HPE Aruba Networking & ProVision-based
1839249 Members
2286 Online
110137 Solutions
New Discussion

Re: Routing not working as expected on 2930F-48G

 
SOLVED
Go to solution
KoenR
Occasional Advisor

Routing not working as expected on 2930F-48G

I'm testing the routing between VLAN2 and VLAN5

I added

ip route 192.168.0.0 255.255.255.0 192.168.0.27
ip route 192.168.2.0 255.255.255.0 192.168.2.27

for testing purposes, even though I think it is not necessary and added by default.

Routing to ip route 0.0.0.0 0.0.0.0 192.168.2.11 works for all VLANs, but routing from VLAN 2 to VLAN 5 doesn't work (didn't test the others yet). Als the DHCP-server on 192.168.2.26 doesn't serve for the other VLANs, which I think is coused by the routing not working.

I had ACL's in there, which I trew out to make things less complicated.

I can't see my mistake - for me it should work, but it doesn't. Anyone can help?

Thank you for looking.

Config:

HP2930F-B105# show running

Running configuration:

; JL260A Configuration Editor; Created on release #WC.16.07.0002
; Ver #14:01.4f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:02
hostname "HP2930F-B105"
module 1 type jl260a
timesync ntp
time daylight-time-rule western-europe
time timezone 60
ip default-gateway 192.168.2.11
ip dns server-address priority 1 192.168.2.11
ip route 0.0.0.0 0.0.0.0 192.168.2.11
ip route 192.168.0.0 255.255.255.0 192.168.0.27
ip route 192.168.2.0 255.255.255.0 192.168.2.27
ip routing
interface 1
   name "scorpio"
   exit
snmp-server community "public" unrestricted
snmp-server contact "horrors@ritacollege.be"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-47
   untagged 48-52
   no ip address
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 2
   name "servers"
   untagged 1-15,17-24
   tagged 35-47
   ip address 192.168.2.27 255.255.255.0
   exit
vlan 3
   name "leerlingen"
   tagged 35-47
   ip address 10.0.0.27 255.255.0.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 4
   name "internet sdsl"
   tagged 35-47
   no ip address
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 5
   name "administratie"
   untagged 16
   tagged 35-47
   ip address 192.168.0.27 255.255.255.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 6
   name "fog_alioth"
   untagged 33-34
   tagged 35-47
   ip address 10.4.0.27 255.255.0.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 7
   name "printer leraarskamer"
   tagged 35-47
   ip address 172.16.0.27 255.255.255.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 8
   name "camera"
   tagged 35-47
   ip address 172.16.1.27 255.255.255.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 9
   name "internet telenet"
   tagged 35-47
   no ip address
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 10
   name "wifi"
   tagged 35-47
   ip address 10.1.0.27 255.255.0.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 11
   name "fog_aries"
   untagged 25-32
   tagged 35-47
   ip address 10.2.0.27 255.255.0.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
vlan 12
   name "wifi_secure"
   tagged 35-47
   ip address 10.3.0.27 255.255.0.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit
primary-vlan 2
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

 

11 REPLIES 11
parnassus
Honored Contributor

Re: Routing not working as expected on 2930F-48G

Since IP Routing is already Enabled:

ip routing

and since your VLANs (included VLAN 2 and VLAN 5) already have a non-overlapping Interface IP (for VLAN 2 and VLAN 5 those IP Addresses are, respectively, 192.168.2.27/24 and 192.168.0.27/24):

vlan 2
   name "servers"
   untagged 1-15,17-24
   tagged 35-47
   ip address 192.168.2.27 255.255.255.0
   exit

and

vlan 5
   name "administratie"
   untagged 16
   tagged 35-47
   ip address 192.168.0.27 255.255.255.0
   ip helper-address 192.168.2.26
   ip forward-protocol udp 192.168.2.11 dns
   ip forward-protocol udp 192.168.2.11 ntp
   exit

Those two commands listed below aren't really necessary at all:

ip route 192.168.0.0 255.255.255.0 192.168.0.27
ip route 192.168.2.0 255.255.255.0 192.168.2.27

If I were you I'd remove both and retry a test between an (unfirewalled) host A connected to an untagged port - in the ranges 1-15 or 17-24 - of VLAN 2 and an (unfirewalled) Host B connected to untagged interface 16 of VLAN 5.


