Switches, Hubs, and Modems
1748139 Members
3630 Online
108758 Solutions
New Discussion юеВ

Re: VLAN + routing problems

 
MullT
Frequent Advisor

VLAN + routing problems

Hi,

I have two 5412zl connected with a trunk.

- Internet == firewall ==backbone== 5412zl Nr.1 =LACP= 5412zl Nr.2

What can I do?

- I can reach both switches from outside, enter web interface...
- telneted on both switches themselves, I can successfully ping www.hp.com
- When I connect my notebook to one of the ports with vlan 104 enabled, I get IP,gateway, DNS address vie the DHCP server.
- From the laptop, I can ping both HP 5412zl switches
- From the laptop, I can┬┤t ping other switches, being on the same subnet, as the 5412zls
- From the laptop, T can┬┤t reach internet or other servers/switches within my network
- Btw, when I try to "ip routing" I lose connection from outside

This seems to be a routing problem, but I can┬┤t find out what┬┤s wrong




================5412zl Nr. 1=========================
trunk A21-A22,B21-B22 Trk1 LACP
ip default-gateway 192.23.137.110
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A20,A23-A24,B1-B20,B23-B24,C1-C24,D1-D24,E1-E24,F1-F24,Trk1
ip address 192.23.250.130 255.255.255.0
no untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
exit
vlan 300
name "VoIP"
qos priority 6
tagged A1-A4,Trk1
voice
no ip address
exit
vlan 104
name "User1"
untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
ip helper-address 192.23.240.33
ip address 192.23.104.170 255.255.255.0
tagged Trk1
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
dhcp-snooping
dhcp-snooping authorized-server 192.23.240.33
dhcp-snooping vlan 1
sntp server priority 1 192.23.240.33
ip dns server-address priority 1 192.23.137.1
ip dns server-address priority 2 192.23.137.2
ip route 0.0.0.0 0.0.0.0 192.23.137.110
interface A1
dhcp-snooping trust
exit
interface A2
dhcp-snooping trust
exit
interface A3
dhcp-snooping trust
exit
interface A4
dhcp-snooping trust
exit
interface Trk1
dhcp-snooping trust
exit
spanning-tree
spanning-tree Trk1 priority 4
vlan 104
ip rip 192.23.104.240
exit
no tftp6 client
no tftp6 server
loop-protect G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
loop-protect trap loop-detected
loop-protect disable-timer 60
password manager
password operator






====================5412zl Nr. 2===============================



trunk A21-A22,B21-B22 Trk1 LACP
ip default-gateway 192.23.137.110
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A20,A23-A24,B1-B20,B23-B24,C1-C24,D1-D24,E1-E24,F1-F24,Trk1
ip address 192.23.250.131 255.255.255.0
no untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
exit
vlan 300
name "VoIP"
qos priority 6
tagged Trk1
voice
no ip address
exit
vlan 104
name "User1"
untagged G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
tagged Trk1
no ip address
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
dhcp-snooping
dhcp-snooping authorized-server 192.23.240.33
dhcp-snooping vlan 1
sntp server priority 1 192.23.240.33
ip dns server-address priority 1 192.23.137.1
ip dns server-address priority 2 192.23.137.2
ip route 0.0.0.0 0.0.0.0 192.23.137.110
interface A1
dhcp-snooping trust
exit
interface A2
dhcp-snooping trust
exit
interface A3
dhcp-snooping trust
exit
interface A4
dhcp-snooping trust
exit
interface Trk1
dhcp-snooping trust
exit
spanning-tree
spanning-tree Trk1 priority 4
no tftp6 client
no tftp6 server
loop-protect G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
loop-protect trap loop-detected
loop-protect disable-timer 60
password manager
password operator

8 REPLIES 8
EckerA
Respected Contributor

Re: VLAN + routing problems

Hi,
it might be that you can't reach your default gateway: ip default-gateway 192.23.137.110
You don't have a vlan in the same subnet as the 192.23.137.110 gateway. because of this you can't reach it!
hth
alex
MullT
Frequent Advisor

Re: VLAN + routing problems

Sorry, I made a mistake while replacing my real IP addresses:


It should be:

=> HP 5412zl Nr.1:
ip default-gateway 192.23.137.110
ip address 192.23.137.130 (for default VLAN1)

=> HP 5412zl Nr.2:
ip default-gateway 192.23.137.110
ip address 192.23.137.131 (for default VLAN1)


192.23.137.0/24 is backbone





serpel
Trusted Contributor

Re: VLAN + routing problems

Hi,
what do you mean by that:
- From the laptop, I can├В┬┤t ping other switches, being on the same subnet, as the 5412zls
do you mean the default vlan? if yes, what is the gateway for the other switches?

