04-20-2018 07:04 AM
I've recently adquired 2 aruba switches 3800 series model JL076A. I've stacked them and interconcted to HA FOrtinet 500D cluster.
I've created some vlans in order to separate broadcast traffic between offices.
I can ping all interfaces and hosts from the switch, but I've realized that the ping from 1 host on vlan SALES can't ping a host in vlan MARKETING.
220.127.116.11 - cluster Fortinet 500D (interfaces 1/47,1/48,2/47,2/48)
A pc connected to 1/9 with ip 18.104.22.168 is able to ping 22.214.171.124 but it can't ping a pc in port 1/15 with ip 126.96.36.199. both pcs have GW the ip of the switch (188.8.131.52 and 184.108.40.206 respectively)
Can anyone help me?
Here is the config.
Running configuration: ; hpStack_KB Configuration Editor; Created on release #KB.16.04.0008 stacking member 1 type "JL076A" mac-address ecebb8-xxxxxx member 1 flexible-module A type JL083A member 2 type "JL076A" mac-address ecebb8-xxxxxx member 2 flexible-module A type JL083A exit hostname "Aruba-Stack" trunk 1/37,1/39,2/37,2/39 trk2 lacp trunk 1/38,1/40,2/38,2/40 trk3 lacp ip default-gateway 220.127.116.11 ip routing interface 1/47 lacp active exit interface 1/48 lacp active exit interface 2/47 lacp active exit interface 2/48 lacp active exit oobm ip address dhcp-bootp member 1 ip address dhcp-bootp exit member 2 ip address dhcp-bootp exit exit vlan 1 name "DEFAULT_VLAN" no untagged 1/1-1/36,1/41-1/48,1/A1-1/A4,2/1-2/36,2/41-2/48,2/A1-2/A4 untagged Trk2-Trk3 no ip address exit vlan 100 name "SALES" untagged 1/9,2/9 ip address 18.104.22.168 255.255.255.0 exit vlan 101 name "MARKETING" untagged 1/1-1/8,1/12-1/36,1/41-1/48,1/A1-1/A4,2/1-2/8,2/12-2/36,2/41-2/48,2/A1-2/A4 ip address 22.214.171.124 255.255.255.0 exit vlan 111 name "HHRR" untagged 1/10,2/10 ip address 126.96.36.199 255.255.255.0 exit vlan 128 name "MANAGERS" untagged 1/11,2/11 ip address 188.8.131.52 255.255.255.0 exit primary-vlan 101 spanning-tree spanning-tree Trk2 priority 4 spanning-tree Trk3 priority 4 no tftp server no autorun no dhcp config-file-update no dhcp image-file-update password manager password operator
Re: inter-VLAN routing
04-20-2018 07:24 AM - edited 04-20-2018 07:24 AM
I think you have to add routes between those two subnets in the Fortinet cluster since the routing is being handled by the FW.
I wonder if you could provide us with the routing table just to confirm this
Re: inter-VLAN routing
04-20-2018 07:31 AM
So the traffic between departments is kept in the switch to avoid floadding the Fortis. Only especific traffic going to the internet will be sent to the gateway.
So the stack is in charge of interconnect the vlans.
But, why is not working??