I'm not an HPE Employee
Kudos and Accepted Solution banner
KoenR
Occasional Advisor

Re: Routing not working as expected on 2930F-48G

Thank you for your reply.

Yes, I was testing between port 16 on VLAN 5 and port 1 on VLAN 2.

I added those two routes because it wasn't working, knowing that it was probably reduntant anyway. I'll remove them again to get back to the previous situation, but that didn't work either.

parnassus
Honored Contributor

Re: Routing not working as expected on 2930F-48G

Pretty strange. My workflow: from the core (the switch which is responsible to be the router for all your VLANs) do pings to VLAN 2 and VLAN 5 IP Interfaces...are those OK? ...then from Host A ping VLAN 2 IP Interface...is it that  OK? ...then from Host B ping VLAN 5 IP Interface...is it that OK?

Help with show ip, show ip routes and show vlan to understand what you have configured on your core.

Also check show vlan port 16 detail and show vlan port 1 detail to check tagged/untagged VLAN details for those two ports.


I'm not an HPE Employee
Kudos and Accepted Solution banner
KoenR
Occasional Advisor

Re: Routing not working as expected on 2930F-48G

I'm glad you find it strange too - I hoped I missed thd obvious though.

I don't have access to the device at the moment - I'll report back tomorrow. 

May be I should revert to factory defaults if I don't learn anything from the details.

Thank you for your suggestions.

parnassus
Honored Contributor

Re: Routing not working as expected on 2930F-48G

Ensure Host A and Host B have, respectively, VLAN 2's IP Interface and VLAN 5's IP Interface as their respective Default Gateway...Host A should/must be able to Ping VLAN 2's IP Interface and, automatically routed by the Core, any IP belonging to directly connected VLAN's Subnets (provided that those VLANs have IP Addresses defined). For all other networks you need to specify static routes to another Gateway as you did with the setting of the Route of Last Resort

ip route 0.0.0.0 0.0.0.0 192.168.2.11

(I suspect the 192.168.2.11 is your Firewall/Gateway to other Networks, Internet included).

A thing can be said about this latest configuration: you're not using a "Transport" VLAN (a /30 would be OK) between your Core and your Firewall...so your Firewall has a leg directly into your VLAN 2 (where probably most of your network hosts actually live given the number of untagged ports)...but this has nothing to do with the fact that Host A on VLAN 2 is unable to reach Host B on VLAN 5 and vice-versa. I suspect Host's Default Gateways (if learnt by DHCP) could be wrong.


I'm not an HPE Employee
Kudos and Accepted Solution banner
KoenR
Occasional Advisor

Re: Routing not working as expected on 2930F-48G

I managed to do all the tests. I can oncly conclude that the routing doesn't work and I don't see why.

I removed the mentioned routes.

Apart from it being weird that it doesn't work, this is also weird:

host on VLAN5 to IP VLAN2 192.168.2.27: OK
host on VLAN2 to IP VLAN5 192.168.0.27: NOT OK

Ping tests:
Testing router addresses on 2930F
core to VLAN2 192.168.2.27: OK
core to VLAN5 192.168.0.27: OK
core to host on VLAN2: OK
core to host on VLAN5: OK
core to default gateway 192.168.2.11: OK
host on VLAN2 to IP VLAN2 192.168.2.27: OK
host on VLAN2 to IP VLAN5 192.168.0.27: NOT OK
host on VLAN5 to IP VLAN5 192.168.0.27: OK
host on VLAN5 to IP VLAN2 192.168.2.27: OK
host on VLAN2 to default gateway 192.168.2.11: OK
host on VLAN5 to default gateway 192.168.2.11: NOT OK

