Wired Intelligent Edge

Hi all - not sure what I have missed here but I have a pair of 2930f switches connected to each other. Off the first one hangs the firewall and default gateway for the network, which is a seperate device. I wanted to create a new vlan for management devices (idracs etc) so on the second switch I created a new vlan (60), gave it an IP of 192.168.60.1. When I add ports to this vlan and configure the host connected to the port I can ping those hosts from the second switch but not from anywhere else.

I have added a route back to the second switch on the firewall/default gaateway and can ping the 192.168.60.1 address from anywhere so can't figure out why other address in that vlan are unreachable. Does anyone have any ideas as I've run out!

Thanks!

Sam

On your second switch, you may need to add a default route to the first switch (or the firewall) in order to enable inter-vlan routing

HTH

I have a default route on both switches pointing back to the firewall. Here is the routiing table from the second switch.

Aruba-2930F-48G-4SFP# sh ip route

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          192.168.106.1   1    static               250        1
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0
  192.168.60.0/24    MGMT            60   connected            1          0
  192.168.106.0/24   DEFAULT_VLAN    1    connected            1          0

I can reach 192.168.60.1 from any network so the route on the firewall should be good

Sorry, I did not understand the issue properly. I wonder if you have added the newly created vlan to the trunk between the two switches

HTH

This could be it! There is no trunk at the moment. So would I need a trunk on each switch with the port connecting to the other switch and the trunk added as untagged to each vlan?

Since you are using vlan 1 and vlan 60 (vlan 1 is untagged by defualt) I think you should add vlan 60 as tagged on both sides of the link between the two switches

HTH

I added a trunk on both sides with the port connecting the switches in it and then aded that Trunk to vlan 60 as tagged but alas no joy....

Okay. Could you paste the port and vlan config on both switches?

Thankyou for your help!

Switch 1:

trunk 44 trk2 trunk

interface 44
   name "TO-LOWER-ARUBA"

vlan 60
   name "MGMT"
   tagged Trk2
   no ip address

Switch 2:

trunk 1 trk1 trunk

interface 1
   name "LINK 2 UPPER SWITCH"
 vlan 60
   name "MGMT"
   untagged 2,4,11
   tagged 3,Trk1
   ip address 192.168.60.1 255.255.255.0



 

You have to configure the ip address of VLAN 60 on switch 1. Otherwise, the inter-vlan routing will not work (I assume the FW is in VLAN 1)

A similar issue is solved in the following post, you can also have a look at it: http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/intervlan-routing-on-L3-and-internet-on-the-FW/td-p/305295

HTH

Got the IP on switch 1 now - I had a look at that link. It looks like I need to follow a step in the last post:

"Offcourse, untag or tag the port connected to the FW. Tag / untag depends on how FW is configured (IEEE .Q)"

At the moment the firewall is in vlan 1, untagged. This seems to me like I need to add that port as tagged in vlan 60. Does that seem right?

Yes, you are right. You should tag that port in VLAN 60. By doing so, you will be able to manage the FW using that VLAN

HTH