HPE Community
HPE Aruba Networking & ProVision-based
1819809 Members
2914 Online
109607 Solutions
New Discussion

Can't reach default gateway from second VLAN - ProCurve 2824

 
ccleary0
New Member

‎04-02-2013 01:51 PM

‎04-02-2013 01:51 PM

Can't reach default gateway from second VLAN - ProCurve 2824

Hi,

First off, I'm fairly new to networking and completely new to VLANs. We've decided to implement VLANs in order to isolate traffic from printers/servers/employee computers. What I'm trying to do is reach the default gateway (router/firewall) from our newly created VLAN (VMNetwork2) so that machines on VMNetwork2 may reach the internet. 

 

Switch config:

hostname "ProCurve_2824"
mirror-port 18
interface 3
no lacp
exit
trunk 3 Trk1 Trunk
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
snmp-server community "REMOVED" Operator
vlan 1
name "DEFAULT_VLAN"
untagged 1-2,4-24,Trk1
ip address dhcp-bootp
exit
vlan 2
name "VMNetwork2"
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
ip authorized-managers 192.168.1.43 255.255.255.0
ip authorized-managers 192.168.1.53 255.255.255.0
ip authorized-managers 192.168.1.145 255.255.255.0
spanning-tree Trk1 priority 4
ip ssh
password manager

 

IP routes:

Destination         Gateway                   VLAN     Type       Sub-Type    Metric Dist.
------------------ ---------------            ----         --------- ----------     ---------- -----
127.0.0.0/8       reject                                           static           0               250
127.0.0.1/32    lo0                                                connected   0               0
192.168.1.0/24 DEFAULT_VLAN       1            connected   0               0
192.168.2.0/24 VMNetwork2            2            connected   0               0

 

From machines on VMNetwork2 (the new VLAN), I can ping other machines on the same VLAN, the ProCurve switch ip 192.168.1.52, and 192.168.2.1 but not the default gateway 192.168.1.1 or any machines on the default VLAN.  

 

I'm not sure if I need to create a new route on the switch? and if so, will this negate the whole purpose of isolating traffic with VLAN's?

 

Thanks in advance

0 Kudos
1 REPLY 1
HEKnet
Advisor

‎04-03-2013 02:26 AM

‎04-03-2013 02:26 AM

Re: Can't reach default gateway from second VLAN - ProCurve 2824

Hello,

 

the problem is that you did not configure the default gateway on your switch. The output of your routes does not show any route for destionation 0.0.0.0 (the default route).

 

You put

 

ip default-gateway 192.168.1.1

 

into your config, but this option is only active if you run the switch in L2 mode. But you although enabled the L3 routing feature through the option

 

ip routing

 

In that case "ip default-gateway 192.168.1.1" is ignored. If you want to have a default route with L3 routing enabled, you must use

 

ip route 0.0.0.0 0.0.0.0 192.168.1.1

 

instead in order to set a default route.

 

But your setup is a little bit strange anyway. Even if you set a default route via

 

ip route 0.0.0.0 0.0.0.0 192.168.1.1

 

this would only make sense, if you also have a VLAN that has an IP address from the same subnet. I believe you want VLAN 1 to do this. For example VLAN 1 gets the IP 192.168.1.2 and the subnet mask 255.255.255.0, hence the default gateway is reachable trhough VLAN 1.

 

But you configured VLAN 1 to use DHCP. Now assume the following. No port of VLAN 1 is connected (i.e. VLAN 1 is down), then no valid DHCP config is active on VLAN 1. In consequence the route

 

ip route 0.0.0.0 0.0.0.0 192.168.1.1

 

would produce an error, because the switch does not know how to reach the IP 192.168.1.1.

 

I would recommend to do the following:

 

1) Configure a static IP from the same subnet your default router belongs to on VLAN 1 or on any other VLAN that is supposed to be connected to your default router.

 

2) Set the route

ip route 0.0.0.0 0.0.0.0 192.168.1.1

to your default router

 

3) Connect your default router to one of the ports in VLAN 1 such that VLAN 1 is "up"

 

Matthias

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.