Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

ARUBA 3800 pinging between VLAN's blocked in one direction work in the other

 
Highlighted
Occasional Contributor

ARUBA 3800 pinging between VLAN's blocked in one direction work in the other

I am having a problem where I can ping in one direction between vlans, but pinging in the other direction does not work.  The VLAN definitions are shown below.

If I log in to a vlan 1001 device, I can ping the vlan IPs and any device on the 1001 vlan.

If I log in to the switch, I can ping the vlan IPs and any device on either vlan.

If I log into a vlan 1031 device, I can ping the vlan IPs and any device on either vlan.

Traceroute from the 1031 device shows only two hops - the two VLAN ip addresses.

Traceroute from the 1001 device to the 1031 vlan IP address shows only the vlan 1031 ip address, and is successful.

Traceroute from the 1001 vlan device to the 1031 vlan device shows only the 1001 vlan ip address - it never makes it from there to the 1031 vlan ip address.  

I shouldn't need a static route for this should I?  I've tried setting one up, but the switch software seems to prohibit this.

Any ideas?

Switch info

; JL071A Configuration Editor; Created on release #KB.16.04.0008
; Ver #10:9b.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:81

 

vlan 1001
name "AMHS_PUBLIC"untagged 4-12,16-17,19-21,Trk1-Trk3
tagged Trk100
ip address 172.21.1.1 255.255.255.0
vrrp vrid 101
virtual-ip-address 172.21.1.1
priority 255
enable
exit

 

vlan 1031
name "WS_LOCAL"
untagged 14-15
tagged Trk100
ip address 172.21.31.1 255.255.255.0
vrrp vrid 131
virtual-ip-address 172.21.31.1
priority 255
enable
exit
exit

 

1 REPLY 1
Highlighted
Honored Contributor

Re: ARUBA 3800 pinging between VLAN's blocked in one direction work in the other

Hi! you didn't provide full details (VRRP references can be seen so you're probably dealing with two Aruba 3810M, isn't it?).

Let's keep the scenario simple: suppose you have just one Aruba 3810M, IP Routing enabled, VLAN interfaces with IP Addresses so SVI (say VLAN 1001 with IP Address 172.21.1.1/24 and VLAN 1031 with IP Address 172.21.31.1/24), a device connected to interface 4 (untagged into VLAN 1001) shall be able to ping a device connected to interface 14 (untagged into VLAN 1031)...provided that (a) devices aren't OS-firewalled and (b) devices are properly IP addressed (AKA device connected to interface 4 should use an IP Address within the VLAN 1001 subnet range, device connected to interface 14 should use an IP Address within the VLAN 1031 subnet range, each device should use its VLAN's SVI as its default gateway IP Address).

Complex designs (such as VRRP) requires more details to be troubleshooted...provided that the basic is already understood and verified.

Note that ArubaOS-Switch KB.16.04.0008 version is terribly old (2017), please upgrade to latest KB.16.10.0009 ASAP.

I'm not an HPE Employee
Kudos and Accepted Solution banner