Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

routing with vlans (switch 5304xl)

SOLVED
Go to solution
Hugo Tigre
Trusted Contributor

routing with vlans (switch 5304xl)

I have 3 vlans in a 5304xl switch:

vlan 1: 172.16.0.0
vlan 2: 172.30.0.0
vlan 3: 172.31.0.0

i have routing enable (rip v2) and is working between the vlans. The hosts in each vlan can comunicate with the other vlans.

to access the internet, my gateway is 172.16.0.1 so i created a static route (0.0.0.0/0 172.16.0.1)

this works fine for vlan 1 witch has access to the internet

but my problem is that vlan 2 and 3 can't get internet access.

what i'm i missing? will i be forced to use NAT in some way???

thanks in advance for your help

regards, Hugo Tigre
20 REPLIES

Re: routing with vlans (switch 5304xl)

Can you attach the show tech all, or the running configuration log file
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

here's the running config:
. and has a side note, in the switch, i only have module "A", so i'm not shure why there is "B1-B4" or "C1-C24,D1-D24"!!!!
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

One more thing i forggot to mention,

port A4 is the the one that is connected to 172.16.0.1 (gateway to the internet).
MIBA NSD
Advisor

Re: routing with vlans (switch 5304xl)

what is the ip of the 5304?
what are the masks of the vlans?

i think the 5304 needs an ip in every vlan because the 5304 should be the default gw for the 3 vlans, because he has to route vlan 2 and 3 to vlan 1 where the internet gateway is.



best regards
peter
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

the ip of the router if of the primary vlan, witch is vlan1 172.16.15.60, but can actualy be any of the ip's attributed to the vlans, in my case:

vlan1:172.16.15.60
vlan2:172.30.15.60
vlan3:172.31.15.60

the mask is equal to every vlan 255.255.0.0

and since i configure the switch with a route of "0.0.0.0/0 gw: 172.16.0.1" the switch doesn't use the default gw it has configured, or better yet, this route tels the switch the default gw is 172.16.0.1

note: this information is on the running-config file i attached in one of my previous messages.

i really need to get this problem fixed, i think i'm missing something in terms of routing parameters by i don't no what!!!!

regards, Hugo Tigre
MIBA NSD
Advisor

Re: routing with vlans (switch 5304xl)

ok!

i think u will reach the 5304 from every vlan with a ping to the 5304s vlan address.
but can u ping the 5304 address from another vlan?

example:
clients in vlan 2 should configure 172.30.15.60 as gw.
and than the should reach 172.31.15.60.

what is the output of the "sh ip route" command on the switch.
should be
0.0.0.0/0 172.16.1.2 1 static
172.16.0.0/16 VLAN1 1 connected
172.30.0.0/16 VLAN2 10 connected
172.31.0.0/16 VLAN3 20 connected
i think so.

Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Yes you're correct about the gateway and your correct about the routing, except you miss printed my GW (172.16.0.1 not 172.16.1.2)

But unfortunatly that isn't my problem, like i said the routing between the vlans is working and i can ping any ip that belongs to any vlan or host, ie, from any vlan to any vlan.

And has you can see from your exemple of "sh ip route" the static route belongs to vlan1 because it's in the same segment, and i think here is my real problem, the switch router trafic that belongs to any of the vlans, but internet trafic is only retorned to vlan1.



Olaf Borowski
Respected Contributor
Solution

Re: routing with vlans (switch 5304xl)

Hugo,

someone is doing NAT for you already. The address space you are using (172.16.x.x) doesn't get routed in the Internet. There is another box Internet facing that does the NAT for you. The box probably doesn't know about the 172.30.x.x and 172.31.x.x network. Add those two routes on that box and everything should work.

Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Olaf Borowski, that makes perfect sense, i will check that right now.

i'll reply as soon as know more.

One more thing, even if i had 3 gateways, one of each vlan (subnet), and i had each vlan conected to that gateway, it would still create a problem, because the static route "ip route 0.0.0.0/0 172.16.0.1" is added to the switch and not individualy to a vlan, and therefore i couldn't had another static root like "ip route 0.0.0.0/0 172.30.0.1"

exemple:
port A1 (vlan1) connected to 172.16.0.1
port A2 (vlan2) connected to 172.30.0.1
port A3 (vlan3) connected to 172.31.0.1

in this case, i would had the static route "0.0.0.0/0 172.16.0.1", but this would only work for vlan1, how would i soulve the problem for the other vlans?
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

An update to the situation:

Thanks to Olaf Borowski tip, i remember of trying something, sinse this switch also suports static NAT mapping, i had a static nat entry for one of the hosts in vlan2, like "ip nat static 172.30.0.16 172.16.0.19" and it worked the client 172.30.0.16 had internet access, this worked because this client's ip leaves the switch with the ip 172.16.0.19 (translated with nat) :)

This doesn't resolve my issue completly, it's just a temporary solution, and was just a test that proved that my problem really resides in the router that is responsable for the NAT to the internet, just like what Olaf Borowski said.

Many thanks for all your help, soon has i know more about this, i'll reply here, but i think the problem is practically resolved ;)
MIBA NSD
Advisor

Re: routing with vlans (switch 5304xl)

sorry, silly question, but does your internet gateway know the other vlans or only 172.16.0.0/16?

peter
Olaf Borowski
Respected Contributor

Re: routing with vlans (switch 5304xl)

Hugo,

What kind of router/internet gateway to you have (Brand/model) so I can help you map out the complete solution.
BTW: You don't need RIPV2 to route between the vlans. The box routes between vlans with just "ip routing" turned on. You use RIP or other routing protocls to tell others (like your internet router/gateway) about you locally attached networks.
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Thomas Ahrer:

Yes it knows all vlans, like Olaf Borwoski said it learned from rip.


Olaf Borowski:

Actualiy i have several of them, but all of them cisco routers (2620 / 1710 / 3640 / etc), but for the time being, the information that leaves the switch passes through my gateway 172.16.0.1 and them is directed to a internet gateway 172.16.0.10, and this is the one i need to configure, wich is a cisco 1710 with IOS 12.3(12).

Note: this is still being tested in a lab environment, when this is implemented in the production environment i will need to update about 3 routers (internet gateways), so in fact each vlan will have it's own gateway. And in this case i'm not shure how i will insert the routes, since i can only add one 0.0.0.0/0 route
MIBA NSD
Advisor

Re: routing with vlans (switch 5304xl)

yes but u wrote something that nat works so i think that the problem is on the 172.16.0.1
have u tried adding 2 static routes on 172.16.0.1

172.30.0.0/16 --> 172.16.15.60
172.31.0.0/16 --> 172.16.15.60
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Thomas Ahrer:

Yes u r correct, but like i said before 172.16.0.1 allready knows my vlans, those two routes were added by rip.

In fact the problem isn't the 172.16.0.1 because this is just my first gateway, the trafic that passes through this router is directed to another router (172.16.0.10) and this is the one responsible for natting to internet.

So the router i have to configure is 172.16.0.10, but i still haven't done this, because i didn't have time yet, i have several project in hand, and some of them have a higher priority than this one, but today i should have everyting working :D

I reply has soon has i have and update.

Best regards
Hugo Tigre
Ardon
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Hi Hugo,

I quickly set up the same configuration as you described using the same IP Addresses.
This is how the routing table of my 172.16.0.1 (also 53XX) looks like:

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
172.16.0.0/16 DEFAULT_VLAN 1 connected 0 0
172.30.0.0/16 172.16.15.60 1 rip 2 120
172.31.0.0/16 172.16.15.60 1 rip 2 120


As you can see it learned the two Subnets over RIP.
Like Olaf said you do not need to have RIP Enabled on VLAN 10&20 as they are Directly Connected networks wich will be advertised by RIP running on VLAN 1 (default=enabled to advertise Directly Connected Networks over RIP).
Your Gateway of 172.16.0.1 is that under your control? I get the strong impression that it is not running RIP.Preferrably you need to know the 172.16.0.1 configuration especially the output of the Routing Table.

If the 172.16.0.1 is not under your control you can also Sniff using a Monitoring Port (which I see is configured) and look for RIP Packets.
Are you sure the 172.16.0.1 is running RIP and if so, what version? I takes two to tango right?

Mind you that at least one port in a VLAN must be Up in order for you to see it appearing in the Routing Table and therefore also RIP.

You need to know the remote site!!

Regards, Ardon



ProCurve Networking Engineer
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Hi Ardon,

Thanks for all your work.

I had the impression i needed to have rip enable on all the vlans, besides vlan1, but i'm testing that right now.

172.16.0.1 is under my control, but only recently, it wasn't me that did the initial set up, but also this router is running rip.

All of them r running rip v2

This is a pretty big and complex network and i just recently started to make changes to it's topology, and also, the 5304xl where the vlans are, is completly under my control, but my gateways (cisco routers) have more people involved, and so i can't make changes to it without previous discussion with the people involved. Everething has to be documented :)

But like i said before the routing tables are correct, the packets r reaching the desired destination, but r beeing discarted in the internet gateway, because the corrent NAT doesn't recognise vlan 2 and 3. I'm in the proccess of configuring an additional router with a dedicated internet line, for the porpose of testing, not only for this cenario of course. This is one of the reasons i haven't yet make the necessary changes to the current internet gateway.

But like i said in one of my previous messages, when i tryied the static nat entry in the 5304xl switch for vlan2, it worked, the host in vlan2 imidiatly recive internet access. This plus the correct routes, give a good ideia that the problem really resides in nat.

Best Regards,
Hugo Tigre
MIBA NSD
Advisor

Re: routing with vlans (switch 5304xl)

Hi Hugo!
Its me again.
i think the traffic is going out but not comming back, so make some traceroutes to see where it stops.

another posibility is to use nat but i think u dont want to use it.

Ardon
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Hi Hugo,

Sorry I overlooked that NAT part. So with NAT it works OK. That makes me very much inclined to believe that (as Routing Tables look ok) that your Firewall is blocking these subnets. So it matters how the traffic is sourced. I would look into the log of your Firewall.

Regards, Ardon
ProCurve Networking Engineer
Hugo Tigre
Trusted Contributor

Re: routing with vlans (switch 5304xl)

Hi

I have this issue resolved :D thanks to all your help

The main problem was as initially thought, the nat entries in my internet gateway.

I set up a seperate gateway with a internet connection and simulated my prodution environment, and the only thing i needed to do was add the correct nat entries, like "access-list 1 permit 172.30.0.0 0.0.255.255" (cisco router).

Of course that besides this entry, NAT needs to be already working properly and rip (in my case) must be enable in order for the router to recognise all my vlans.

So far there doesn't seem to be any more problems with my setup, so i'm pretty shure this is ready for the production environment.

Thanks again for all your help...

best regards,
Hugo