Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

2930f routing

Hi all - not sure what I have missed here but I have a pair of 2930f switches connected to each other. Off the first one hangs the firewall and default gateway for the network, which is a seperate device. I wanted to create a new vlan for management devices (idracs etc) so on the second switch I created a new vlan (60), gave it an IP of 192.168.60.1. When I add ports to this vlan and configure the host connected to the port I can ping those hosts from the second switch but not from anywhere else.

 

I have added a route back to the second switch on the firewall/default gaateway and can ping the 192.168.60.1 address from anywhere so can't figure out why other address in that vlan are unreachable. Does anyone have any ideas as I've run out!

 

Thanks!

Sam

Frequent Contributor I

Re: 2930f routing

On your second switch, you may need to add a default route to the first switch (or the firewall) in order to enable inter-vlan routing

 

HTH

Occasional Contributor I

Re: 2930f routing

I have a default route on both switches pointing back to the firewall. Here is the routiing table from the second switch.

 

Aruba-2930F-48G-4SFP# sh ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          192.168.106.1   1    static               250        1
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0
  192.168.60.0/24    MGMT            60   connected            1          0
  192.168.106.0/24   DEFAULT_VLAN    1    connected            1          0

 

I can reach 192.168.60.1 from any network so the route on the firewall should be good

Frequent Contributor I

Re: 2930f routing

Sorry, I did not understand the issue properly. I wonder if you have added the newly created vlan to the trunk between the two switches

 

HTH

Occasional Contributor I

Re: 2930f routing

This could be it! There is no trunk at the moment. So would I need a trunk on each switch with the port connecting to the other switch and the trunk added as untagged to each vlan?

Frequent Contributor I

Re: 2930f routing

Since you are using vlan 1 and vlan 60 (vlan 1 is untagged by defualt) I think you should add vlan 60 as tagged on both sides of the link between the two switches

 

HTH

Occasional Contributor I

Re: 2930f routing

I added a trunk on both sides with the port connecting the switches in it and then aded that Trunk to vlan 60 as tagged but alas no joy....

Frequent Contributor I

Re: 2930f routing

Okay. Could you paste the port and vlan config on both switches?

Occasional Contributor I

Re: 2930f routing

Thankyou for your help!

Switch 1:

trunk 44 trk2 trunk

interface 44
   name "TO-LOWER-ARUBA"

vlan 60
   name "MGMT"
   tagged Trk2
   no ip address

Switch 2:

trunk 1 trk1 trunk

interface 1
   name "LINK 2 UPPER SWITCH"
 vlan 60
   name "MGMT"
   untagged 2,4,11
   tagged 3,Trk1
   ip address 192.168.60.1 255.255.255.0



 

Frequent Contributor I

Re: 2930f routing

You have to configure the ip address of VLAN 60 on switch 1. Otherwise, the inter-vlan routing will not work (I assume the FW is in VLAN 1)

 

A similar issue is solved in the following post, you can also have a look at it: http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/intervlan-routing-on-L3-and-internet-on-the-FW/td-p/305295

 

HTH

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: