Wired

hi,

i have 3 vlans, vlan10, vlan20 and vlan30 in my single ARUBA 2930F switch ang connected to my FW... i need to know if i can make intervlan routing by using this single switch alone? like i plug my laptop in vlan10 and pc in vlan20, will they have routing between each other? is it possible without touching the FW/..thanks

It depends where is your gateway defined.

If your switch is acting as gateway for both subnets, it can route traffic between the,

If switch is configured as a Layer 2 device and firewall is your gateway for clients, routing has to be done on firewall.

2930 is a basic layer 3 switch and is capable to do inter VLAN routing.

with this setup can i have already the intervlan routing on this and get internet from the FW? i already created FW rules for all VLANs..

I just responded to this thread:

http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/intervlan-routing-on-L3-and-internet-on-the-FW/td-p/305295

It looks the same.  Let me know when this is different.

Regards, Dobias

Hi,

You cannot have both commands "ip routing" and "ip default-gateway x.x.x.x" at the same time configured at the switch.

If you want to make intervlan routing, all three interfaces vlan (10, 20 and 30) must be created at the switch as the default gateway of each network.

Also, maintain only the "ip routing" command with a default static route to your firewall "ip route 0.0.0.0 0.0.0.0 192.168.1.1"

IP default-gateway is only for the switch itself, so let's say management traffic. For all other traffic, you have IP routing. When no dynamic routing protocol configured this will be directly connected routes in combination with static routes. Hope this makes it clear.

Hi , 

I have the same similiar problem. 

I put the default route  0.0.0.0 0.0.0.0 192.168.12.1 (Adress of my FW ) and pass the command ip routing 

But i can't ping two machnines between too vlans  (Vlan 10 and Vlan 12 )on  the same Switch V

I put he config  also , if somehome can help please : 

; JL320A Configuration Editor; Created on release #WC.16.07.0002
; Ver #14:01.4f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:02

hostname "CR"
module 1 type jl320a
radius-server host 192.168.10.5 key "evLeG05wwG"
radius-server timeout 4
ntp server 192.168.10.1
ip route 0.0.0.0 0.0.0.0 192.168.12.2
ip routing
interface 1
no power-over-ethernet
exit
interface 2
no power-over-ethernet
exit
interface 3
no power-over-ethernet
exit
interface 4
no power-over-ethernet
exit
interface 5
no power-over-ethernet
exit
interface 6
no power-over-ethernet
exit
interface 7
no power-over-ethernet
exit
interface 8
no power-over-ethernet
exit
interface 9
no power-over-ethernet
exit
interface 10
no power-over-ethernet
exit
interface 11
no power-over-ethernet
exit
interface 12
no power-over-ethernet
exit
snmp-server community "public" unrestricted
aaa port-access authenticator active
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT"
no untagged 1-24
no ip address
ipv6 enable
ipv6 address dhcp full
exit
vlan 10
name "VIDEO_CA_INT"
untagged 13-22
tagged 24
ip address 192.168.10.126 255.255.255.128
ip igmp
exit
vlan 11
name "VARICONTROL"
untagged 1-12
ip address 192.168.11.247 255.255.255.0
exit
vlan 12
name "COM_INV"
untagged 23
ip address 192.168.12.1 255.255.255.252
exit
vlan 2000
name "unauth"
ip address 192.168.200.247 255.255.255.0
exit
spanning-tree
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager

Greetings!

You mention that you're trying to ping between systems on VLANs 10 and 12; I'll note that VLAN 12 is assigned an IP address on a /30 subnet, so there could only be one other device on that subnet (which appears to be the switch default route).

Are your devices pointing to the switch IP address on their respective VLANs as the default gateway? (A device on VLAN 10 should point to 192.168.10.126, and one on VLAN 12 should point to 192.168.12.1)