20,A23-A24,B1-B20,B23-B24,C1-C24,D1-D24,E1-E24,F1-F24,Trk1
ip address 192.23.250.130 255.255.255.0
no untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
exit
vlan 300
name "VoIP"
qos priority 6
tagged A1-A4,Trk1
voice
no ip address
exit
vlan 104
name "User1"
untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
ip helper-address 192.23.240.33
ip address 192.23.104.170 255.255.255.0
tagged Trk1
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
dhcp-snooping
dhcp-snooping authorized-server 192.23.240.33
dhcp-snooping vlan 1
sntp server priority 1 192.23.240.33
ip dns server-address priority 1 192.23.137.1
ip dns server-address priority 2 192.23.137.2
ip route 0.0.0.0 0.0.0.0 192.23.137.110
interface A1
dhcp-snooping trust
exit
interface A2
dhcp-snooping trust
exit
interface A3
dhcp-snooping trust
exit
interface A4
dhcp-snooping trust
exit
interface Trk1
dhcp-snooping trust
exit
spanning-tree
spanning-tree Trk1 priority 4
vlan 104
ip rip 192.23.104.240
exit
no tftp6 client
no tftp6 server
loop-protect G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
loop-protect trap loop-detected
loop-protect disable-timer 60
password manager
password operator
====================5412zl Nr. 2===============================
trunk A21-A22,B21-B22 Trk1 LACP
ip default-gateway 192.23.137.110
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A20,A23-A24,B1-B20,B23-B24,C1-C24,D1-D24,E1-E24,F1-F24,Trk1
ip address 192.23.250.131 255.255.255.0
no untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
exit
vlan 300
name "VoIP"
qos priority 6
tagged Trk1
voice
no ip address
exit
vlan 104
name "User1"
untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
tagged Trk1
no ip address
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
dhcp-snooping
dhcp-snooping authorized-server 192.23.240.33
dhcp-snooping vlan 1
sntp server priority 1 192.23.240.33
ip dns server-address priority 1 192.23.137.1
ip dns server-address priority 2 192.23.137.2
ip route 0.0.0.0 0.0.0.0 192.23.137.110
interface A1
dhcp-snooping trust
exit
interface A2
dhcp-snooping trust
exit
interface A3
dhcp-snooping trust
exit
interface A4
dhcp-snooping trust
exit
interface Trk1
dhcp-snooping trust
exit
spanning-tree
spanning-tree Trk1 priority 4
no tftp6 client
no tftp6 server
loop-protect G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
loop-protect trap loop-detected
loop-protect disable-timer 60
password manager
password operator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2009 08:53 PM
тАО04-29-2009 08:53 PM
Re: VLAN + routing problems
it might be that you can't reach your default gateway: ip default-gateway 192.23.137.110
You don't have a vlan in the same subnet as the 192.23.137.110 gateway. because of this you can't reach it!
hth
alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2009 09:35 PM
тАО04-29-2009 09:35 PM
Re: VLAN + routing problems
It should be:
=> HP 5412zl Nr.1:
ip default-gateway 192.23.137.110
ip address 192.23.137.130 (for default VLAN1)
=> HP 5412zl Nr.2:
ip default-gateway 192.23.137.110
ip address 192.23.137.131 (for default VLAN1)
192.23.137.0/24 is backbone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2009 02:45 AM
тАО05-01-2009 02:45 AM
Re: VLAN + routing problems
what do you mean by that:
- From the laptop, I can├В┬┤t ping other switches, being on the same subnet, as the 5412zls
do you mean the default vlan? if yes, what is the gateway for the other switches?
Does the firewall know where the vlan 104 is?
I think you need to enable routing at one of the 5400zl and a rout at the fw back to the 5400.
hth
alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 06:25 AM
тАО05-22-2009 06:25 AM
Re: VLAN + routing problems
well I reset the switch and startet from beginning. I think I still mix something up with the follwing options:
- ip default-gateway
- ip routing
For now I├В┬┤m not in front of the HP, but the HP told me that I can├В┬┤t use IP routing and the default-gateway at the same time???
Well, on the HP 5400zl, now I have
- ip routing
- ip default-gateway
- ip route 0.0.0.0 0.0.0.0 192.23.137.110
This works, now. It didn├В┬┤t work before.
Do I need to enable those options in a specific order?
192.23.137.0/24 is my core net, btw.
Now I got a new 3500yl and put it into the core.
Default VLAN IP ist 192.23.137.57
I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway
As soon as I connected the new 3500yl to the other (Cisco) switch, I was able to ping the gateway of VLAN, so 192.23.20.80
With Cisco, the default gateway is enough to get out of the own subnet. With procurve this is strange.