Does the firewall know where the vlan 104 is?
I think you need to enable routing at one of the 5400zl and a rout at the fw back to the 5400.
hth
alex
MullT
Frequent Advisor

Re: VLAN + routing problems

Hi,

well I reset the switch and startet from beginning. I think I still mix something up with the follwing options:

- ip default-gateway
- ip routing

For now I├В┬┤m not in front of the HP, but the HP told me that I can├В┬┤t use IP routing and the default-gateway at the same time???

Well, on the HP 5400zl, now I have

- ip routing
- ip default-gateway
- ip route 0.0.0.0 0.0.0.0 192.23.137.110

This works, now. It didn├В┬┤t work before.
Do I need to enable those options in a specific order?

192.23.137.0/24 is my core net, btw.

Now I got a new 3500yl and put it into the core.

Default VLAN IP ist 192.23.137.57
I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway

As soon as I connected the new 3500yl to the other (Cisco) switch, I was able to ping the gateway of VLAN, so 192.23.20.80

With Cisco, the default gateway is enough to get out of the own subnet. With procurve this is strange.
When do I need ip default-gateway? When do I need ip routing? Why can├В┬┤t I use the default gateway, according to the "menu" option when ip routing is enabled? But I can enable it on console?

As this is a work in progress text, I├В┬┤m now in the situation, that I├В┬┤m logged into the 3500yl via serial cable. I├В┬┤m physically connected to the next hop router. But I can├В┬┤t ping the other switches.in the subnet of 192.23.137/24. I├В┬┤m getting crazy with HP...

But, hey it├В┬┤s weekend, next week I├В┬┤ll reset the whole configuration and hopefully it├В┬┤ll work then.
serpel
Trusted Contributor

Re: VLAN + routing problems

hi,

if you have a layer 2 device, and a switch is one, you need a gateway to reach other subnets.
if you enable ip routing the switch itself becomes a gateway. then you need routes to find subnets the l3switch isn't aware of.
here is what i normaly do if i enable ip routing. first i apply the default route, in your case ip route 0.0.0.0 0.0.0.0 192.23.137.110,
and then i enable ip routing. but i do it like that because otherwise i couldn't reach the device anymore, because i manage the switches from another subnet the switch doesn't know of.

-----
Now I got a new 3500yl and put it into the core.

Default VLAN IP ist 192.23.137.57
I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway
-----

then you don't have an default gateway for your default vlan, cos you can only have one default gateway. but don't forget if you running layer2 the ip and the gateway is only for manageing the switch!


-----
When do I need ip default-gateway? When do I need ip routing? Why can├Г ├В┬┤t I use the default gateway, according to the "menu" option when ip routing is enabled? But I can enable it on console?
-----

you only need to enable routing on the switch if you want the switch to become a router and do for example intervlan routing.
if you enable ip routing the "ip default-gateway" command might be possible at the cli, but it doesn't have any effect.

-----
As this is a work in progress text, I├Г ├В┬┤m now in the situation, that I├Г ├В┬┤m logged into the 3500yl via serial cable. I├Г ├В┬┤m physically connected to the next hop router. But I can├Г ├В┬┤t ping the other switches.in the subnet of 192.23.137/24. I├Г ├В┬┤m getting crazy with HP...
-----

ok lets see,...as this is the device -->I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway<-- does the gateway know where to find the 192.23.137/24 subnet and do the devices in 192.23.137/24 subnet know where to find the subnet of the notebook? try to make a traceroute from your notebook and try a traceroute from a switch in the 192.23.137/24 subnet.

hth
alex
ps sorry for my bad english, in deutsch w├Г┬дre das alles viel einfacher zu erkl├Г┬дren!
MullT
Frequent Advisor

Re: VLAN + routing problems

Hallo Alex

Danke f├Г┬╝r Deine Antwort. Gerne auch auf deutsch :-) Fassen wir also einmal zusammen:

- Ohne "ip routing" kann ich nur innerhalb des eigenen Subnetzes den Switch erreichen, ok also an damit
- Das default VLAN 1 bekommt die IP: 192.23.137.57

vlan 1
name "DEFAULT_VLAN"
untagged 25-48
ip address 192.23.137.57 255.255.255.0
no untagged 1-24
exit

- Danach kommt ein "ip route 0.0.0.0 0.0.0.0 192.23.137.110", wobei die 192.23.137.57 der "next hop switch" ist
- Das 192.23.137.0/24 Netz ist mein Core-Netz an dem dann die ganzen anderen Subnetze h├Г┬дngen
- Also VLAN f├Г┬╝r das neue Subnetz erstellen ==
(I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway:)

vlan 20
name "AlcatelServer"
untagged 1-24
ip address 192.23.20.80 255.255.255.0
exit

>then you don't have an default gateway for your default vlan, cos you can only have one
>default gateway. but don't forget if you running layer2 the ip and the gateway is only for
>manageing the switch!

Hm, diesen Abschnitt verstehe ich jetzt nicht. K├Г┬╢nntest Du das bitte noch einmal erkl├Г┬дren?

>you only need to enable routing on the switch if you want the switch to become a router and >do for example intervlan routing.

genau das ist das, was ich will.


