Wired Intelligent Edge

Hi,

is the first time that I use Aruba switch and I have a problem with possibility to interconnect 2 Network 192.168.1.x (ports 1-4) and 192.168.2.x (ports 5-22).

I need to configure InterVLAN routing between the 2 Network.

I defined :

- VLAN 100 ports 1-4 with IP 192.168.1.1/24;

- VLAN 200 ports 5-22 with IP 192.168.2.1/24;

from CLI interface :

- ip route 192.168.1.0 255.255.255.0 vlan 100

- ip route 192.168.2.0 255.255.255.0 vlan 200

later I noticed that I probably made a mistake reversing the vlan, but I can't delete the routes even with the command: no ip route ...... how I can detele it ? 
From a PC connected to port 1 with IP 192.168.1.11 I can reach 192.168.1.1 and 192.168.2.1, in the same way from a PC on port 10 with IP 192.168.2.11 I can reach 192.168.2.1 and 192.168.1.1 but not I can't reach any of the 2 PCs.
You can help me with all the CLI commands to activate routing.
Thank you all in advance.

I NEVER used 2540 aos-switch BUT have used other AOS-switch devices.

HINTS:

>>> "...From a PC connected to port 1 with IP 192.168.1.11 I can reach 192.168.1.1..."

Did you try NO ip route 192.168.2.0 255.255.255.0  (within vlan 200 context)  while telnet/ssh to 192.168.1.1?

If not work, does the 2540 have a console port?  Attach cable to console port, log in and then remove routes.

2540 aos-s may allow ip default-gateway CLI if you remove all routes.

You may need to include a "sanitized" version of your problem 2540 CLI configuration in your airheads post.

ALL for now........

Hi!

I suggest you to login into Switch's console in order to modify running configuration without locking you out.

Once logged into Switch's console, from global configuration context try to execute these two commands to remove configured static routes:

no ip route 192.168.1.0 255.255.255.0 vlan 100
no ip route 192.168.2.0 255.255.255.0 vlan 200

Then enable IPv4 Routing by entering:

ip routing (ip route)

Validate with posting outputs of show vlan, show ip, show ip route commands.

The command above enables Switch's IPv4 Routing (it will disable the Default Gateway you eventually have set with the command ip default-gateway IP-ADDR so to continue to reach your Router of Last Resort - AKA your Gateway to external networks - you will need to add a Route of Last Resort to it with the command ip route 0.0.0.0/0 <NEXT-HOP-ROUTER-IP-ADDRESS>)

Switch IPv4 Routing will be valid for any VLAN with SVI (VLAN with IP Address set on its VLAN Interface).

That way VLAN 100 (192.168.1.1/24) and VLAN 200 (192.168.2.1/24) will partecipate to inter-VLAN routing directly into the Switch.

If ports 1-4 are untagged members of VLAN 100 and if ports 5-22 are untagged members of VLAN 200...any host properly configured (IP Address compatible with VLAN 100 or 200, Default Gateway on VLAN 100 SVI or VLAN 200 SVI) and connected into port 1-4 or 5-22
will be able to ping any other host on the peer VLAN (Host on VLAN 100 on port 1 will be able to ping Host on VLAN 200 on port 5 and vice-versa).

Hi,

Thank's parnassus, but i can't ping the pc from vlan 100 to vlan 200 and vice-versa.

=======================================================

These are the show command that you are asked :

Aruba-2540-24G-4SFPP(config)# show vlan

 Status and Counters - VLAN Information

  Maximum VLANs to support : 256                  

  Primary VLAN : DEFAULT_VLAN

  Management VLAN :             

  VLAN ID Name                         | Status     Voice Jumbo

  ------- -------------------------------- + -------------- ----- -----

  1       DEFAULT_VLAN             | Port-based No    No   

  100     Ferno                             | Port-based No    No   

  200     Lonate                            | Port-based No    No   

Aruba-2540-24G-4SFPP(config)# show ip

 Internet (IP) Service

  IP Routing : Disabled

  Default Gateway : 192.168.1.100  

  Default TTL     : 64   

  Arp Age         : 20  

  Domain Suffix   : atu2007.local                 

  DNS server      : 192.168.1.11                            

                       |                                            Proxy ARP 

  VLAN                 | IP Config  IP Address      Subnet Mask     Std  Local

  -------------------- + ---------- --------------- --------------- ----------

  DEFAULT_VLAN         | DHCP/Bootp 192.168.0.175   255.255.252.0    No    No

  Ferno                | Manual     192.168.10.1    255.255.255.0    No    No

  Lonate               | Manual     192.168.20.1    255.255.255.0    No    No

Aruba-2540-24G-4SFPP(config)# show ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.

  ------------------ --------------- ---- --------- ---------- ---------- -----

  0.0.0.0/0          192.168.1.100   1    static               250        1    

  127.0.0.0/8        reject               static               0          0    

  127.0.0.1/32       lo0                  connected            1          0    

  192.168.0.0/22     DEFAULT_VLAN    1    connected            1          0    

======================================================

the command that you are specified "ip route" is not accepted because is incomplete commad :

Aruba-2540-24G-4SFPP(config)# ip route

Incomplete input: route

Aruba-2540-24G-4SFPP(config)# 

the only command that is accepted is : ip routing

but the result is the same.

what do you think is wrong in my configuration ?