When do I need ip default-gateway? When do I need ip routing? Why can├В┬┤t I use the default gateway, according to the "menu" option when ip routing is enabled? But I can enable it on console?
As this is a work in progress text, I├В┬┤m now in the situation, that I├В┬┤m logged into the 3500yl via serial cable. I├В┬┤m physically connected to the next hop router. But I can├В┬┤t ping the other switches.in the subnet of 192.23.137/24. I├В┬┤m getting crazy with HP...
But, hey it├В┬┤s weekend, next week I├В┬┤ll reset the whole configuration and hopefully it├В┬┤ll work then.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-23-2009 01:10 AM
тАО05-23-2009 01:10 AM
Re: VLAN + routing problems
if you have a layer 2 device, and a switch is one, you need a gateway to reach other subnets.
if you enable ip routing the switch itself becomes a gateway. then you need routes to find subnets the l3switch isn't aware of.
here is what i normaly do if i enable ip routing. first i apply the default route, in your case ip route 0.0.0.0 0.0.0.0 192.23.137.110,
and then i enable ip routing. but i do it like that because otherwise i couldn't reach the device anymore, because i manage the switches from another subnet the switch doesn't know of.
-----
Now I got a new 3500yl and put it into the core.
Default VLAN IP ist 192.23.137.57
I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway
-----
then you don't have an default gateway for your default vlan, cos you can only have one default gateway. but don't forget if you running layer2 the ip and the gateway is only for manageing the switch!
-----
When do I need ip default-gateway? When do I need ip routing? Why can├Г ├В┬┤t I use the default gateway, according to the "menu" option when ip routing is enabled? But I can enable it on console?
-----
you only need to enable routing on the switch if you want the switch to become a router and do for example intervlan routing.
if you enable ip routing the "ip default-gateway" command might be possible at the cli, but it doesn't have any effect.
-----
As this is a work in progress text, I├Г ├В┬┤m now in the situation, that I├Г ├В┬┤m logged into the 3500yl via serial cable. I├Г ├В┬┤m physically connected to the next hop router. But I can├Г ├В┬┤t ping the other switches.in the subnet of 192.23.137/24. I├Г ├В┬┤m getting crazy with HP...
-----
ok lets see,...as this is the device -->I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway<-- does the gateway know where to find the 192.23.137/24 subnet and do the devices in 192.23.137/24 subnet know where to find the subnet of the notebook? try to make a traceroute from your notebook and try a traceroute from a switch in the 192.23.137/24 subnet.
hth
alex
ps sorry for my bad english, in deutsch w├Г┬дre das alles viel einfacher zu erkl├Г┬дren!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-23-2009 07:16 AM
тАО05-23-2009 07:16 AM
Re: VLAN + routing problems
Danke f├Г┬╝r Deine Antwort. Gerne auch auf deutsch :-) Fassen wir also einmal zusammen:
- Ohne "ip routing" kann ich nur innerhalb des eigenen Subnetzes den Switch erreichen, ok also an damit
- Das default VLAN 1 bekommt die IP: 192.23.137.57
vlan 1
name "DEFAULT_VLAN"
untagged 25-48
ip address 192.23.137.57 255.255.255.0
no untagged 1-24
exit
- Danach kommt ein "ip route 0.0.0.0 0.0.0.0 192.23.137.110", wobei die 192.23.137.57 der "next hop switch" ist
- Das 192.23.137.0/24 Netz ist mein Core-Netz an dem dann die ganzen anderen Subnetze h├Г┬дngen
- Also VLAN f├Г┬╝r das neue Subnetz erstellen ==
(I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway:)
vlan 20
name "AlcatelServer"
untagged 1-24
ip address 192.23.20.80 255.255.255.0
exit
>then you don't have an default gateway for your default vlan, cos you can only have one
>default gateway. but don't forget if you running layer2 the ip and the gateway is only for
>manageing the switch!
Hm, diesen Abschnitt verstehe ich jetzt nicht. K├Г┬╢nntest Du das bitte noch einmal erkl├Г┬дren?
>you only need to enable routing on the switch if you want the switch to become a router and >do for example intervlan routing.
genau das ist das, was ich will.
>if you enable ip routing the "ip default-gateway" command might be possible at the cli, but it >doesn't have any effect.
Und ich habe mich schon gewundert, warum das bei den 5400zl drinsteht und es funktioniert trotzdem. Ich wusste nicht, dass das keinen Effekt hat.
