I maybe doing something really stupid here but help me out please! My inter-vlan routing isnt working if thats even a thing in these 8320's!
I have setup VSX, my ISL, all my VLANs, a VLAN interface on each switch and and active-active gateway which im using as my Default GW for each network. I have a MCLAG setup which is connected to a 2530 which has a trunk port with LACP enabled and all VLANS passing. When im untagged (access interface) say on VLAN 56 (my server network) on the 2530 or even the 8320's i can ping my own gateway but i cant ping say my ESXI host which is on VLAN 60 or any other gateway/vlan interface for that matter
My routing table looks ok, my VLAN interfaces are all up, i can ping all my active-active gatways from both switches when connecting via console or the mgmt interface. Im not sure if im missing anything glaringly obvious with my vlanning... my brain is melting at the moment for various reasons!!
for testing purposes
My laptop vlan 56 int 1/1/47
esxi host vlan 60 int 1/1/1
THCORCSW001# show ip route
Displaying ipv4 routes selected for forwarding
'[x/y]' denotes [distance/metric]
10.10.10.0/24, vrf defaultvia 1/1/48, [0/0], connected10.10.10.1/32, vrf defaultvia 1/1/48, [0/0], local192.168.55.0/24, vrf defaultvia vlan55, [0/0], connected192.168.55.1/32, vrf defaultvia vlan55, [0/0], local192.168.56.0/24, vrf defaultvia vlan56, [0/0], connected192.168.56.1/32, vrf defaultvia vlan56, [0/0], local192.168.59.0/24, vrf defaultvia vlan59, [0/0], connected192.168.59.1/32, vrf defaultvia vlan59, [0/0], local192.168.60.0/24, vrf defaultvia vlan60, [0/0], connected192.168.60.1/32, vrf defaultvia vlan60, [0/0], local192.168.61.0/24, vrf defaultvia vlan61, [0/0], connected192.168.61.1/32, vrf defaultvia vlan61, [0/0], local192.168.108.0/24, vrf defaultvia vlan108, [0/0], connected192.168.108.1/32, vrf defaultvia vlan108, [0/0], local
THCORCSW001(config)# sho running-configCurrent configuration:!
!Version ArubaOS-CX TL.10.02.0010
hostname THCORCSW001user admin group administrators password ciphertext AQBapfbSY1uzjZ/40WaQibGkyx/Gw9mKR0xhKwXS3vo9e+45YgAAAPCTkx45NoDXF1aBh6l5Kk27VUmlqMZ2P6sdRGgOUuQVrqwUpXCGgGbBjXeFRTuaXZwn5XrUm+ElP0XKK/EyV379ZWujHo1l+mPeKBw1uyg5uvIGag7kJG+wxIXm8ICPPAKRntp enable!!!
ssh server vrf mgmt!!!!!vlan 1vlan 55vsx-syncdescription PC/Laptopsvlan 56vsx-syncdescription Serversvlan 57vsx-syncdescription iSCSI Avlan 58vsx-syncdescription iSCSI Bvlan 59vsx-syncdescription Backupvlan 60vsx-syncdescription Management/ILOvlan 61vsx-syncdescription WiFivlan 62vsx-syncdescription DMZvlan 108vsx-syncdescription Printersinterface mgmtno shutdownip static 192.168.60.11/24default-gateway 192.168.60.254nameserver 192.168.108.226interface lag 1 multi-chassisvsx-sync vlansno shutdownno routingvlan trunk native 1vlan trunk allowed 55-56,59-61,108lacp mode activeinterface lag 128no shutdownno routingvlan trunk native 1 tagvlan trunk allowed alllacp mode activeinterface 1/1/1no shutdownno routingvlan access 60interface 1/1/33no shutdownlag 1interface 1/1/47no shutdownno routingvlan access 56interface 1/1/48description keep-alive interfaceno shutdownip address 10.10.10.1/24interface 1/1/51no shutdownlag 128interface 1/1/54no shutdownlag 128interface vlan55vsx-sync active-gatewaysip address 192.168.55.1/24active-gateway ip 192.168.55.254 mac 00:00:00:00:00:55interface vlan56vsx-sync active-gatewaysip address 192.168.56.1/24active-gateway ip 192.168.56.254 mac 00:00:00:00:00:56interface vlan59vsx-sync active-gatewaysip address 192.168.59.1/24active-gateway ip 192.168.59.254 mac 00:00:00:00:00:59interface vlan60vsx-sync active-gatewaysip address 192.168.60.1/24active-gateway ip 192.168.60.254 mac 00:00:00:00:00:60interface vlan61vsx-sync active-gatewaysip address 192.168.61.1/24active-gateway ip 192.168.61.254 mac 00:00:00:00:00:61interface vlan108vsx-sync active-gatewaysip address 192.168.108.1/24active-gateway ip 192.168.108.254 mac 00:00:00:00:01:08vsxinter-switch-link lag 128role primarykeepalive peer 10.10.10.2 source 10.10.10.1https-server vrf mgmtTHCORCSW001(config)#
The management nic isn’t no as it’s untagged on 60. I did also make its interface a trunk native on vlan 1 tagged on 60 and tagged the ESXi mgmt interface on vlan 60, same behaviour. I was using it just as some form of host on the network thinking it’s some weird Aruba OS-CX thing where you can’t ping other gateways but you can hosts on other network.
Can you ping the management ip address from your PC?
Is there no default gateway (0.0.0.0/0 route on your 8320?
Did you try it without the managment interface connected?
Is Spanning-tree active in your network?
@mrtwentytwo wrote:Hi Can you ping the management ip address from your PC? Is there no default gateway (0.0.0.0/0 route on your 8320? Did you try it without the managment interface connected? Is Spanning-tree active in your network?
By mgmt ip do you mean the switch mgmt interface? If so, yes i can ping the management IP and ssh to it if im also in a port that is only untagged on vlan 60 like the management interface is.
It hasnt got a default route at the minute, it will be the customers firewall when in place on site. Does it need a default route out if i dont need to get to the internet or outside my core networks at the minute? I should still be able to route to the the other networks that are in my routing table right? which i cant.
i havent tried it without the management interface.
no spanning tree.
@danieltudares wrote:Hi, with your laptop on a port on vlan 56 (untagged), do you have your laptop's default gateway setup to 192.168.56.254?Also, do you have your default gateway on the esxi host to 192.168.60.254?If you connect your laptop on an untagged port on vlan 60, can you ping the managemen IP at 192.168.60.11? On that same vlan, can you ping your esxi host?
That is correct. Im using the active gateways as my default gateway on all my hosts. If my devices are on the same VLAN (untagged) they can ping each other. If they're in a different vlan on a different network they cannot ping each other. Its as if my routing table is non existent and its just dropping the packet as there is no default route or anything. I mean im just trying to create some simple inter-vlan routing, how hard can it be!?
@mrtwentytwo wrote:HiDid you try:Different software?Only one core active?(sketch off one core)Add a default route?
Sorry what do you mean by different software?
I've got a simple vigor router out which im going to setup to simulate the customers firewall and make it the default route for the switch. Still i didnt think id need to do this to get inter-vlan routing working.
You are running 10.02.0010. did you try 10.02.0001?
@mrtwentytwo wrote:Hi You are running 10.02.0010. did you try 10.02.0001?
I was running that, but i upgraded to the latest as support told me to because the serial port was faulty, in the end it was hardware related. Ive only ever used 10.02.00010 when ive had VSX and vlan interfaces in play.
as per always this issue was something really stupid. My laptop was doing some weird routing. From the esxi host i could ping every gateway and even my laptop... once id turned the windows firewall off. Derp!
Thanks for the update!
@mrtwentytwo wrote:HiHow is the vsx status?
All looks good. Both primary and secondary are in sync and active.
Im not at the switches right now or i would post the results
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.