Reply
Contributor II

Ip routing

Hello,

I have a fortinet this is my NAT-T from the public to the Controller, The RAP is UP with IPSEC and it have the VLAN 5 with the IP 192.168.5.254.

From the CLI of the controller i can ping the fortinet interface 192.168.170.200 and i can ping the host 192.168.1.125 this subnet 192.168.1.X is in another host form another interface of the fortinet.

From the rap im connected to port 1 with IP 192.168.5.109 i can ping the vlan 170 of the controller(this is the VRRP)

The Vlan 170 have the ip 192.168.170.1, the fortinet 192.168.170.200, but from the subnet of vlan 5 i cant see the 192.168.170.200 and i cant go through to the 192.168.1.125

(Aruba3400) #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.170.1 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 via 192.168.170.1*
S 192.168.1.0/24 via 192.168.170.200*
S 192.168.170.200/32 via 192.168.170.1*
C 192.168.0.0 is directly connected, VLAN1
C 192.168.5.0 is directly connected, VLAN5
C 192.168.6.0 is directly connected, VLAN6
C 192.168.10.0 is directly connected, VLAN10
C 192.168.20.0 is directly connected, VLAN20
C 192.168.30.0 is directly connected, VLAN30
C 192.168.40.0 is directly connected, VLAN40
C 192.168.50.0 is directly connected, VLAN50
C 192.168.60.0 is directly connected, VLAN60
C 192.168.70.0 is directly connected, VLAN70
C 192.168.80.0 is directly connected, VLAN80
C 192.168.90.0 is directly connected, VLAN90
C 192.168.170.0 is directly connected, VLAN170

IP Routes
Destination IP Address Destination mask Next Hop Cost
192.168.1.0 255.255.255.0 192.168.170.200 1
192.168.170.200 255.255.255.255 192.168.170.1 2



interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 1,5-6,10,20,30,40,50,60,70,80,90,170
!
interface gigabitethernet 1/1
description "VLAN170-AL-FORTINET"
trusted
trusted vlan 1-4094
switchport access vlan 170
switchport trunk allowed vlan 1,170
!
interface gigabitethernet 1/2
description "GE1/2"
trusted
trusted vlan 1-4094
switchport trunk allowed vlan 1,170
!
interface gigabitethernet 1/3
description "GE1/3"
trusted
trusted vlan 1-4094
!
interface vlan 1
ip address 192.168.0.203 255.255.255.0
!
interface vlan 5
ip address 192.168.5.1 255.255.255.0
description "VLAN-TRANSPORTES-HILLO"
!
interface vlan 6
ip address 192.168.6.1 255.255.255.0
!
interface vlan 10
ip address 192.168.10.1 255.255.255.0
!
interface vlan 170
ip address 192.168.170.1 255.255.255.0
description "VLAN-VRRP-ONLY"

What can be the problem?
Guru Elite

Re: Ip routing

What is doing the routing on VLAN5?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: