Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

2930f intervlan routing

This thread has been viewed 68 times
  • 1.  2930f intervlan routing

    Posted Aug 12, 2017 05:07 AM

    hi,

     

    i have 3 vlans, vlan10, vlan20 and vlan30 in my single ARUBA 2930F switch ang connected to my FW... i need to know if i can make intervlan routing by using this single switch alone? like i plug my laptop in vlan10 and pc in vlan20, will they have routing between each other? is it possible without touching the FW/..thanks


    #2930F


  • 2.  RE: 2930f intervlan routing

    Posted Aug 14, 2017 02:31 AM

    It depends where is your gateway defined.

    If your switch is acting as gateway for both subnets, it can route traffic between the,

    If switch is configured as a Layer 2 device and firewall is your gateway for clients, routing has to be done on firewall.

     

    2930 is a basic layer 3 switch and is capable to do inter VLAN routing.



  • 3.  RE: 2930f intervlan routing

    Posted Aug 22, 2017 03:40 AM

    arubsVLAN.JPG

    with this setup can i have already the intervlan routing on this and get internet from the FW? i already created FW rules for all VLANs..



  • 4.  RE: 2930f intervlan routing

    EMPLOYEE
    Posted Aug 22, 2017 10:32 AM

    I just responded to this thread:

     

    http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/intervlan-routing-on-L3-and-internet-on-the-FW/td-p/305295

     

    It looks the same.  Let me know when this is different.

     

    Regards, Dobias



  • 5.  RE: 2930f intervlan routing

    EMPLOYEE
    Posted Sep 07, 2017 06:45 PM

    Hi,

     

    You cannot have both commands "ip routing" and "ip default-gateway x.x.x.x" at the same time configured at the switch.

     

    If you want to make intervlan routing, all three interfaces vlan (10, 20 and 30) must be created at the switch as the default gateway of each network.

     

    Also, maintain only the "ip routing" command with a default static route to your firewall "ip route 0.0.0.0 0.0.0.0 192.168.1.1"



  • 6.  RE: 2930f intervlan routing

    EMPLOYEE
    Posted Sep 08, 2017 03:39 AM

    IP default-gateway is only for the switch itself, so let's say management traffic. For all other traffic, you have IP routing. When no dynamic routing protocol configured this will be directly connected routes in combination with static routes. Hope this makes it clear.



  • 7.  RE: 2930f intervlan routing

    Posted Feb 18, 2019 09:36 AM

    Hi , 

     

    I have the same similiar problem. 

     

    I put the default route  0.0.0.0 0.0.0.0 192.168.12.1 (Adress of my FW ) and pass the command ip routing 

     

    But i can't ping two machnines between too vlans  (Vlan 10 and Vlan 12 )on  the same Switch V

    I put he config  also , if somehome can help please : 

    ; JL320A Configuration Editor; Created on release #WC.16.07.0002
    ; Ver #14:01.4f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:02

    hostname "CR"
    module 1 type jl320a
    radius-server host 192.168.10.5 key "evLeG05wwG"
    radius-server timeout 4
    ntp server 192.168.10.1
    ip route 0.0.0.0 0.0.0.0 192.168.12.2
    ip routing
    interface 1
    no power-over-ethernet
    exit
    interface 2
    no power-over-ethernet
    exit
    interface 3
    no power-over-ethernet
    exit
    interface 4
    no power-over-ethernet
    exit
    interface 5
    no power-over-ethernet
    exit
    interface 6
    no power-over-ethernet
    exit
    interface 7
    no power-over-ethernet
    exit
    interface 8
    no power-over-ethernet
    exit
    interface 9
    no power-over-ethernet
    exit
    interface 10
    no power-over-ethernet
    exit
    interface 11
    no power-over-ethernet
    exit
    interface 12
    no power-over-ethernet
    exit
    snmp-server community "public" unrestricted
    aaa port-access authenticator active
    oobm
    ip address dhcp-bootp
    exit
    vlan 1
    name "DEFAULT"
    no untagged 1-24
    no ip address
    ipv6 enable
    ipv6 address dhcp full
    exit
    vlan 10
    name "VIDEO_CA_INT"
    untagged 13-22
    tagged 24
    ip address 192.168.10.126 255.255.255.128
    ip igmp
    exit
    vlan 11
    name "VARICONTROL"
    untagged 1-12
    ip address 192.168.11.247 255.255.255.0
    exit
    vlan 12
    name "COM_INV"
    untagged 23
    ip address 192.168.12.1 255.255.255.252
    exit
    vlan 2000
    name "unauth"
    ip address 192.168.200.247 255.255.255.0
    exit
    spanning-tree
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

     

     



  • 8.  RE: 2930f intervlan routing

    EMPLOYEE
    Posted Feb 19, 2019 12:33 PM

    Greetings!