tests on 2930F:
HP2930F-B105# show ip

 Internet (IP) Service

  IP Routing : Enabled 

  Default TTL : 64 
  Domain Suffix : 
  DNS server : 192.168.2.11 

                       | Proxy ARP 
  VLAN | IP Config IP Address Subnet Mask Std Local
  -------------------- + ---------- --------------- --------------- ----------
  DEFAULT_VLAN | Disabled 
  servers | Manual 192.168.2.27 255.255.255.0 No No
  leerlingen | Manual 10.0.0.27 255.255.0.0 No No
  internet sdsl | Disabled 
  administratie | Manual 192.168.0.27 255.255.255.0 No No
  fog_alioth | Manual 10.4.0.27 255.255.0.0 No No
  printer leraarskamer | Manual 172.16.0.27 255.255.255.0 No No
  camera | Manual 172.16.1.27 255.255.255.0 No No
  internet telenet | Disabled 
  wifi | Manual 10.1.0.27 255.255.0.0 No No
  fog_aries | Manual 10.2.0.27 255.255.0.0 No No
  wifi_secure | Manual 10.3.0.27 255.255.0.0 No No
 

HP2930F-B105# show ip route 

                                IP Route Entries

  Destination Gateway VLAN Type Sub-Type Metric Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0 192.168.2.11 2 static 1 1 
  127.0.0.0/8 reject static 0 0 
  127.0.0.1/32 lo0 connected 1 0 
  192.168.0.0/24 administratie 5 connected 1 0 
  192.168.2.0/24 servers 2 connected 1 0 
 

HP2930F-B105# show vlan

 Status and Counters - VLAN Information

  Maximum VLANs to support : 256 
  Primary VLAN : servers 
  Management VLAN : 

  VLAN ID Name | Status Voice Jumbo
  ------- -------------------------------- + ---------- ----- -----
  1 DEFAULT_VLAN | Port-based No No 
  2 servers | Port-based No No 
  3 leerlingen | Port-based No No 
  4 internet sdsl | Port-based No No 
  5 administratie | Port-based No No 
  6 fog_alioth | Port-based No No 
  7 printer leraarskamer | Port-based No No 
  8 camera | Port-based No No 
  9 internet telenet | Port-based No No 
  10 wifi | Port-based No No 
  11 fog_aries | Port-based No No 
  12 wifi_secure | Port-based No No 
 
HP2930F-B105# show vlan port 16 detail

 Status and Counters - VLAN Information - for ports 16

  VLAN ID Name | Status Voice Jumbo Mode 
  ------- -------------------- + ---------- ----- ----- --------
  5 administratie | Port-based No No Untagged

HP2930F-B105# show vlan port 1 detail 

 Status and Counters - VLAN Information - for ports 1

  Port name: scorpio
  VLAN ID Name | Status Voice Jumbo Mode 
  ------- -------------------- + ---------- ----- ----- --------
  2 servers | Port-based No No Untagged

Tests on VLAN5 machine:

horrors@horrors-Latitude-3380:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.27 0.0.0.0 UG 100 0 0 enp2s0
link-local * 255.255.0.0 U 1000 0 0 enp2s0
192.168.0.0 * 255.255.255.0 U 100 0 0 enp2s0

horrors@horrors-Latitude-3380:~$ ifconfig
enp2s0 Link encap:Ethernet HWaddr 00:25:64:f4:51:73 
          inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
          inet6 addr: fe80::a4ea:c655:2140:cb45/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:33302 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38701 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:29928182 (29.9 MB) TX bytes:5230035 (5.2 MB)

lo Link encap:Local Loopback 
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:30278 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1992991 (1.9 MB) TX bytes:1992991 (1.9 MB)

