Network Management

 View Only
last person joined: 2 days ago 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

HPE-2530 and Netgate 7100

This thread has been viewed 23 times
  • 1.  HPE-2530 and Netgate 7100

    Posted Jan 03, 2022 10:01 AM

    I am trying to get inter vlan routing setup and I can't seem to get it working.

    I have the Aruba hpe-2530 setup with vlans 11,50, 200, 250, 500  each with ports untagged and the tagged as port 48 for each vlan.  the aruba is connecting to another switch (unifi 16 port going to a 24 port unifi then going to the netgate 7100).

    now...I can get to the internet from each vlan but can't get the inter vlan routing working.

    the firewall is setup correctly as I have verified that....rules on the pfsense:  Action: Pass / Protocol: ANY / Source: ANY / Dest: Any

    so this should work but nothing.  Not sure if each port has to be tagged or just the one port tagged?

    so for example I have:  vlan 50, ports: 2-20 untagged, port 48 tagged, vlan 200, ports 21-30 untagged, port 48 tagged.  
    I can't get the intervlan routing working?  Is this the correct setup?

    any help would be great.

    Ernest Grogg

  • 2.  RE: HPE-2530 and Netgate 7100

    Posted Jan 03, 2022 12:40 PM
    Hello Ernest, since the HP (Aruba) 2530 isn't capable of VLAN routing (no Layer 3 features) it's quite clear that there should be a router on your network to do that the Netgate 7100 Security Gateway configured to do that? I mean...the Netgate 7100 should be configured with VLAN SVIs (thus VLAN 50 with its IP Address, VLAN 200 with its IP Address and so on...), a LAN interface tagged member of those VLANs should be configured to downstream Layer 2 switch (it is the HP 2530 or another...if another is then important that those VLANs are allowed on the downstream HP 2530 from the upstream Switch). If so...the only thing you need on the Security Gateway is the correct Access Policies, VLAN 50 Clients will use the VLAN 50 SVI on the Security Gateway as their Default Gateway (the same for VLAN 200 Clients). Inter-VLAN Routing will then be in charge of the Security Gateway (the LAN interface will become the transit link to/from different VLANs...also a physical bottleneck).

    Davide Poletto

  • 3.  RE: HPE-2530 and Netgate 7100

    Posted Jan 03, 2022 02:16 PM
    Hello Sir,

    I have been doing some research and looking at your reply, my layer 3 device is the 7100 netgate controller.  it is handling the dhcp, dns, and so forth.  

    The only think I can think of in looking at my logs and the mac-address-table in both the Aruba and the other switches, that the VLan 1 (default vlan in Aruba) is not getting an IP from the dhcp server (7100) but the other vlans are getting the IP for each.  I may try to clear all tables and reconnect the aruba directly to the 7100 and the other switches to the 7100.  Not sure though if the Unifi equipment is not passing properly since all the vlans and mac tables look fine?  

    the way it is currently setup is the Aruba is at the bottom of network diagram.  Aruba/unifi 16 / unifi 24/7100.  We have others but that is the basics.  maybe take those core and run directly to the 7100 (unifi and aruba)  and see what happens?

    Ernest Grogg

  • 4.  RE: HPE-2530 and Netgate 7100

    Posted Jan 04, 2022 10:21 AM
    Is the pfSense the same as the Netgate 7100?

    If you get an IP from the DHCP in the expected range/VLAN (running on the pfSense) when connected to the Aruba switch, and have internet, that means your VLAN is configured correctly. If there is no ip routing at that point between VLANs, but there is connectivity from each of the VLANs to the internet, that means the issue is at the pfSense. It may be that pfSense is stateless for icmp, and if you test with ping that the return traffic is not allowed. Testing with a tcp service looks better to me.

    You can probably run a tcpdump on the pfSense on both interfaces where you expect the routing to happen between, and see if the packet from the sending client arrives on the source VLAN, then if it goes out on the destination VLAN, then if there is a response on the destination VLAN and if it is sent back on the source VLAN. Sounds like an routing/firewall/NAT thing from what I read.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

  • 5.  RE: HPE-2530 and Netgate 7100

    Posted Jan 04, 2022 10:43 AM
    @Herman Robers


    "Is the pfSense the same as the Netgate 7100?" 


    I do get an IP in the expected range on each VLAN.  ​

    " If there is no ip routing at that point between VLANs, but there is connectivity from each of the VLANs to the internet, that means the issue is at the pfSense"

    that makes perfect sense.  I have looked at the Firewall rules and they do look right and should be allowing the interVLAN routing.

    Since pfSense is new to me, I need to read on how to do the tcpdump.  Perhaps I will have to contact Netgate to find out what is going on.  I have not yet been able to get it fully operational in the 2 weeks we have put in the pfSense box.  It may not be related then to the Aruba.  that was my initial thoughts since this was never fully operating between VLANS.  All VLANS look to be working correctly and getting access to resources within each VLAN, but to communicate between 2 VLANs, it don't work.  Must be related to pfSense.  

    Thanks for the response and thoughts.

    Ernest Grogg