Aruba-2540-24G-4SFPP# show system

 Status and Counters - General System Information

  System Name        : Aruba-2540-24G-4SFPP                            

  System Contact     : 

  System Location    : 

  MAC Age Time (sec) : 300    

  Time Zone          : 0    

  Daylight Time Rule : None                      

  Software revision  : YC.16.07.0003        Base MAC Addr      : 3821c7-bb09c0 

  ROM Version        : YC.16.01.0002        Serial Number      : CN96JYH03P  

  Up Time            : 26 mins              Memory   - Total   : 361,058,816 

  CPU Util (%)       : 4                               Free    : 260,309,092 

  IP Mgmt  - Pkts Rx : 2178                 Packet   - Total   : 6600        

             Pkts Tx : 490                  Buffers    Free    : 4859        

                                                       Lowest  : 4842        

                                                       Missed  : 0           

Thank's in advance.

Hi,

after i powered on the PC on vlan 100 and vlan 200

Aruba-2540-24G-4SFPP(config)# show ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.

  ------------------ --------------- ---- --------- ---------- ---------- -----

  127.0.0.0/8        reject               static               0          0    

  127.0.0.1/32       lo0                  connected            1          0    

  192.168.0.0/22     DEFAULT_VLAN    1    connected            1          0    

  192.168.10.0/24    Ferno           100  connected            1          0    

  192.168.20.0/24    Lonate          200  connected            1          0    

VLAN interfaces are in Up state if at least a (logical/physical) port - in Up state - is member of them...that's why generally when you have an uplink (very often in Up state) it's a good practice to make that uplink tagged member of the VLAN(s) you want in Up state. 

Hi,

this is the coniguration :

Aruba-2540-24G-4SFPP(config)# show config

Startup configuration: 37

; JL354A Configuration Editor; Created on release #YC.16.10.0002

; Ver #14:27.44.38.04.99.03.b3.b8.ef.74.61.fc.68.f3.8c.fc.e3.ff.37.2f:33

hostname "Aruba-2540-24G-4SFPP"

module 1 type jl354a

ip routing

snmp-server community "public" unrestricted

vlan 1

   name "DEFAULT_VLAN"

   no untagged 1-22

   untagged 23-28

   ip address dhcp-bootp

   ipv6 enable

   ipv6 address autoconfig

   ipv6 address dhcp full

   exit

vlan 100

   name "Ferno"

   untagged 1-4

   ip address 192.168.10.1 255.255.255.0

   ipv6 enable

   ipv6 address autoconfig

   exit

vlan 200

   name "Lonate"

   untagged 5-22

   ip address 192.168.20.1 255.255.255.0

   ipv6 enable

   ipv6 address autoconfig

   exit

management-vlan 1

Aruba-2540-24G-4SFPP(config)# 

As parnassus said:

"The command above enables Switch's IPv4 Routing (it will disable the Default Gateway you eventually have set with the command ip default-gateway IP-ADDR so to continue to reach your Router of Last Resort - AKA your Gateway to external networks - you will need to add a Route of Last Resort to it with the command ip route 0.0.0.0/0 <NEXT-HOP-ROUTER-IP-ADDRESS>)"

Set your primary default route as a global setting.

The "NEXT-HOP-ROUTER-IP-ADDRESS" is the next upstream router or firewall.

Then test.........have your symptoms changes?

Hi parnassus,

if I ping from :

PC1

IP: 192.168.10.11/24

Gtw: 192.168.10.1

(on port 1 of switch)

to :

PC2 

IP: 192.168.20.11/24

Gtw: 192.168.20.1

(on port 5 of switch)

not work and the result is :

richiesta scaduta (Windows is in Italian language)

Have you any suggest to me ?

I don't have any idea.

Thank's a lot.

From PC1, try pinging:

First >  127.0.0.1

Second > 192.168.10.11

Next > 192.168.10.1

Post results.

---

@../smb/air wrote:

From PC1, try pinging:

 

First >  127.0.0.1

Second > 192.168.10.11

Next > 192.168.10.1

 

Post results.

---

Hi,

From PC1 :

ping 127.0.0.1   ---->   replay from127.0.0.1 ........

ping 192.168.10.11   ---->   replay from192.168.10.11 ........

ping 192.168.10.1   ---->   replay from192.168.10.1 ........

ping 192.168.20.1   ---->   replay from192.168.20.1 ........

ping 192.168.20.11   ---->   request timeout

and the same from PC2 

Thank's

I have forgotten all your tests.

From the 2540 can you PING:

PC1

PC2

Also:

If you do not need ipv6, try removing/disabling ipv6 and then test pinging PC1 to PC2  and PC2 to PC1.

Ciao, if PC1 and PC2 are able to ping the VLAN SVI of they counterpart peer host under test (you reported that PC1 192.168.10.11 -- ping --> PC2's VLAN SVI 192.168.20.1 and PC2 192.168.10.11 -- ping --> PC1's VLAN SVI 192.168.10.1)...then it is a matter of PC(s) OS Firewall. Triple check that. Check PC1 and PC2 routing table (if Microsoft via DOS shell route print command)

From the Switch try to ping PC1 and PC2 addresses. Do the ping(s) work?

Ciao parnassus,

OS firewall problem I enabled igmp ipv4 rule on PC1 and PC2 but that is not enough.

OS firewall disableb ping is now working.

Thank's very much.

Good day i have similar problem

i have 2540 layer 2 switch acting as the main CORE switch.

 i have defined my vlans on the switch (vlan 2,3,4)

from the PC (10.1.50.1 vlan 2) i can ping the vlan gateway(10.1.50.254), i can ping the gateway of vlan 1--192.168.0.254 from the PC, but i cannot ping  none of any assets sitting on VLAN 1, and also  from the switch i cannot ping the PC, Firewall has been disabled.

Any help please

Hi, it's always better to start a new thread providing all required information.

Are you able to provide sanitized configuration of your Aruba 2540? how exactly are you testing routing between hosts belonging to differents VLANs? how are configured ports where those hosts are connected?