     

    You mention that you're trying to ping between systems on VLANs 10 and 12; I'll note that VLAN 12 is assigned an IP address on a /30 subnet, so there could only be one other device on that subnet (which appears to be the switch default route).

     

    Are your devices pointing to the switch IP address on their respective VLANs as the default gateway? (A device on VLAN 10 should point to 192.168.10.126, and one on VLAN 12 should point to 192.168.12.1)

     

     



  • 9.  RE: 2930f intervlan routing

    Posted May 14, 2022 09:03 PM

    1. how come you set ip address in forti port4 when using vlan trunk. Usually being set as 0.0.0.0/0
    2. I have similar goal but my friend want using nic ip address but not vlan ip address
    I can set nic ip address in forti

    I can't set port ip address in 2930f going to fw

    What I can set is set ip in vlan i.e

    vlan 999

    Ip xxxx
    3. https://www.arubanetworks.com/assets/ds/DS_2930FSwitchSeries.pdf

    that link said L2 switch but not L3 switch

    is that the case why I can't put ip address in nic?
    pdf said can do L3 dynamic routing like ospf
    What I know in Cisco doing L3 dynamic routing must use L3 switch like 3xxx series

    But here in 2930 it said doing L3 dynamic routing in L3 switch

    What benefit of that or any issue encountered in terms of compatibility between aruba to cisco?

    tq



    ------------------------------
    Nawir Bunai
    ------------------------------



  • 10.  RE: 2930f intervlan routing

    MVP GURU
    Posted May 16, 2022 04:56 AM
    Hello Nawir, I believe here there is a lot of confusion.

    You first need to answer this question: WHO is in charge of performing Inter-VLAN routing for the VLANs your switch has defined?

    I mean: if you let the Aruba 2930F (which is a Layer 3 capable Switch) to be the device that have the VLAN Ids defined AND that have their IP interfaces (SVI)...then is natural that you're assigning to it the role of router for those VLAN Ids. The Switch will the router for its (directly connected) VLANs AND all other network segments/IP addresses not directly connected (not part of those SVIs) will require to be necessarily managed by a proper gateway (the Next Hop gateway...generally another Router -> in your case that router will be your Firewall).

    So to simplify: Aruba 2930F could be the router for its directly connected VLAN Ids ... and have a (default) route of last resort for all other non-directly connected SVIs (the Rest of the World) pointing to another gateway (Firewall).

    Is the above your case or not?

    if it is the case, then on the Aruba 2930F it is just required that (it's a best practice) you create a Transit VLAN id and assign it an IP (say a /31) so you have a dedicated SVI you can use to route to your Firewall. Assign a port (physical or logical <- in case of links aggregation) to that VLAN Id and then tag that port with the Transit VLAN id then set the Route of Last resort on the Aruba 2930F pointing 0.0.0.0 (any other non directly connected IP address) to your Firewall.

    On your Firewall you need to do the same (so you should have the internal interface set with the other /31 IP), properly tagged and you need to have static routes that will instruct your Firewall where to route traffic with destinations on Aruba 2930F's VLAN Ids segments (basically how to route back). and so the routing between your Aruba 2930F and your Firewall is going to happen between the Transit VLAN (between your Aruba 2930F /31 IP Address and your Firewall /31 IP Address). Routing between Aruba 2930F directly connected VLANs happens and stays local to Aruba...and your Firewall just acts as a Next Hop Gateway for all traffic coming from the external world and for all traffic going to the external world.

    IF INSTEAD you don't want to assign the role of inter-VLANs router to your Aruba 2930F THEN the Firewall needs to take that duty and its internal Interface needs to be configured with all required VLAN Ids (and related IP interfaces)...at that point your Firewall will become the default router for your VLAN Ids and the role of your Aruba 2930F is just the one of a Layer 2 switch, acting as a Layer 2 extension of the Firewall's Internal interface...this means that between your Aruba 2930F and the Firewall you need to transport (tag) the VLAN Ids defined on the Firewall and that's all.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 11.  RE: 2930f intervlan routing

    Posted Jun 27, 2022 11:37 PM
      |   view attached
    hello sir..
    im new here.. i have my sonicwall firewall and does the vlan routing,, i connected the 2930f and assigned the ports for vlan 20 that is in my sonicwall and they are working.. now, i have my 1930 aruba connected to 2930f., when i set the vlan on it. it wont work.. i;ve tried trunking but it wont work.. can you give me the idea of how to make it work? thankyou


  • 12.  RE: 2930f intervlan routing

    Posted Jun 28, 2022 12:42 AM

    1. do basic test
    plug pc1 on 2930 port13 and pc2 on 1930 port 25

    a. check whether pc1 can ping gateway in sophos
    b. check pc1 can ping pc2
    c. check pc2 can ping gateway