HPE Community
HPE Aruba Networking & ProVision-based
1822002 Members
3902 Online
109639 Solutions
New Discussion

HP E3800 inter-VLAN routing enabled, non-default subnets can't access internet gateway

 
KubaL
Frequent Advisor

‎06-13-2014 05:31 PM - edited ‎06-13-2014 08:14 PM

‎06-13-2014 05:31 PM - edited ‎06-13-2014 08:14 PM

HP E3800 inter-VLAN routing enabled, non-default subnets can't access internet gateway

Hello!

 

I need some help with ip routing on Hp Procurve E3800. I have a setup where this L3 switch acts as a core router and does the inter-VLAN routing (9 VLANs including default), ip routing is enabled, all devices from each VLAN/subnet can ping other VLAN interfaces or devices without a problem now.

 

There is 7 other switches, a mix of Procurve 2530 24-port or 48-port (some are POE others are not) that are all trunked directly via LACP protocol to ports on the E3800 core router.

 

Internet gateway/router is connected directly to a port on E3800 L3 switch and configured as default VLAN with no tagging, the gateway (temporary Linksys E2000 device running a Tomato flavor of Linux firmware) is directly connected to a cable modem.

 

VLAN interfaces on E3800 are simple, some are very small subnets, others are full class C, e.g.:

DEFAULT_VLAN IP 192.168.1.254 / 255.255.255.0

VLAN2 IP 192.168.2.62 / 255.255.255.192

VLAN3 IP 192.168.3.14 / 255.255.255.240

and so on up to 192.168.9.0

 

I entered the default gateway on E3800 pointing to my E2000 gateway, but since I enabled the ip routing on all VLANs in E3800 that is no longer in effect.

 

At first I could not reach internet even from default VLAN on E3800 or any switch, because I noticed there was no 0.0.0.0/0 static route in E3800 table so I added it manually (ip route 0.0.0.0/0 192.168.1.1 1) pointing to E2000 gateway IP (192.168.1.1 in this case) and now all devices from VLAN1 can reach the Internet.

 

However only the devices from default VLAN1 can ping the internet gateway or reach the Internet, no device from other subnet/VLAN can reach Internet or even ping the gateway IP address in VLAN1 (they can ping VLAN interface of 192.168.1.254 tho) ... did I miss something in E3800 configuration, or else, help please?

 

I tried tracert to E2000 gateway IP from VLANs 2-9 clients and it seems the time out occurs right after successful reply from any VLAN interface IP.

I tried adding static routes  on linux gateway pointing back to each VLAN IP interfaces on E3800, added forwarding rules for other subnets on gateway firewall, no dice, no Internet on VLANs 2-9.

 

Is it possible that some other static rules need to get enabled on E3800 to pass the traffic from other VLANs to Internet? or rather my temporary Linksys E2000 gateway box is the problem here (any help with linux-based router for passing traffic originating from non-native subnets?) ... I'm at loss here at the moment and very tired after 2 days of struggle with this.

 

 EDIT:

Something tells me that I screwed up the return static routes on my E2000 Tomato linux gateway ... should they point back to each of VLAN interface IP respectively (e.g. for VLAN2 that would be 192.168.2.62) or rather all  non-native subnets pointing back to HP ProCurve E3800 default_VLAN IP interface (192.168.1.254 in this case)?

will need to restest on Monday, funny if that is all that happened (I have a hope!).

 

I had them like this on E2000 box:

Destination 192.168.2.0 subnet 255.255.255.192 gateway 192.168.2.62 metric 0

 

... but how would this linux router know how to get to VLAN2 network 192.168.2.0 on E3800 router in first place, if this is precisely what I was trying to tell it ... normally it can see only the physical route to 192.168.1.254 and nothing else! sounds like I made a big and dumb mistake in return paths!

0 Kudos
1 REPLY 1
KubaL
Frequent Advisor

‎06-16-2014 10:34 AM

‎06-16-2014 10:34 AM

Re: HP E3800 inter-VLAN routing enabled, non-default subnets can't access internet gateway

it worked! I corrected the static return routes on the Linux router so they all point to 192.168.1.254 gateway/hop for all VLAN subnets and now all VLANs routed on our HP Procurve E3800 get internet access. It was no problem with E3800 config after all! :)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.