Wired Intelligent Edge

 View Only
Back to discussions
Expand all | Collapse all

Routing between vlans on core

This thread has been viewed 82 times

  • 1.  Routing between vlans on core

    Posted Mar 07, 2021 04:51 AM
    Edited by Amr Ragab Mar 07, 2021 05:28 AM
    Hi all,

    we have core switch 5406r zl2 & Aruba 1930 ION and wants to make routing between VLANs on the core, so I configure VLANs and interface VLANs and enable IP routing then I tested it but I can't reach any VLAN. at some point when i assigned my laptop to any VLAN, I can reach my  Vlan GW but after while I can't. I added a static route but I removed it. hope to help me to find a solution to this issue.

    here the configuration :
    Running configuration:

    ; J9850A Configuration Editor; Created on release #KB.16.07.0003
    ; Ver #14:01.4f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:4e
    hostname "HP-Switch-5406Rzl2"
    module A type j9987a
    module B type j9987a
    trunk A9-A10 trk1 lacp
    trunk A11-A12 trk2 lacp
    trunk A13-A14 trk3 lacp
    trunk A15-A16 trk4 lacp
    trunk A17-A20 trk5 lacp
    trunk A21-A22 trk6 lacp
    trunk B1-B2 trk7 lacp
    trunk B3-B4 trk8 lacp
    trunk B5-B6 trk9 lacp
    trunk B7-B8 trk10 lacp
    trunk B9-B10 trk11 lacp
    trunk B11-B12 trk12 lacp
    trunk B13-B14 trk13 lacp
    trunk B15-B16 trk14 lacp
    trunk B19-B20 trk15 lacp
    ip routing
    snmp-server community "public" unrestricted
    oobm
    ip address dhcp-bootp
    exit
    vlan 1
    name "DEFAULT_VLAN"
    no untagged A1-A8
    untagged A23-A24,B17-B18,B21-B24,Trk1-Trk15
    ip address dhcp-bootp
    ipv6 enable
    ipv6 address dhcp full
    exit
    vlan 10
    name "VLAN10"
    tagged Trk5-Trk14
    ip address 172.18.10.254 255.255.255.0
    exit
    vlan 11
    name "VLAN11"
    tagged Trk5-Trk14
    ip address 172.18.11.254 255.255.255.0
    exit
    vlan 12
    name "VLAN12"
    tagged Trk5-Trk14
    ip address 172.18.12.254 255.255.255.0
    exit
    vlan 13
    name "VLAN13"
    tagged Trk5
    ip address 172.18.13.254 255.255.255.0
    exit
    vlan 14
    name "VLAN14"
    tagged Trk5
    ip address 172.18.14.254 255.255.255.0
    exit
    vlan 15
    name "VLAN15"
    tagged Trk5
    ip address 172.18.15.254 255.255.255.0
    exit
    vlan 20
    name "VLAN20"
    untagged A7-A8
    tagged Trk5-Trk14
    ip address 172.18.20.254 255.255.255.0
    exit
    vlan 25
    name "VLAN25"
    tagged Trk5,Trk15
    ip address 172.25.25.25 255.255.255.0
    exit
    vlan 40
    name "VLAN40"
    tagged Trk1-Trk5
    ip address 172.18.40.254 255.255.255.0
    exit
    vlan 41
    name "VLAN41"
    untagged A2-A6
    tagged Trk5-Trk14
    ip address 172.18.41.254 255.255.255.0
    exit
    vlan 49
    name "VLAN49"
    untagged A1
    tagged Trk5-Trk14
    ip address 172.18.49.254 255.255.255.0
    exit
    vlan 50
    name "VLAN50"
    tagged Trk1-Trk14
    ip address 172.18.50.254 255.255.255.0
    exit
    vlan 100
    name "VLAN100"
    tagged Trk1-Trk14
    ip address 172.18.100.254 255.255.255.0
    exit
    vlan 111
    name "VLAN111"
    tagged B17-B18
    ip address 172.18.111.100 255.255.255.0
    exit
    vlan 112
    name "VLAN112"
    tagged B17-B18,Trk5
    ip address 172.18.112.100 255.255.255.0
    exit
    vlan 192
    name "VLAN192"
    tagged Trk5-Trk14
    ip address 192.168.0.1 255.255.255.0
    exit
    spanning-tree Trk1 priority 4
    spanning-tree Trk2 priority 4
    spanning-tree Trk3 priority 4
    spanning-tree Trk4 priority 4
    spanning-tree Trk5 priority 4
    spanning-tree Trk6 priority 4
    spanning-tree Trk7 priority 4
    spanning-tree Trk8 priority 4
    spanning-tree Trk9 priority 4
    spanning-tree Trk10 priority 4
    spanning-tree Trk11 priority 4
    spanning-tree Trk12 priority 4
    spanning-tree Trk13 priority 4
    spanning-tree Trk14 priority 4
    spanning-tree Trk15 priority 4


    ------------------------------
    Amr Ragab
    ------------------------------


  • 2.  RE: Routing between vlans on core

    Posted Mar 07, 2021 08:36 AM
    Hi,

    the config look good (ip routing is enable)

    do you have configure a default gateway on your PC ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 3.  RE: Routing between vlans on core

    Posted Mar 07, 2021 10:11 AM
    hi alagoutte ,
    yes i configured a GW for pc I reach my GW but can't reach any other vlan

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 4.  RE: Routing between vlans on core

    Posted Mar 07, 2021 08:47 AM
    Hello! Say you have an VLAN unaware host connected to port A2 (port A2 is untagged member of VLAN id 41) and that host has a IP Addressing compatible with VLAN 41's subnet (172.18.41.0/24 thus the host could use, as example, the 172.18.41.1 with proper gateway IP address set to 172.18.41.254 which is exactly the VLAN 41 SVI)...with those assumptions...isn't that host able to successfully ping its gateway 172.18.41.254 and any other routed SVI on your Aruba 5406R zl2 switch?

