HPE Community
HPE Aruba Networking & ProVision-based
1820267 Members
2633 Online
109622 Solutions
New Discussion

New VLAN, issue accessing internet

 
SOLVED
Go to solution
MikeBr
Occasional Visitor

‎03-31-2014 11:44 AM

‎03-31-2014 11:44 AM

New VLAN, issue accessing internet

We have a 5308 as our current core with minimal vlans on it, with the main subnet being 192.168.0.0/22.  We're switching over to a 5412 with a new set of vlans, VLAN 210 - 192.168.210.0/24, VLAN 100 - 192.168.100.0/24 being two of them.  100 is our new wireless and 210 is our management VLAN.

 

We have it working so anything on the 100 vlan is able to access the internal network, however it is unable to get out of our network.  We use a sonicwall firewall (192.168.0.1) as our current gateway on the existing network.

 

Please take a look at the running configs and let me know what might be the reason we're unable to get out to the internet from the new vlans.

 

Thanks...

 

5412:

Running configuration:

; J8698A Configuration Editor; Created on release #K.15.12.0012
; Ver #05:08.41.ff.3f.ef:63
hostname "CORE_HP-5412zl"
module 1 type j9549a
module 2 type j9535a
module 3 type j9550a
module 4 type j9534a
module 5 type j9550a
module 6 type j9534a
module 7 type j9550a
module 8 type j9534a
module 9 type j9550a
module 10 type j9550a
module 11 type j9550a
module 12 type j9550a
console idle-timeout 600
ip default-gateway 192.168.0.50
ip route 0.0.0.0 0.0.0.0 192.168.0.50
ip route 192.168.0.0 255.255.252.0 192.168.0.50
ip routing
snmp-server community "public" unrestricted
snmp-server contact "Mike Brearley" location "Server Room"
router rip
redistribute connected
exit
vlan 1
name "LAN"
no untagged A2-A20,A22-A24,B1-B24
untagged A1,C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,H1-H24,I1-I24,J1-J24,K1-K24,L1-L24
tagged A21
ip address 192.168.0.53 255.255.252.0
exit
vlan 100
name "WLAN - Production"
tagged A2,A21,B1
ip address 192.168.100.1 255.255.255.0
ip helper-address 192.168.0.2
exit
vlan 210
name "Management/iLO"
untagged A2-A20,A22-A24,B1-B24
tagged A21
ip address 192.168.210.1 255.255.255.0
ip helper-address 192.168.0.2
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update

 

5308:

Running configuration:

; J4819A Configuration Editor; Created on release #E.11.03

hostname "Core_5308"
snmp-server contact "IT Suppoprt"
snmp-server location "Server Room"
mirror-port H16
module 7 type J4907A
module 6 type J4907A
module 5 type J4907A
module 4 type J4907A
module 3 type J4907A
module 8 type J4907A
module 1 type J4907A
module 2 type J4907A
interface G13
speed-duplex auto-1000
exit
interface H12
speed-duplex auto-1000
exit
interface H13
speed-duplex auto-1000
exit
interface H14
speed-duplex auto-1000
exit
interface H15
speed-duplex auto-1000
exit
interface D9
speed-duplex 10-half
exit
interface C15
speed-duplex auto-1000
exit
interface C16
speed-duplex 1000-full
exit
interface B15
speed-duplex auto-1000
exit
ip default-gateway 192.168.0.1
snmp-server community "public" Unrestricted
snmp-server host 192.168.100.21 "public"
vlan 1
name "LAN"
untagged A11-A14,A16,B1-B16,C5-C13,D1-D16,E1-E16,F1-F14,F16,G1-G16,H1-H9,H16
ip address 192.168.0.50 255.255.252.0
tagged A15
no untagged A1-A10,C1-C4,C14-C16,F15,H10-H15
ip igmp
exit
vlan 2
name "DMZ"
untagged F15,H10-H11
ip address 172.30.2.253 255.255.255.0
tagged A15
exit
vlan 3
name "Internet"
untagged H12-H15
exit
vlan 10
name "VM_ISCSI"
untagged A1-A10
ip address 172.16.7.50 255.255.255.0
tagged A15
exit
vlan 20
name "VM_VMotion"
untagged C1-C4
ip address 172.16.6.50 255.255.255.0
tagged A15
exit
vlan 4
name "ISP"
untagged C14-C16
exit
interface G14,H11
monitor
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
qos protocol IP priority 7
qos protocol IPX priority 0
qos protocol ARP priority 0
qos protocol DEC_LAT priority 0
qos protocol AppleTalk priority 0
qos protocol SNA priority 0
qos protocol NetBEUI priority 0
qos type-of-service ip-precedence
ip route 192.168.210.0 255.255.255.0 192.168.0.53
ip route 192.168.100.0 255.255.255.0 192.168.0.53

 

 

--

Mike

0 Kudos
3 REPLIES 3
rob misz
Advisor

‎03-31-2014 12:41 PM

‎03-31-2014 12:41 PM

Solution

Re: New VLAN, issue accessing internet

Are you planning to get rid  of the 5308 and ues the 5412 as a core? If you are then use vlan 3  like on your 5308.  try the following.

 

vlan 3
name "Internet"
untagged H12      *"port to sonicwall"

ipaddress 192.168.0.2 255.255.255.0
exit

 

iproute 0.0.0.0 0.0.0.0 192.168.0.1

0 Kudos
MikeBr
Occasional Visitor

‎03-31-2014 01:35 PM

‎03-31-2014 01:35 PM

Re: New VLAN, issue accessing internet

I changed the default route to the following without adding vlan 3 and it worked:

iproute 0.0.0.0 0.0.0.0 192.168.0.1

 

We had an outside consulatant in on Friday and he set most of it up for us, he had put in the 192.168.0.50 default route.

 

Thanks for pointing me in the right direction!

 

And yes, we'll be getting rid of the 5308. 

 

 

--

MIke

0 Kudos
MikeBr
Occasional Visitor

‎04-02-2014 06:10 AM

‎04-02-2014 06:10 AM

Re: New VLAN, issue accessing internet

OK, so everything except http appears to be working.  I'm sure this is something on our firewall, but I'm not sure what might be causing it.  I can get to https://google.com but not http://google.com.  With my phone connected to the new vlan, messenger apps work but web pages using http won't load. 

 

Any ideas?

 

Thanks...

 

--

Mike

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.