HPE Community
Comware Based
1831622 Members
2297 Online
110027 Solutions
New Discussion

VLAN Routing

 
Fast_Freddy
Occasional Contributor

‎12-02-2018 07:58 AM

‎12-02-2018 07:58 AM

VLAN Routing

Hi Folks,

 

I have a pair of HPE 5940 switches configured as one enity via IRF. I have configured 4 VLANs that need access to the naked internet via a cisco ASA. After reading the HPE documents, I am still at a loss on how I can configure the 4 VLANs to route to the cisco via the default VLAN (1). I realize that VLANs are layer 2, while routing is layer 3. 

My question is how do I enable routing on this switch.

Thanks,

4 REPLIES 4
network_king
HPE Pro

‎12-02-2018 08:55 PM

‎12-02-2018 08:55 PM

Re: VLAN Routing

Hello,

You can use your layer 3 swtich for routing. In case you wanted to HPE 5940 Switch IRF stack as Layer 3 then please consider SVI.

ex: Interface vlan 10

ip add x.x.x.x x.x.x.x

exit

 

Please use link for configuration guides : https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1009148843&docLocale=en_US&docId=emr_na-a00041103en_us

 

https://support.hpe.com/hpesc/public/home/documentHome?sp4ts.oid=1009148843

I am an HPE Employee

Accept or Kudo

0 Kudos
Jasoned32
Occasional Visitor

‎12-03-2018 10:26 AM

‎12-03-2018 10:26 AM

Re: VLAN Routing

Routing should be enabled and those 4 vlans should be able to ping each other.

you will need to create an addtional vlan for the firewall.

ex. vlan 100

give it an ip address 

ex. 172.16.100.1 255.255.255.0 (you can do a /30 if you want to, i'm just trying to keep things simple for now)

give it a description of "internet vlan" or "firewall vlan", which ever makes sense to you. 

Then on the ASA, you will need to give it an IP address in that vlan

ex. ASA - IP Address of inside interface 172.16.100.254 255.255.255.0 (different if you do a /30)

make sure the firewall and switch can see each other. 

Then on the switch you will need to create a gateway of last resort route

ex. ip route-static 0.0.0.0 0.0.0.0 172.16.100.254 - this is basically saying any traffic that the switch doesn't have a route for (internet traffic) will be sent to 172.16.100.254 (your firewall). Your firewall will take it from there and send that traffic out to the internet. 

Keep in mind your firewall will need return routes back to the 4 vlans you already have. 

hopefully this points you in the right direction. :)

 

 

 

0 Kudos
Fast_Freddy
Occasional Contributor

‎12-05-2018 04:31 AM

‎12-05-2018 04:31 AM

Re: VLAN Routing

Hello, 

Thanks for your prompt reply. I have some other concerns, should the VLANs be tagged or untagged, and should the VLANs be configured "ip-subnet-vlan" - I made the changes you had specified, but does not seem to have had any positive results. 

Thanks again. 

0 Kudos
LinksysExpert
New Member

‎12-30-2018 10:34 PM

‎12-30-2018 10:34 PM

Re: VLAN Routing

I also had issues with routing on switch.

Thanks for your reply. I think this solved my issue.

Jim Williams.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.