    What's the meaning of having identical Module A and B and aggregating pair of ports (for each Port Trunk) within each Module? if Module A or B goes down...entire Port Trunks go down...not efficient. As example, it's better doing trunk A<port-n>,B<port-n> trk<interface-x> lacp (this means distributing member ports on both Modules) than doing trunk A<port-n>,A<port-m> trk<interface-x> (keeping member ports within a Module).

    ------------------------------
    Davide Poletto
    ------------------------------

    Original Message


  • 5.  RE: Routing between vlans on core

    Posted Mar 07, 2021 10:40 AM
    hi parnassus ,

    Yeah the host can reach its GW but can't reach any vlan + sometimes I pinged from Core (internally) Switch on Vlan's IP but it showed destination unreachable !!

    thanks for clarification for modules and lacp ^_^

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 6.  RE: Routing between vlans on core

    Posted Mar 07, 2021 12:23 PM
    still the same issue with the same configuration

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 7.  RE: Routing between vlans on core

    Posted Mar 07, 2021 02:10 PM
    Edited by parnassus Mar 07, 2021 02:12 PM
    Hello Amr, a fast test would be: an Host connected to a port (untagged member of VLAN id "x") set with proper IP Address/Subnet/Gateway to cope with VLAN "x" requirements performs a PING test against an other Host connected to another port (untagged member of VLAN id "y") set with proper IP Address/Subnet/Gateway to cope with VLAN "y" requirements...and vice versa. Disable any OS firewall, remove any Static Route (on Host side)...the above scenario should work considering the Switch those VLAN unaware hosts are connected to is doing IP Routing for VLAN "x" and VLAN "y" and Hosts' gateways are the VLANs' SVI. Could you reproduce this simple scenario? Does it work or not?

    Edit: you should be able to test Host A on port A2 (VLAN41) against Host B on port A1 (VLAN 49) and vice-versa. On each host use static IP addressing compatible respectively with its VLAN membership (VLAN 41 and VLAN 49 subnets).

    ------------------------------
    Davide Poletto
    ------------------------------

    Original Message


  • 8.  RE: Routing between vlans on core

    Posted Mar 07, 2021 02:50 PM
    Edited by mkk Mar 07, 2021 02:50 PM
    Hi Amr,

    Your configuration looks fine to me.

    You enable "ip route enable" that means that all connected IP interfaces on the switch are routed automaticly, no need to add an extra route for inter-vlan routing on the switch.

    Please note that a vlan must have minimum one ethernet interface up before the vlan and vlan interface become up. Commando "show vlan #vlanid#" wil show you if any interface is up or not.

    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
    ------------------------------

    Original Message


  • 9.  RE: Routing between vlans on core

    Posted Mar 10, 2021 04:36 AM
    hi all

    I reset the configuration and configure the core again (check the new one), now if I'm accessing VLAN (x) I could see any VLAN-interface but can't ping at any users, should make stating routing or something else?

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 10.  RE: Routing between vlans on core

    Posted Mar 10, 2021 07:45 AM
    Need to check on user, the default gateway (and also if the PING is allow...)

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 11.  RE: Routing between vlans on core

    Posted Mar 10, 2021 08:06 AM
    yes the GW Was right assigned and ping allowed .

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 12.  RE: Routing between vlans on core

    Posted Mar 10, 2021 11:16 AM
    Hello @Amr Ragab please triple check:

    1. disable any OS firewall (check and host can answer to incoming ping from a host in the same subnet first).
    2. remove any Static Route on Host side (if the host has the correct Default Gateway and it reaches that Gateway there should be any necessity in having a static route to reach routed subnets already routed by your Core switch).
    3. report step by step steps to reproduce.
    4. set IP statically on involved hosts.


    ------------------------------
    Davide Poletto
    ------------------------------

    Original Message


  • 13.  RE: Routing between vlans on core

    Posted Mar 12, 2021 07:19 PM
    hi  parnassus  i will test those steps today and will Feed you back

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 14.  RE: Routing between vlans on core

    Posted Mar 13, 2021 05:53 AM
    hi all ,
    the situation now is i connected two devices at same vlan , one of them can ping on the other but the other device no .
    i disabled the firewall on devices still the same issue .
    disabled the IP routing but still the same issue .

    what the problem here thought ?

    ------------------------------
    Amr Ragab
    ------------------------------

    Original Message


  • 15.  RE: Routing between vlans on core

    Posted Mar 13, 2021 05:41 PM
    Hello @Amr Ragab, I suggest you to better diagnose your hosts...two hosts within the very same VLAN's IP addressing space, connected to two interfaces both members of the very same native (AKA untagged) VLAN id of the very same Switch...must ping each others without issues provided that their IP Addressing is properly set AND OS's Firewall is properly set (or totally disabled for the sake of this reachability test). This has nothing to do with inter-VLAN routing...it's basic Host A - to - Host B IP connectivity where Host A and B are on the very same Subnet and VLAN Id. Remove from the equation the DHCP...please use Static IP Addressing (for the sake of this test at least).​​

    ------------------------------
    Davide Poletto
    ------------------------------

    Original Message


Related Content