- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- vlan can't go to internet
Switches, Hubs, and Modems
1819933
Members
3499
Online
109607
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2008 08:11 PM
тАО07-20-2008 08:11 PM
Hi, i having problem can't make my vlan go to internet. Currently i have fortigate firewall and 2610 procurve switch with 3 vlan setup. Now wat problem is my other vlan can't go to internet. Please advice.
firewall - 192.168.0.254
vlan 1 - 192.168.0.1
vlan 200 - 192.168.1.1
vlan 300 - 192.168.2.1
; J9085A Configuration Editor; Created on release #R.11.07
hostname "ProCurve Switch 2610-24"
ip default-gateway 192.168.0.254
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "Server"
untagged 1,3,5,7,9,11,13,15,17,19,21,23,25-28
ip address 192.168.0.1 255.255.255.0
no untagged 2,4,6,8,10,12,14,16,18,20,22,24
exit
vlan 200
name "Production"
untagged 2,4,6,8,10,12
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.201
tagged 1,23,25
exit
vlan 300
name "Tester"
untagged 14,16,18,20,22,24
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.201
tagged 1
exit
ip route 0.0.0.0 0.0.0.0 192.168.0.254
password manager
Now only my default vlan 1 can't go to internet, my vlan 200 and vlan 300 can't.
In the firewall i already add route to my vlan:
ip route 192.168.1.0 255.255.255.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.1
Any help is appreciated.
Thanks!
firewall - 192.168.0.254
vlan 1 - 192.168.0.1
vlan 200 - 192.168.1.1
vlan 300 - 192.168.2.1
; J9085A Configuration Editor; Created on release #R.11.07
hostname "ProCurve Switch 2610-24"
ip default-gateway 192.168.0.254
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "Server"
untagged 1,3,5,7,9,11,13,15,17,19,21,23,25-28
ip address 192.168.0.1 255.255.255.0
no untagged 2,4,6,8,10,12,14,16,18,20,22,24
exit
vlan 200
name "Production"
untagged 2,4,6,8,10,12
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.201
tagged 1,23,25
exit
vlan 300
name "Tester"
untagged 14,16,18,20,22,24
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.201
tagged 1
exit
ip route 0.0.0.0 0.0.0.0 192.168.0.254
password manager
Now only my default vlan 1 can't go to internet, my vlan 200 and vlan 300 can't.
In the firewall i already add route to my vlan:
ip route 192.168.1.0 255.255.255.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.1
Any help is appreciated.
Thanks!
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2008 11:14 PM
тАО07-20-2008 11:14 PM
Re: vlan can't go to internet
Hi
The current configuration on both the 2610 and the Firewall seems to me perfect.
However, make sure that you must add a Security Policy on the Fortigate Firewall to allow internet access from both subnets:
192.168.1.0/24
192.168.2.0/24
By default, the Fortigate won;t allow such traffic, so it needs a security policy to allow that.
Good Luck !!!
The current configuration on both the 2610 and the Firewall seems to me perfect.
However, make sure that you must add a Security Policy on the Fortigate Firewall to allow internet access from both subnets:
192.168.1.0/24
192.168.2.0/24
By default, the Fortigate won;t allow such traffic, so it needs a security policy to allow that.
Good Luck !!!
Science for Everyone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2008 11:50 PM
тАО07-20-2008 11:50 PM
Re: vlan can't go to internet
hi Mohieddin
In the fortigate firwall , i already create the vlan 200 - 192.168.1.254 interface and vlan 300 - 192.168.2.254 interface and i already allow policy vlan 200 and vlan 300 to access internet already.
In the 2610 switch , if i add the route command
ip route 0.0.0.0 0.0.0.0 192.168.1.254 then only vlan200 can connect, if change to ip route 0.0.0.0 0.0.0.0 192.168.2.254 then only vlan 300 can go internet. But the problem is only this kind of default route can exist in switch. I can't add all the default route in the switch.
So now where goes wrong ...?
In the fortigate firwall , i already create the vlan 200 - 192.168.1.254 interface and vlan 300 - 192.168.2.254 interface and i already allow policy vlan 200 and vlan 300 to access internet already.