Um noch einmal die Frage aufzugreifen "ip default-gateway" ben├Г┬╢tige ich nur, wenn ich den Switch in ein Netz h├Г┬дnge, wo der Switch selbst sich um nichts zu k├Г┬╝mmern braucht in Sachen VLAN?
>ok lets see,...as this is the device -->I added another VLAN: 192.23.20.0/24 with
>192.23.20.80 as gateway<-- does the gateway know where to find the 192.23.137/24 subnet
Daf├Г┬╝r habe ich doch den "ip route 0.0.0.0 0.0.0.0 192.23.137.110" Eintrag, oder?
>and do the devices in 192.23.137/24 subnet know where to find the subnet of the notebook? >try to make a traceroute from your notebook and try a traceroute from a switch in the
>192.23.137/24 subnet.
Ich sitze mit meinem B├Г┬╝ro auch ein paar Switches weiter weg. Als der 3500yl zuerst am Core dran war konnte ich den Gateway 192.23.20.80 vom neuen Subnetz 20 auch wunderbar erreichen. Logischerweise dann auch mit traceroute.
Ich hatte dann folgendes Problem. Ich habe mich mit meinem Notebook an den 3500yl an einem Port mit dem Subnetz 20 drangeh├Г┬дngt, habe mir die feste IP 192.23.20.5 gegeben und als Gateway mit die 192.23.20.80 und meinen DSN eingetragen und wollte ganz einfach einmal unseren Webserver anpingen. Das ging nicht, weil er eben den Weg nicht gefunden hat, trotz aller ip routing, ip default-gateway und ip route 0.0.0.0 0.0.0.0 192.23.137.110 Eintr├Г┬дge.
Also irgendetwas bringe ich hier noch durcheinander.
At the admins, I promise, at the end when we found the solution, I will post this in english, too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-23-2009 07:47 AM
тАО05-23-2009 07:47 AM
Re: VLAN + routing problems
-----
- Ohne "ip routing" kann ich nur innerhalb des eigenen Subnetzes den Switch erreichen, ok also an damit
- Das default VLAN 1 bekommt die IP: 192.23.137.57
----
Das ist nicht so. Also zum Bsp der Switch hat die 192.23.137.57/24 und ein Default Gateway (192.23.137.1) und du bist im 192.168.0.0/24 Netz mit einem Gateway das das 192.23.137.0/24 kennt, dann kannst du nat├Г┬╝rlich auch aus diesem Subnetz den Switch erreichen.
Die IP des Switches ist dabei eigentlich nur dazu da um den Switch zu managen und zu ├Г┬╝berwachen. hat der Switch jedoch keine Gateway oder eins das er nicht erreichen kann, kannst du den Switch nat├Г┬╝rlich nur aus seinem Subnetz managen.
-------
- Danach kommt ein "ip route 0.0.0.0 0.0.0.0 192.23.137.110", wobei die 192.23.137.57 der "next hop switch" ist
- Das 192.23.137.0/24 Netz ist mein Core-Netz an dem dann die ganzen anderen Subnetze h├Г ├В┬дngen
- Also VLAN f├Г ├В┬╝r das neue Subnetz erstellen ==
(I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway:)
vlan 20
name "AlcatelServer"
untagged 1-24
ip address 192.23.20.80 255.255.255.0
exit
----
ah ok wenn du jetzt routing auf dem Switch einschaltest und dem router mit der IP 192.23.137.110 verr├Г┬дtst wo er das 192.23.20.0/24 netz findet geht das.
ip route 192.23.20.0 255.255.255.0 192.23.137.57
192.23.137.57 ist doch das gleiche Ger├Г┬дt was auch noch zust├Г┬дtzlich die 192.23.20.80 hat?!
----
Und ich habe mich schon gewundert, warum das bei den 5400zl drinsteht und es funktioniert trotzdem. Ich wusste nicht, dass das keinen Effekt hat.
Um noch einmal die Frage aufzugreifen "ip default-gateway" ben├Г ├В┬╢tige ich nur, wenn ich den Switch in ein Netz h├Г ├В┬дnge, wo der Switch selbst sich um nichts zu k├Г ├В┬╝mmern braucht in Sachen VLAN?
----
genau so ist es.
hoffe hab jetzt alles, ansonsten einfach fragen ich versuch gerne dir weiter zu helfen.
alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 12:56 AM
тАО05-25-2009 12:56 AM
Re: VLAN + routing problems
Welcome to the forums.
Could you please post your reply in English? This will help everybody in the Forum understand the query and allow them to participate as well.
Thanks,
Madhavankutty
PS: Please continue to post here by clicking on the "Reply" button.