Switches, Hubs, and Modems
1748219 Members
4495 Online
108759 Solutions
New Discussion юеВ

Re: Vlan routing on 5304xl

 
SOLVED
Go to solution
Roberto33
Occasional Advisor

Vlan routing on 5304xl

I got three switches Procurve 5304 and one 2512
My net has all static ip├в s.
Domain Controller 192.168.10.5
Backup Domain controller 192.168.10.7
Gateway 192.168.10.1 (Switch1 vlan10 ip)

Gateway for Host├в s: every host has the gateway set to its own vlan.

I set four VLAN├в s on all switches with those IP├в s

Switch 1 (Main)
VLAN10 192.168.10.1
VLAN20 192.168.20.1
VLAN30 192.168.30.1
VLAN40 192.168.40.1

Switch 2
VLAN10 192.168.10.2
VLAN20 192.168.20.2
VLAN30 192.168.30.2
VLAN40 192.168.40.2

Switch 3
VLAN10 192.168.10.3
VLAN20 192.168.20.3
VLAN30 192.168.30.3
VLAN40 192.168.40.3

Switch 4
VLAN10 192.168.10.25
VLAN20 192.168.20.25
VLAN30 192.168.30.25
VLAN40 192.168.40.25

All my servers are connected to switch 1 (Main). On two of my server I Installed Kerio WinRoute Firewall, the first to access to Internet and the other to access to a Remote LAN through a Modem HDSL.
Internet Server has the network interface with IP 192.168.10.4
Server to access the remote LAN has the network interface with IP 192.168.10.11.

On my switch 1 (Main) I created the following static route:
0.0.0.0/24 192.168.10.4
10.0.0.0 / 8 192.168.10.11

I enabled the IP routing on all switches, I assigned the gateway to hosts on their own VLAN, I can see all my host├в s on different vlan├в s, I can ping my domain controller server and the backup, but I├в m not able to ping both servers with kerio firewall installed (192.168.10.4 and 192.168.10.11) by vlan20, 30.40. If I tracert from a pc on vlan20, 30 or 40 one of the servers with kerio my packet stops at the gateway. But if I tracert from pc├в s on vlan10 everything is working fine. (Something more: when I installed kerio on servers all my host├в s where on vlan10, I did not have multiple vlan├в s)
Do you have any other suggestions to complete this VLAN routing?

Any kind of suggestion will be appreciated.

Roberto33
9 REPLIES 9
Pieter 't Hart
Honored Contributor
Solution

Re: Vlan routing on 5304xl

>>>I assigned the gateway to hosts on their own VLAN <<<
for this routing example config only switch-1 is important.

on the respective vlans switch-1 (x.x.x.1) must be configured as default gateway.
vlan20 ->gateway 192.168.20.1
vlan30 ->gateway 192.168.30.1
vlan40 ->gateway 192.168.40.1

switch-1 knows all the subnets used on your local lan and external networks.
so it is able to do all the routing.

for troubleshooting of your connectivity problem ip-adresses of switches 2-4 are not important the are not used for routing (layer-3).
these switches only need to pass vlan's (at layer-2).
enabling ip routing is not neccessary on these switches.

as the kerio-firewall has "firewall" in it's name, you may need to enable response to ping from other (non-local) subnets.

most likely the kerio firewall to the internet has an external router as it's default gateway, so you need to configure static route back for other local subnets 192.168.20.0 ->gateway 192.168.10.1
192.168.30.0 ->gateway 192.168.10.1
192.168.40.0 ->gateway 192.168.10.1
else response to ping is sent to the internet instead of back to the local interface.
probably the same goes for the other remote lan.

hope this helps
Pieter
Bilotta Alessio
Occasional Advisor

Re: Vlan routing on 5304xl

Hi Pieter,

Thank you for your good suggestions.
I followed your advise and now everything is working nicely.
I used my switch1 as main router, I assigned to my host's the gateway for their own vlan and I add the route back to the kerio firewall and everything is working. The only problem I found is my intranet web site. The site is working only with host's on vlan10 but not with the others. as soon as I try to open the web page I have this kind of error:PHP Warning: display:
require(../mkportal/conf_mk.php) [function.display-require]: failed to open stream: No such file or directory in C:\Inetpub\wwwroot\forum\sources\classes\class_display.php on line 76

I don't know if you are able to help me out with this but anyway thank you much

roberto33
Pieter 't Hart
Honored Contributor

Re: Vlan routing on 5304xl

Hi Roberto,
thankt for feedback.
I'm no hero in php scripts, but >>> No such file or directory in C:\Inetpub\wwwroot\forum\sources\classes\class_display.php on line 76 <<< suggests that a file or directory referenced from the class_display.php script is missing.
Investigate this first.

As you call int an "intranet server" I assume it's a webserver for your local network?
As such it may have been configured to only see vlan-10 as the local network.
The other vlan's are probably sent to the kerio firewall as the default gateway.

maybe adding the same static route for your
local vlans to this host may help
route add 192.168.20.0 mask 255.255.255.0 192.168.10.1 /p
route add 192.168.30.0 mask 255.255.255.0 192.168.10.1 /p
route add 192.168.40.0 mask 255.255.255.0 192.168.10.1 /p
Else look if you can find in the webserver config (properties) a tab where only 192.168.10.0 adresses are allowed to this intranet website (i think it's called client security).
Roberto33
Occasional Advisor

Re: Vlan routing on 5304xl

Well Pieter,

My int server is a different server.
My web server is connected directly to main switch1 and his ip is 192.168.10.6. There is no kerio firewall on this webserver, it is the one where all my net applications are running. I have on this also two more website and they are working correctly from all vlan's. This is the only one not working from vlan├Г┬мs other than 10. I will check if there are missconfig on web part and I will let you know.

Thanks Roberto
Pieter 't Hart
Honored Contributor

Re: Vlan routing on 5304xl

hi roberto,
how do you separate between the different websites on the same server?
do you use multiple ip-adresses each for a website or do you use something like host-headers?
Roberto33
Occasional Advisor

Re: Vlan routing on 5304xl

I use separate ip's
Pieter 't Hart
Honored Contributor

Re: Vlan routing on 5304xl

Roberto, have you checked the website config and the script ?
>>> No such file or directory in C:\Inetpub\wwwroot\forum\sources\classes\class_display.php on line 76 <<< suggests that a file or directory referenced from the class_display.php script is missing.
Roberto33
Occasional Advisor

Re: Vlan routing on 5304xl

hi Pieter,

Well I checked, but we were not able to solve the problem, so at the moment we are thinkig to change this portal ( was already in our plan) and make a new one.
So as soon as we are ready with the new portal over intranet we will set our new config that seems to work nicely (on our test). Thanks for your great help and as soon as I will have any kind of news I'll let you know.

Roberto.
Pieter 't Hart
Honored Contributor

Re: Vlan routing on 5304xl

glad to be of help
regards
Pieter