Campus Switching and Routing

Reply
Occasional Contributor I

aruba 2920

Customer have 2 plaint office

In Plaint 1 office:

- using 30m red tone internet

- HP OfficeConnect 1910

- firewall ip address 192.168.100.1

 

In Plaint 2 office:

- Aruba 2920-24G

 

switch settings are as below

; J9726A Configuration Editor; Created on release #WB.16.02.0012
; Ver #0e:01.b0.ee.34.5f.3c.29.eb.9f.fc.f3.ff.37.ef:73

hostname "MYPCSBCSW001-DATA"
module 1 type j9726a
aruba-central disable
no rest-interface
timesync ntp
ntp unicast
ntp server 192.168.100.1 iburst
ntp enable
time timezone 480
ip default-gateway 192.168.100.1
ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip routing
snmp-server community "public" unrestricted
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
ip address dhcp-bootp
exit
vlan 2
name "VLAN2"
untagged 3-19,24
tagged 1-2,21-23
ip address 192.168.100.6 255.255.255.0
exit
vlan 10
name "MANAGEMENT"
tagged 1-2,20-23
ip address 10.60.2.254 255.255.255.0
exit
vlan 12
name "EndPoints"
tagged 1-2,20-23
ip address 10.60.6.254 255.255.255.0
ip address 10.60.7.254 255.255.255.0
dhcp-server
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
dhcp-server pool "EndPoints"
default-router "10.60.6.254"
dns-server "192.168.100.16"
lease 00:04:00
network 10.60.6.0 255.255.255.0
range 10.60.6.2 10.60.6.250
exit
dhcp-server enable
password manager

 

Question is

- now plaint 2 office want to install new firewall with new internet line and want to be primary line, he want to remail previous line as backup if new line down, he will turn off firewall and will switch over to old internet line

- Firewall ip is 192.168.10.1

 

so i add 

ip route 0.0.0.0 0.0.0.0 192.168.10.1

vlan 5
name "TIME INTERNET"
untagged 23 -> this port connect to new firewall
ip address 192.168.10.2 255.255.255.0
exit

 

Problem is, i try to ping 192.168.10.2 i will receive a reply  but when i ping to 192.168.10.1 it has no responding, whats wrong with my settings?

 

Occasional Contributor I

Re: aruba 2920

I usually wouldn't entertain these types of posts, but curiosity is getting the better of me. This is how I go about diagnosing every issue, whether believed to be networking or application, and every layer in between. I base my thought process on the 7 layer OSI model. Starting from layer 1 and ending up at 7. Do not skip any steps and don't just say you did a step as someone will find out.

 

I live by two rules before I even start to diagnose any issue. (a) can I predictably repeat the problem that I am seeing? and (b) do not make any changes until I am confident this change fixes the issue or helps clarify point (a).

 

Then the diagnosis. We need to ask ourselves questions: 

 

Firstly, are we confident Layer 1 is working

Is it plugged in? Do we have link lights? If a link is fibre, do we have light coming out of one of the fibres? is it the right strand of fibre? Is it terminated on the correct patch panel port? What does the switch think about the port(s)? Type the commandShow interface status. is the "link status" or link state showing up and the port enabled?

 

Are we confident Layer 2 is working

are we learning MAC addresses on the correct ports? type the show mac-address  command. Is the layer 2 VLAN created on the switch? Is that port in the correct VLAN? is the source and destination MAC in the same VLAN? are they supposed to be in the same VLAN? Is the MAC flapping between multiple ports? Is the port showing any packets or frames? are the packets all in one direction (TX or RX counters)? 

 

Are we confident Layer 3 is working

Does the Layer 3 device have the right MAC lined up to the right IP Address? Is it the same MAC above? Command: show ip arp and show ip route. Does the show ip route point the IP in the correct direction / or attached to the right VLAN that you checked in Layer 2? Is the route learnt the expected way (Static/Connected/OSPF/BGP/etc.)?

 

And so on we go... As you said Pinging the IP address of the firewall is not possible that's a Layer 3 problem, which means any layer below this symptom could be the cause. If you find that it's a layer 2 problem, like the switch is not learning the MAC address on that port, then it's a Layer 2 or Layer 1 problem. From here we can eliminate each layer from the equation. 

 

There are tools and questions we need to ask of every layer in the model. One last example is in Layer 4 we can use CLI and Telnet to check if the TCP port we need is open and establishing connections (4 way handshakes for example). It's very easy to say an application is running slow, but working through the layers systematically will expose the root of the issue. Our aim in this method is to identify the issue as low as possible or to prove (and be confident) that the issue is not in our layer of responsibility as network engineers.

 

 

Even after all those rules and suggestions, my random guess is the firewall probably isn't responding to ping/ICMP by default/design. Your symptom doesn't sound suspicious to me at all. You might actually find that you don't have a problem at all :) 

 

 

Cheers

Grocke

Contributor I

Re: aruba 2920

Hi,

 

You simply cannot have configured these three commands at the same time on the switch:

 

  ip default-gateway 192.168.100.1
  ip route 0.0.0.0 0.0.0.0 192.168.100.1
  ip routing

 

If you want to maintain the switch using only L2 erase

 

  ip route 0.0.0.0 0.0.0.0 192.168.100.1
  ip routing

 

But if you want to add L3 routes erase 

 

  ip default-gateway 192.168.100.1

 

 

 

*
If it helps please add Kudos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: