Wired Intelligent Edge

Hi,

I got problem configuring HP Procurve 2920 with 4 vlan. How to make each other communicate. I cannot ping each other.  Below is my configuration done on HP 2920 and currently we also use cyberoam firewall. Here I attach my diagram showing what i have done.

Running configuration:

; J9726A Configuration Editor; Created on release #WB.15.11.0007
; Ver #03:12.15.0d:09

hostname "HP-2920-24G"
module 1 type j9726a
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip routing
snmp-server community "public" unrestricted
oobm
   ip address dhcp-bootp
   exit
vlan 1
   name "VLAN_L11"
   no untagged 5-20
   untagged 1-4,A1-A2,B1-B2
   tagged 21-24
   ip address 192.168.0.4 255.255.255.0
   exit
vlan 10
   name "VLAN_L12"
   untagged 5-8
   tagged 21-24
   ip address 192.168.1.4 255.255.255.0
   exit
vlan 20
   name "VLAN_L16"
   untagged 9-12
   tagged 21-24
   ip address 192.168.2.4 255.255.255.0
   exit
vlan 30
   name "VLAN_L22"
   untagged 13-16
   tagged 21-24
   ip address 192.168.3.4 255.255.255.0
   exit
vlan 40
   name "VLAN_WIFI"
   untagged 17-20
   tagged 21-24
   ip address 192.168.4.4 255.255.255.0
   exit

thanks for helping.

what are you using as default gateway on your client ?

And then, is your Windows firewall enabled and blocking the pings?

So change their default GW to .4

like vince told, change ur default gateway on the client to .4 in the subnet you want

Then you will be able to route between subnets

What you've done is you've extended one subnet to a 2nd Layer3 device.

You should either create a new VLAN for the firewall connection, or create a new VLAN and move all your devices off VLAN1 onto it.

hi,

now my vlan1 (default_vlan) can ping to pc on 192.168.1.x (vlan2) and pc on vlan2 got internet access and can ping to my firewall (192.168.0.1) but now the problem is pc on vlan2 cannot ping to pc on vlan1 (dfealut_vlan). During tracert to 192.168.0.252(Vlan1)  from machine 192.168.1.5(Vlan2), The L3 switch not forward the traffic to Cyberoam(firewall) next hop 192.168.0.1 

Even when i do traceroute 192.168.0.1 it say host unreacable....

Can someone help me?

I'm confused - I thought your 192.168.1.0 subnet was on VLAN10?

Your PCs on the 192.168.1.0 subnet have 192.168.1.4 as their default GW, right?

192.168.1.4 is the L3 switch, right?

If you do a sh ip route on the L3 switch, you should see the 192.168.0.0 subnet is local, right?

So why would a traceroute from 192.168.1.0 subnet go to 192.168.0.1?

It should go to 192.168.1.4, then the L3 switch has the destination subnet as a local route, so it should forward the packet onto 192.168.0.0 locally, using 192.168.0.4 as the source IP address, no?

Also, what I said before - you have two Layer3 devices on the 192.168.0.0 subnet: the L3 switch and the firewall. Plus, the same subnet has hosts on it. This is not a good design.

Your connection between your L3 switch and your firewall should be a point-to-point link in a VLAN that is not extended out any other port on either device. Your network would be far less confusing like that, plus you avoid some asymmetric routing that you currently will get.