>if you enable ip routing the "ip default-gateway" command might be possible at the cli, but it >doesn't have any effect.

Und ich habe mich schon gewundert, warum das bei den 5400zl drinsteht und es funktioniert trotzdem. Ich wusste nicht, dass das keinen Effekt hat.
Um noch einmal die Frage aufzugreifen "ip default-gateway" ben├Г┬╢tige ich nur, wenn ich den Switch in ein Netz h├Г┬дnge, wo der Switch selbst sich um nichts zu k├Г┬╝mmern braucht in Sachen VLAN?


>ok lets see,...as this is the device -->I added another VLAN: 192.23.20.0/24 with
>192.23.20.80 as gateway<-- does the gateway know where to find the 192.23.137/24 subnet

Daf├Г┬╝r habe ich doch den "ip route 0.0.0.0 0.0.0.0 192.23.137.110" Eintrag, oder?

>and do the devices in 192.23.137/24 subnet know where to find the subnet of the notebook? >try to make a traceroute from your notebook and try a traceroute from a switch in the
>192.23.137/24 subnet.

Ich sitze mit meinem B├Г┬╝ro auch ein paar Switches weiter weg. Als der 3500yl zuerst am Core dran war konnte ich den Gateway 192.23.20.80 vom neuen Subnetz 20 auch wunderbar erreichen. Logischerweise dann auch mit traceroute.

Ich hatte dann folgendes Problem. Ich habe mich mit meinem Notebook an den 3500yl an einem Port mit dem Subnetz 20 drangeh├Г┬дngt, habe mir die feste IP 192.23.20.5 gegeben und als Gateway mit die 192.23.20.80 und meinen DSN eingetragen und wollte ganz einfach einmal unseren Webserver anpingen. Das ging nicht, weil er eben den Weg nicht gefunden hat, trotz aller ip routing, ip default-gateway und ip route 0.0.0.0 0.0.0.0 192.23.137.110 Eintr├Г┬дge.
Also irgendetwas bringe ich hier noch durcheinander.

At the admins, I promise, at the end when we found the solution, I will post this in english, too.
serpel
Trusted Contributor

Re: VLAN + routing problems

Also gut,

-----
- Ohne "ip routing" kann ich nur innerhalb des eigenen Subnetzes den Switch erreichen, ok also an damit
- Das default VLAN 1 bekommt die IP: 192.23.137.57

----

Das ist nicht so. Also zum Bsp der Switch hat die 192.23.137.57/24 und ein Default Gateway (192.23.137.1) und du bist im 192.168.0.0/24 Netz mit einem Gateway das das 192.23.137.0/24 kennt, dann kannst du nat├Г┬╝rlich auch aus diesem Subnetz den Switch erreichen.
Die IP des Switches ist dabei eigentlich nur dazu da um den Switch zu managen und zu ├Г┬╝berwachen. hat der Switch jedoch keine Gateway oder eins das er nicht erreichen kann, kannst du den Switch nat├Г┬╝rlich nur aus seinem Subnetz managen.

-------
- Danach kommt ein "ip route 0.0.0.0 0.0.0.0 192.23.137.110", wobei die 192.23.137.57 der "next hop switch" ist
- Das 192.23.137.0/24 Netz ist mein Core-Netz an dem dann die ganzen anderen Subnetze h├Г ├В┬дngen
- Also VLAN f├Г ├В┬╝r das neue Subnetz erstellen ==
(I added another VLAN: 192.23.20.0/24 with 192.23.20.80 as gateway:)

vlan 20
name "AlcatelServer"
untagged 1-24
ip address 192.23.20.80 255.255.255.0
exit

----

ah ok wenn du jetzt routing auf dem Switch einschaltest und dem router mit der IP 192.23.137.110 verr├Г┬дtst wo er das 192.23.20.0/24 netz findet geht das.
ip route 192.23.20.0 255.255.255.0 192.23.137.57

192.23.137.57 ist doch das gleiche Ger├Г┬дt was auch noch zust├Г┬дtzlich die 192.23.20.80 hat?!

----

Und ich habe mich schon gewundert, warum das bei den 5400zl drinsteht und es funktioniert trotzdem. Ich wusste nicht, dass das keinen Effekt hat.
Um noch einmal die Frage aufzugreifen "ip default-gateway" ben├Г ├В┬╢tige ich nur, wenn ich den Switch in ein Netz h├Г ├В┬дnge, wo der Switch selbst sich um nichts zu k├Г ├В┬╝mmern braucht in Sachen VLAN?
----
genau so ist es.

hoffe hab jetzt alles, ansonsten einfach fragen ich versuch gerne dir weiter zu helfen.

alex
Madhavankutty
Regular Advisor

Re: VLAN + routing problems

Hi,

Welcome to the forums.

Could you please post your reply in English? This will help everybody in the Forum understand the query and allow them to participate as well.

Thanks,
Madhavankutty

PS: Please continue to post here by clicking on the "Reply" button.