horrors@horrors-Latitude-3380:~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1 192.168.0.27 (192.168.0.27) 0.451 ms 0.428 ms 0.406 ms
 2 * * *
 3 * * *
 4 * * *
 5 * * *
 6 * * *
 7 * * *
 8 * * *
 9 * * *
10 * * *
11 * * *
12 * *^C
horrors@horrors-Latitude-3380:~$ traceroute 192.168.2.26
traceroute to 192.168.2.26 (192.168.2.26), 30 hops max, 60 byte packets
 1 192.168.0.27 (192.168.0.27) 0.359 ms 0.307 ms 0.273 ms
 2 * * *
 3 * * *
 4 * * *
 5 * * *
 6 * * *
 7 * * *
 8 * * *
 9 * * *
10 * * *
11 * *^C
horrors@horrors-Latitude-3380:~$ traceroute 192.168.2.11
traceroute to 192.168.2.11 (192.168.2.11), 30 hops max, 60 byte packets
 1 192.168.0.27 (192.168.0.27) 0.426 ms 0.382 ms 0.353 ms
 2 * * *
 3 * * *
 4 * * *
 5 * * *
 6 * * *
 7 *^C
horrors@horrors-Latitude-3380:~$ traceroute 192.168.0.27
traceroute to 192.168.0.27 (192.168.0.27), 30 hops max, 60 byte packets
 1 192.168.0.27 (192.168.0.27) 0.602 ms 1.731 ms 1.703 ms

KoenR
Occasional Advisor

Re: Routing not working as expected on 2930F-48G

I'm reverting to factory defaults and start over.

parnassus
Honored Contributor

Re: Routing not working as expected on 2930F-48G

More and more strange. It looks like the issue is within VLAN 5's host(s).

I saw you have just one port untagged member of VLAN 5: interface 16...what is directly connected to that interface? just one host (the one you're using for your tests)?


I'm not an HPE Employee
Kudos and Accepted Solution banner
KoenR
Occasional Advisor

Re: Routing not working as expected on 2930F-48G

There is one host connected. Since DHCP doesn't work because routing doesn't work, I gave a fixed IP, with GW address 192.168.0.27

horrors@horrors-Latitude-3380:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.27 0.0.0.0 UG 100 0 0 enp2s0
link-local * 255.255.0.0 U 1000 0 0 enp2s0
192.168.0.0 * 255.255.255.0 U 100 0 0 enp2s0

horrors@horrors-Latitude-3380:~$ ifconfig
enp2s0 Link encap:Ethernet HWaddr 00:25:64:f4:51:73 
          inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
          inet6 addr: fe80::a4ea:c655:2140:cb45/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:33302 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38701 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:29928182 (29.9 MB) TX bytes:5230035 (5.2 MB)

lo Link encap:Local Loopback 
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:30278 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1992991 (1.9 MB) TX bytes:1992991 (1.9 MB)

KoenR
Occasional Advisor
Solution

Re: Routing not working as expected on 2930F-48G

So I went back to factory settings and started with the simplest configuration possible I can imagine:

; JL260A Configuration Editor; Created on release #WC.16.07.0002
; Ver #14:01.4f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:02
hostname "Aruba-2930F-48G-4SFP"
module 1 type jl260a
ip routing
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-2,16
untagged 3-15,17-52
ip address 192.168.1.27 255.255.255.0
ipv6 enable
ipv6 address dhcp full
exit
vlan 2
name "servers"
untagged 1-2
ip address 192.168.2.27 255.255.255.0
exit
vlan 5
name "administratie"
untagged 16
ip address 192.168.0.27 255.255.255.0
exit

With this setup both hosts on different VLAN's can ping eachother. 

nateliv
Occasional Visitor

Re: Routing not working as expected on 2930F-48G

Adding an update on the loop protection issue. 

I've done several additional rounds of testing and found that loop protection does work...eventually.

Creating a loop in an unmanaged switch off of port 1/46 loop brings down port 1/46 and, after the set number of disable seconds, brings the port back up. Loop protection DOES then bring the port down again, but only after about 10 minutes of active looping and impacted network operations.