In the 2610 switch , if i add the route command
ip route 0.0.0.0 0.0.0.0 192.168.1.254 then only vlan200 can connect, if change to ip route 0.0.0.0 0.0.0.0 192.168.2.254 then only vlan 300 can go internet. But the problem is only this kind of default route can exist in switch. I can't add all the default route in the switch.
So now where goes wrong ...?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2008 05:34 AM
тАО07-21-2008 05:34 AM
Re: vlan can't go to internet
Hi
Well, I'm not sure why you've created Vlans 200,300 on the Fortigate unless you need them there since the routing is done on the switch.
What i suggest:
- Check the gateway of clients on Vlans 200,300 and it should be the switch.
- Try from one PC in Vlan200 or 300 to ping the Fortigate interface 192.168.0.254.
- From the Fortigate try to ping a client on Vlan 200 or 300.
- If you allow ping, and it was ok, then try from the client (in Vlan200 or 300) to retrieve a DNS for any web site www.google.com and see if its working or not.
- Then check your DHCP scopes in the DHCP server 192.168.0.201
And let us know your tests result.
Good Luck !!!
Well, I'm not sure why you've created Vlans 200,300 on the Fortigate unless you need them there since the routing is done on the switch.
What i suggest:
- Check the gateway of clients on Vlans 200,300 and it should be the switch.
- Try from one PC in Vlan200 or 300 to ping the Fortigate interface 192.168.0.254.
- From the Fortigate try to ping a client on Vlan 200 or 300.
- If you allow ping, and it was ok, then try from the client (in Vlan200 or 300) to retrieve a DNS for any web site www.google.com and see if its working or not.
- Then check your DHCP scopes in the DHCP server 192.168.0.201
And let us know your tests result.
Good Luck !!!
Science for Everyone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2008 06:07 AM
тАО07-21-2008 06:07 AM
Re: vlan can't go to internet
hi
- Check the gateway of clients on Vlans 200,300 and it should be the switch.
ans :yes, my client's gateways is point to the vlan of the switch.
- Try from one PC in Vlan200 or 300 to ping the Fortigate interface 192.168.0.254.
ans :it is failed - request timed out
- From the Fortigate try to ping a client on Vlan 200 or 300.
ans :in the fortigate , i can ping client on vlan 200 or 300.
So u suggest not need create the interface of vlan200 and 300 in fortigate since routing is done in the switch?
Now the problem is i can't ping 192.168.0.254 from the pc in vlan 200 or 300. Is that the main problem? So What to do to make it..?
Thanks..
- Check the gateway of clients on Vlans 200,300 and it should be the switch.
ans :yes, my client's gateways is point to the vlan of the switch.
- Try from one PC in Vlan200 or 300 to ping the Fortigate interface 192.168.0.254.
ans :it is failed - request timed out
- From the Fortigate try to ping a client on Vlan 200 or 300.
ans :in the fortigate , i can ping client on vlan 200 or 300.
So u suggest not need create the interface of vlan200 and 300 in fortigate since routing is done in the switch?
Now the problem is i can't ping 192.168.0.254 from the pc in vlan 200 or 300. Is that the main problem? So What to do to make it..?
Thanks..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2008 11:22 AM
тАО07-21-2008 11:22 AM
Solution
Hi
Usually, echo reply is disabled on the Firewalls unless you enable it,
However, since the Firewall can see your clients in Vlans 200 & 300, then:
- Delete Vlan200,300 from the Firewall.
- Check the DNS test, maybe you can ping the IP of any web address like google.com, but you can;t ping www.google.com IF its a DNS problem.
Good Luck !!!
Usually, echo reply is disabled on the Firewalls unless you enable it,
However, since the Firewall can see your clients in Vlans 200 & 300, then:
- Delete Vlan200,300 from the Firewall.
- Check the DNS test, maybe you can ping the IP of any web address like google.com, but you can;t ping www.google.com IF its a DNS problem.
Good Luck !!!
Science for Everyone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2008 10:39 PM
тАО07-21-2008 10:39 PM
Re: vlan can't go to internet
hi
It works, i just remove the vlan interface in my fortigate firewall then ok le.
Many thanks to you..
It works, i just remove the vlan interface in my fortigate firewall then ok le.
Many thanks to you..
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP