HPE Community
HPE Aruba Networking & ProVision-based
1820892 Members
3879 Online
109628 Solutions
New Discussion

Re: Simple switch to switch problem

 
mstrmp3
Advisor

‎07-23-2013 05:44 AM

‎07-23-2013 05:44 AM

Simple switch to switch problem

I have 3 switches separated by two routers. SW1 and SW2 are on one side of the routers and SW3 is on the other. There are no vlans set up (except VLAN 1), and I can ping any machine that is directly connected to SW1 from a PC connected to SW3. I cannot ping any PC attached to SW2 from SW3 however, pinging devices from sw1 to sw2 is fine.

 

I have tried setting up the 2510 for trunking and even LACP, however my attempts failed. Right now SW2 port 48 connects to port 21 of SW1. In order for me to get this right, everything is set to factory defaults. On SW2, ports 1-48 are set to access/untagged vlan1, and port 21 of SW2 is set to access/vlan 1.

 

Any help getting the sw1 to pass the sw3 traffic to sw2 would be greatly appreciated.

 

I have attached a diagram.

 

 

0 Kudos
12 REPLIES 12
paulgear
Esteemed Contributor

‎07-23-2013 01:51 PM

‎07-23-2013 01:51 PM

Re: Simple switch to switch problem

Hi mstrmp3,

It would help a lot if you provided the config from your 2510 switch, and a list of the things you've changed from the defaults in your 1910 switches.
Regards,
Paul
0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-23-2013 03:46 PM

‎07-23-2013 03:46 PM

Re: Simple switch to switch problem

So, your PCs on Switch 1 & Switch2 have as their default gateway their router interface, right?

0 Kudos
mstrmp3
Advisor

‎07-24-2013 03:49 AM

‎07-24-2013 03:49 AM

Re: Simple switch to switch problem

here is the 2510 config

 

; J9280A Configuration Editor; Created on release #Y.11.41

hostname "CLT-SW04" 
snmp-server contact "IT" 
snmp-server location "CLT OPEN RACK" 
ip default-gateway 192.168.1.5 
snmp-server community "public" Unrestricted 
vlan 1 
   name "DEFAULT_VLAN" 
   untagged 1-48 
   ip address 192.168.1.20 255.255.255.0 
   ip igmp 
   exit 
gvrp 
spanning-tree

 I will post the 1910 later.

0 Kudos
mstrmp3
Advisor

‎07-24-2013 04:05 AM - edited ‎07-24-2013 04:07 AM

‎07-24-2013 04:05 AM - edited ‎07-24-2013 04:07 AM

Re: Simple switch to switch problem

Here is the 1910 config. 0/24 connects to the mpls router, 0/23 connects to another 1910 which only phones are connected to it, and VLAN 102 is the voip (which works perfectly)

 

<CLT-SW6>display current-config
#
version 5.20, Release 1513P13
#
sysname CLT-SW6
#
domain default enable system
#
telnet server enable
#
ip ttl-expires enable
#
lldp enable
lldp compliance cdp
#
web idle-timeout 30
#
password-recovery enable
#
igmp-snooping
#
vlan 1
#
vlan 102
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user XXXX
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
stp mode rstp
stp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.22 255.255.255.0
#
interface Vlan-interface102
ip address 10.10.2.253 255.255.255.0
#
interface GigabitEthernet1/0/1
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/2
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/3
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/4
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/5
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/6
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/7
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/8
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/9
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/10
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/11
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/12
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/13
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/14
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/15
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/16
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/17
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/18
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/19
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/20
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/21
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/22
port access vlan 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan 1 102
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/24
port link-type hybrid
port hybrid vlan 1 102 tagged
speed 100
duplex full
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/25
port access vlan 102
stp edged-port enable
#
interface GigabitEthernet1/0/26
port access vlan 102
stp edged-port enable
#
interface GigabitEthernet1/0/27
port access vlan 102
stp edged-port enable
#
interface GigabitEthernet1/0/28
port access vlan 102
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.5
ip route-static 10.11.2.0 255.255.255.0 10.10.2.254
ip route-static 10.12.2.0 255.255.255.0 10.10.2.254
ip route-static 10.13.2.0 255.255.255.0 10.10.2.254
ip route-static 10.14.2.0 255.255.255.0 10.10.2.254
ip route-static 192.168.2.0 255.255.255.0 192.168.1.254
ip route-static 192.168.4.0 255.255.255.0 192.168.1.254
#

#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme
#
return
<CLT-SW6>

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-24-2013 04:36 PM

‎07-24-2013 04:36 PM

Re: Simple switch to switch problem

What are your hosts' using as their default GW?

 

Which switchport on the 1910 is patched to the 2510?

 

You have asymetrical routing, due to a pretty bad design. I don't see why that would affect hosts on SW2 any differently to hosts on SW1 though.

 

You seem to have the 1910 configured for routing, but your design has two elements that conflict with that:

 

1/ You are using your server at 1.5 as your router for the 1.0 subnet, I think.

2/ You extend your 1.0 subnet on both sides of the 1910.

 

So basically, you have 3 routers on the 1.0 subnet, when you should only have one for such a small and simple network.

 

You should pick a router and make it do all your routing. The 1910 seems ideally placed for that, so get rid of the 1.5 router/server, and get rid of the extension of the 1.0 subnet between the 1910 and the MPLS router.

0 Kudos
mstrmp3
Advisor

‎07-25-2013 03:35 AM

‎07-25-2013 03:35 AM

Re: Simple switch to switch problem

the hosts are using 192.168.1.22 as the GW. port 21 on the 1910 is ported to port 48 of the 2510. the 1.5 address is the sonicwall firewall. The biggest issue is that I need the 192.168.4.0 subnet to use the 192.168.1.5 sonicwall for internet. that is ultimately what I want to achieve.

0 Kudos
mstrmp3
Advisor

‎07-25-2013 08:37 AM - edited ‎07-25-2013 08:39 AM

‎07-25-2013 08:37 AM - edited ‎07-25-2013 08:39 AM

Re: Simple switch to switch problem

perhaps I need to look at this differently. In referencing the attached diagram, I need Site 2's pc to use the Site 1's firewall for internet access. Based on this diagram and 2 factory fresh 1910-24g's, how would you go about programming these two?

 

PS, anything in this diagram can be changed if need be (ip addresses, GW's, VLAN's etc)

 

 

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-25-2013 07:51 PM

‎07-25-2013 07:51 PM

Re: Simple switch to switch problem

So 192.168.1.5 has a separate interface with a link to the internet on it, not on your diagram?

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-25-2013 07:55 PM

‎07-25-2013 07:55 PM

Re: Simple switch to switch problem

Oh yes, I see it in your new diagram.

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-25-2013 08:15 PM

‎07-25-2013 08:15 PM

Re: Simple switch to switch problem

See, your voice is working perfectly because you are using only one router for your Voice VLAN: the MPLS router.

 

For your data, you have two routers: your default GW plus your MPLS router, and the firewall comes into it as well.

 
 

If I were approaching this from scratch, this is how I would proceed:

1/ First I would choose whether I want my router on the network, or rely on the MPLS router on each site to provide routing and inter-VLAN routing. There can be arguments either way.

 

2/ Assuming you want control over your inter-VLAN routing on each site, then you want each site to have a layer-3 "core" switch. You now need to draw in each network as a separate segment:

a) Local LAN segment

b) WAN gateway segment

and for SiteA only,

c) Internet gateway segment

 

The "core" switch is the gateway/router between all these segments.

So (for example SiteA) you create 4 VLANs:

10: LAN DATA

20: LAN VOICE

30: WAN GW

40: WWW GW

 

You create a layer-3 VLAN interface for each VLAN.

Int VLAN 10: 192.168.1.22

Int VLAN 20: 10.10.2.254

Int VLAN 30: 10.99.1.2

Int VLAN 40: 10.99.2.2

 

You re-address the MPLS router with a single IP address (get rid of subinterfaces) of 10.99.1.1

and the Internet firewall with 10.99.2.1

 

You then need routes on your switch:

0.0.0.0/0 --> 10.99.2.1

10.14.2.0/24 --> 10.99.1.1

192.168.4.0/24 --> 10.99.1.1

 

Your firewall needs sensible routes to match:

0.0.0.0/0 --> ?ISP

10.0.0.0/8 --> 10.99.2.2

192.168.0.0/16 --> 10.99.2.2

 

Your MPLS router needs sensible routes:

0.0.0.0/0 --> 10.99.1.2

10.14.2.0/24 --> ?MPLS provider(-->SiteB)

192.168.4.0/24 --> ?MPLS provider(-->SiteB)

 

Site B is similar minus VLAN40, the core having just a default route pointing at the MPLS router, and that router having a default pointing back to SiteA and specific routes pointing at the local core for the two local LAN segments.

0 Kudos
mstrmp3
Advisor

‎07-29-2013 03:38 AM

‎07-29-2013 03:38 AM

Re: Simple switch to switch problem

"You re-address the MPLS router with a single IP address (get rid of subinterfaces) of 10.99.1.1

and the Internet firewall with 10.99.2.1"

 

Do you mean ALL the MPLS routers have an addr. of 10.99.1.1? (there are actually 5 sites total (sites A-E))

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎07-29-2013 05:07 PM - edited ‎07-29-2013 05:09 PM

‎07-29-2013 05:07 PM - edited ‎07-29-2013 05:09 PM

Re: Simple switch to switch problem

That's the example for Site A.

 

Draw up a design. It will be obvious if you look at a picture.

 

Your other sites might use the 2nd octet, perhaps:

SiteB: MPLS router, 10.98.1.1 <---->10.98.1.2, Local "Core" B

SiteC: MPLS router, 10.97.1.1 <----> 10.97.1.2, Local "Core" C

...

 

I'm sure there are plenty of completely different valid ways to approach it: the main point is that if you have a Layer3 device on a site, the connection between your layer3 device and the WAN provider's Layer3 device should be a discrete ethernet segment that isn't extended past the point-to-point facing interfaces.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.