Vlan routing on HP 5412zl (639 Views)
Reply
Occasional Advisor
elfordty
Posts: 13
Registered: ‎01-02-2013
Message 1 of 7 (639 Views)
Accepted Solution

Vlan routing on HP 5412zl

Hi there,

 

I have been working to reconfigure my network with Vlans.  The current network has every device on the same subnet of 192.168.0.0 / 21.

 

I have been working on separating traffic out onto Vlans based on devices and everything is going great until the new Vlans try to access to the gatway.

 

Each vlan's gateway is my core 5412 switch and then I have a static route set as

ip route 0.0.0.0 0.0.0.0 192.168.0.5

 

192.168.0.5 is currently the address of the firewall, which acts as the Internet gateawy.  Now the old network can access this just fine but any of the new Vlans cannot get to this address. 

 

Any insight would be great below I have posted some of the config of the switch

 

-------------------------

 

Running configuration:

; J8698A Configuration Editor; Created on release #K.15.08.0008
; Ver #02:1b.ef:f6
hostname "ITRoom5412zl"
module 1 type j8705a
module 2 type j8705a
module 6 type j8702a
module 8 type j9154a
module 9 type j8702a
module 11 type j8702a
module 12 type j8702a
power-over-ethernet pre-std-detect
ip route 0.0.0.0 0.0.0.0 192.168.0.5
ip routing

snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no untagged A13-A19,B14,F1-F3,F5,F7,F12,H1-H2,I1,I15-I24
   untagged A1-A12,A20-A24,B1-B13,B15-B24,F4,F6,F8-F11,F13-F24,I2-I14,K1-K24,L1-L24
   ip address 192.168.0.27 255.255.248.0
   exit
vlan 3
   name "DEPLOYMENT"
   tagged B24
   ip address 172.16.3.254 255.255.255.0
   exit
vlan 16
   name "DEVICES"
   untagged H2,I1,I15-I24
   tagged B24
   ip address 172.16.16.254 255.255.255.0
   ip helper-address 172.16.17.10
   exit
vlan 17
   name "SERVERS"
   untagged F7,F12,H1
   tagged B24
   ip address 172.16.17.254 255.255.255.0
   exit

 

------------------------

show ip route

 


                                                   IP Route Entries

 Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
 ------------------ --------------- ---- --------- ---------- ---------- -----
 0.0.0.0/0          192.168.0.5     1    static               1          1
 127.0.0.0/8        reject               static               0          0
 127.0.0.1/32       lo0                  connected            1          0
 172.16.3.0/24      DEPLOYMENT      3    connected            1          0
 172.16.16.0/24     DEVICES         16   connected            1          0
 172.16.17.0/24     SERVERS         17   connected            1          0
 192.168.0.0/21     DEFAULT_VLAN    1    connected            1          0

 

 

Any help would be great

Respected Contributor
EckerA
Posts: 181
Registered: ‎07-21-2008
Message 2 of 7 (627 Views)

Re: Vlan routing on HP 5412zl

Hi, does the Firewall (192.x.x.5) know a route to the new vlans? .. hth Alex
Occasional Advisor
elfordty
Posts: 13
Registered: ‎01-02-2013
Message 3 of 7 (608 Views)

Re: Vlan routing on HP 5412zl

Hi Alex,

 

I have added routes to my firewall as seen here.  I have only added the one for VLAN 17 at the moment

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.17.254   *               255.255.255.255 UH    0      0        0 lan-1
172.16.17.0     172.16.17.254   255.255.255.0   UG    0      0        0 lan-1
10.129.96.0     *               255.255.248.0   U     0      0        0 wan-1
192.168.0.0     *               255.255.248.0   U     0      0        0 lan-1
default         10.129.96.18    0.0.0.0         UG    0      0        0 wan-1

Interface lan-1 is the inside and wan-1 is the outside.

 

Is there something else that I have to add to the switch config for this to work?  The firewall is currently on Default Vlan 1 and is the rest of the 192.168.x.x network.

 

The switch can ping 192.168.0.5 (Firewall address)

The firewall can ping 192.168.0.27 (Switch VLAN 1 address)

The firewall cannot ping 172.16.17.254 (Switch VLAN 17 address)

 

Any suggestions would be greatly appreciated.

Respected Contributor
EckerA
Posts: 181
Registered: ‎07-21-2008
Message 4 of 7 (596 Views)

Re: Vlan routing on HP 5412zl

well.. the switchconfig is just fine.. no problem there.. it must be the fw... hth Alex
Esteemed Contributor
paulgear
Posts: 655
Registered: ‎04-03-2011
Message 5 of 7 (593 Views)

Re: Vlan routing on HP 5412zl

I agree with Alex - what does the routing table on your firewall look like?
Regards,
Paul
Occasional Advisor
elfordty
Posts: 13
Registered: ‎01-02-2013
Message 6 of 7 (553 Views)

Re: Vlan routing on HP 5412zl

HI there,

 

The problem was the Firewall.  Needed to create routes back to the switch for the other networks.

 

Just for completeness if anyone is curious, I have an IPCop firewall, I had to SSH into it and run the following command for each VLAN or network:

 

route add -net 172.16.3.0 netmask 255.255.255.0 gw 192.168.0.27

 

Where 172.16.3.0 was the network needed to connect and 192.168.0.27 is the IP of the routing HP Switch.

 

Also IPCop does not remember these beyond reboots so it has to be added to the rc.d scripts that run on startup.  IPCop has some documentation on how to do this on their site for the different version.

 

Thanks for the suggestions everyone

Tyson

Esteemed Contributor
paulgear
Posts: 655
Registered: ‎04-03-2011
Message 7 of 7 (547 Views)

Re: Vlan routing on HP 5412zl

Don't forget to mark Alex's post as the solution!
Regards,
Paul
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.