- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: Problems with VLAN Configuration between HP 29...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2014 06:33 AM
тАО01-16-2014 06:33 AM
Problems with VLAN Configuration between HP 2920-24G Switch and Firewall
Hello there,
we've got some issues with the configuration of vlans between a HP 2920-24G switch and a WatchGuard XTM330 Firewall.
We have configured 2 VLANs on the Switch. VLAN-21 and VLAN-24.
VLAN-21 192.168.2.1 Ports 3-12 untagged
VLAN-24 192.168.4.1 Ports 13-22 untagged
We enabled Routing and configured DHCP-Helper IP for DHCP-Server which is in VLAN-21 to work also in VLAN-24.
The Interface on the Firewall which is connected to Port1 of the Switch has the IP 192.168.1.254.
In The Firewall Configuration this Interface is configured as TAGGED with VLAN-21 and VLAN-24.
Also Port1 (2, 23/24) on the Switch is TAGGED with both VLANs (VLAN-21 and VLAN-24).
If we now plug in a client in VLAN-21 or VLAN-24 Port we cannot reach/ping the Firewall (192.168.1.254).
But clients/devices can communicate with each other from VLAN-21 to VLAN-24 and vice versa, that works.
And also the DHCP-Server in VLAN-21 can provide IP-Adresses to clients in the VLAN-24.
We did test several things but do not know why we cannot communicate with the firewall from the VLAN-21 or VLAN-24 on the Switch Side.
Even if we plug the firewall directy to a VLAN-21 or VLAN-24 Port communication is not possibly.
Did we miss something elementary?
Would be great if you could provide us some input what we can do to solve this problem.
Here's the Config of the Switch:
------------------------------------------------------------------------
; J9726A Configuration Editor; Created on release #WB.15.12.0010
; Ver #04:01.ff.35.0d:c2
hostname "HP-2920-24G"
module 1 type j9726a
ip default-gateway 192.168.0.254
ip routing
snmp-server community "public" unrestricted
snmp-server contact "XXX" location "YYY"
vlan 1
name "VLAN_21"
no untagged 13-22
untagged 3-12,A1-A2,B1-B2
tagged 1-2,23-24
ip address 192.168.1.1 255.255.255.0
exit
vlan 2
name "VLAN_24"
untagged 13-22
tagged 1,23-24
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.1.1
exit
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
---------------------------------------------
Basically we want to achieve, that the Switch does the internal LAN routing, so that the Firewall Load isn't additionally getting stressed by doing LAN routing. Firewall should only do "WAN-Stuff". One Interface from the Firewall should be connected to Switch. And via this Interface both VLANs should exchange their Traffic.
Perhaps there's a better way or other approach to accomplish that!?
Any Ideas and inout is appreciated...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2014 05:03 PM
тАО02-03-2014 05:03 PM
Re: Problems with VLAN Configuration between HP 2920-24G Switch and Firewall
Firstly fix the names of your VLANs to match their VLAN numbering to avoid confusion :-)
We could have a simple VLAN1 & VLAN2 for clients as 192.168.1.0/24 and 192.168.2.0/24 make the switch IP 192.168.x.1 in each subnet with a 255.255.255.0 mask.
Or use .2 and .4 it really doesn't matter but tr yand keep it as simple as possible.
Secondly your IP helper address in vlan 2 is pointing to the switch IP in vlan 1? It should be the IP of the DHCP serving server in 192.168.1.x not the switch L3 interface.
Then...
Create a third VLAN (say VLAN 99) and put the uplink port of the switch (to the firewall) in vlan99 as an untagged port.
You only need 2 IP addresses in this subnet but lets have some wriggle room just in case we need to do something else with it one day - with 192.168.99.1 255.255.255.248 on the switch and 192.168.99.2 255.255.255.248 on the firewall.
Create a static route 0.0.0.0 0.0.0.0 192.168.99.2
This sends any unknown traffic out towards the firewall / internet.
You should then be routing between VLANs 1& 2 and routing via VLAN99 whenever you need to go elsewhere (via the firewall).
You don't need "tagged" ports in this design as you are routing between all your VLANs which are connected on the same switch.
HTH
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2014 05:59 AM
тАО03-05-2014 05:59 AM
Re: Problems with VLAN Configuration between HP 2920-24G Switch and Firewall
We found the problem.
It was a missmatch of the vlan name.
I did the switch configuration and my workmate did the firewall configuration.
For me it would be obvious to name the vlans identical on both sides (firewall and switch)
but my workmate thought only vlan id had to be identical.
So this problem is fixed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2014 12:36 PM
тАО08-07-2014 12:36 PM
Re: Problems with VLAN Configuration between HP 2920-24G Switch and Firewall
In the solution offerred what do you put in the default gateway in the switch IP address? I set up as you suggested. I have 5 VLANs one for the firewall and remote clients, the rest for VoIP phones, wireless, clients, and servers. The fw is on 192.168.244.1/24 but if I set that as the default gateway on the switch (via the GUI) it didn't route. Do I have to reboot the switch to see the affect. The old default route was on the server vlan and has been working that way for a long time. I wanted to get the firewall traffice off the server network.
Much thx