Wired Intelligent Edge

Hi

I'm new with Aruba-switches.

My schematic :

When i put a pc in port 1 (IP 10.10.100.101 - GW 10.10.100.254) , I can manage all the switches and go on the internet.

Now what should I do for the following:

Put a pc in port 5 of the 1210-16 so he get an IP (from dhcp on vlan30) and then this pc allow to go on the internet?

Thx for help

Delan

Hi Delan,

 

Just to verify I think you mean VLAN 20 right? Do you get an IP with correct default gateway from DHCP? Do you have ip routing enabled on the 2930f?

 

Regards, Dobias

Hi Dobias

yes , I have set all the ip-addresses manualy as in the schema.

IP routing is on.

The gateway's of the pc's (per vlan) are the ip addresses of the vlan interfaces.

I was struggling today and had no result.

It's like the routing isn't work.

I checked and the switch is in L3-mode.

 

hi

I setup a test environment

The pfsense 10.70.200.254

switch 2930f :

Running configuration:

; JL259A Configuration Editor; Created on release #WC.16.03.0004
; Ver #10:08.3f.ff.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:7e
hostname "Core"
module 1 type jl259a
ip default-gateway 10.70.200.254
ip routing
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 13-14
untagged 1-12,15-28
ip address 10.70.200.11 255.255.255.0
exit
vlan 100
name "VLAN100"
untagged 13-14
tagged 24
ip address 10.70.201.12 255.255.255.0
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

Core(config)#

 

Core(config)# sh ip

Internet (IP) Service

IP Routing : Enabled

Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | Manual 10.70.200.11 255.255.255.0 No No
VLAN100 | Manual 10.70.201.12 255.255.255.0 No No

Core(config)#

 

Core(config)# sh ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
10.70.200.0/24 DEFAULT_VLAN 1 connected 1 0
10.70.201.0/24 VLAN100 100 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0

Core(config)#

 

This are all the settings

PC1 (in port 1) 

IP : 10.70.200.101 - GW : 10.70.200.254 - MASK : /24

PC2 (in port 13)

IP : 10.70.201.102 - GW : 10.70.201.12 - MASK : /24

(also tried with GW : 10.70.200.254)

 

From PC 1 ok to internet, no ping to pc2

From PC2 no internet and no ping to pc1

 

I don't understand it ????

 

Help please

Where can I try something?

THX

 

Hi

I made a test environment :

The pfsense is 10.70.200.254 /24 in port 24

Switch settings :

Core# sh ru

Running configuration:

; JL259A Configuration Editor; Created on release #WC.16.03.0004
; Ver #10:08.3f.ff.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:7e
hostname "Core"
module 1 type jl259a
ip default-gateway 10.70.200.254
ip routing
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 13-14
untagged 1-12,15-28
ip address 10.70.200.11 255.255.255.0
exit
vlan 100
name "VLAN100"
untagged 13-14
tagged 24
ip address 10.70.201.12 255.255.255.0
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

 

Core# sh ip

Internet (IP) Service

IP Routing : Enabled

Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | Manual 10.70.200.11 255.255.255.0 No No
VLAN100 | Manual 10.70.201.12 255.255.255.0 No No

 

Core# sh ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
10.70.200.0/24 DEFAULT_VLAN 1 connected 1 0
10.70.201.0/24 VLAN100 100 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0

 

The PC's

PC1 in port 1

IP : 10.70.200.101 - GW : 10.70.200.254 MASK : /24

PC2 in port 13

IP : 10.70.201.102 - GW : 10.70.201.12 MASK : /24

 

PC1 : internet ok, ping to pc2 is not ok

PC2 : internet not ok, ping to pc1 not ok

on pc2 also tried with GW : 10.70.200.254 (same result)

 

I can't understand. I think there is something ...... I don't see it.

 

Help please !!

THX

Let's start to break this down. In your last example you mentioned PC2 couldn't ping PC1. This was done from 2930f in port 13 right? Can you ping VLAN100 and VLAN1 IP when PC2 is connected in this port 13?

I'm sorry not sure but was logged in with my wrong username. Just checking your config again and see that you configured ip default-gateway. This command set-up routing for switch itself (for e.g. management) when ip routing is disabled. You need to configure static default route via ip route 0.0.0.0 0.0.0.0 x.x.x.x for the router itself. Hope this helps!!

Hi Dobias

I already tried this. no ip routing and then ip rout 0.

0.0.0 0.0.0.0 10.70.200.254 (the default gateway)

That was'nt WORKING :-(

I have already did hard resets to factory ....

No result

Delan009

Hi,

 

It's the other way around. Enable IP routing and than ip route 0.0.0.0 0.0.0.0 x.x.x.x to add static default. IP default gatway is used when ip routing is disabled for switch itself.

Hi Dobias

here my switch settings (as your recomm.)

Core(config)# sh ru

Running configuration:

; JL259A Configuration Editor; Created on release #WC.16.03.0004
; Ver #10:08.3f.ff.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:7e
hostname "Core"
module 1 type jl259a
ip default-gateway 10.70.200.254
ip route 0.0.0.0 0.0.0.0 10.70.200.254
ip routing
snmp-server community "public" unrestricted
router rip
redistribute connected
enable
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 13-14
untagged 1-12,15-28
ip address 10.70.200.11 255.255.255.0
exit
vlan 100
name "VLAN100"
untagged 13-14
tagged 24
ip address 10.70.201.12 255.255.255.0
exit
spanning-tree
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

Core(config)# sh ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 10.70.200.254 1 static 1 1
10.70.200.0/24 DEFAULT_VLAN 1 connected 1 0
10.70.201.0/24 VLAN100 100 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0

Core(config)# sh ip

Internet (IP) Service

IP Routing : Enabled

Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | Manual 10.70.200.11 255.255.255.0 No No
VLAN100 | Manual 10.70.201.12 255.255.255.0 No No

 

Now it's more bad :

PC1 can ping to def.gateway (10.70.200.254) and internet

PC1 can't ping any more to VLAN100 ip (10.70.201.102)

 

PC 2 can only ping to his interface (10.70.201.12) and nothing else.

 

My feeling is that there is something wrong with this switch !

THX for your tips and followup. So I feel not alone :-)

 

Delan009

8-) can't say for sure but don't think there is anything wrond with this switch. Just tried on same switch and everything is working fine but let's see. Can you please remove ip default-geway command from your config? Do you need dynamic routing protocol? I see you using rip but from the diagram I only see directly connected routes from the switch. If you don't need dynamic routing can you also please delete router rip from confgiuration. Let's now first make sure PC1 and PC2 can big their own gateways and each other when connected on the same switch. Than we will move to other switches and to internet gateway.

Hi,

first of all... does your GW(10.70.200.254) know of VLAN100?

 

to test you must change gateway of PC1 to 10.70.200.11,

then try your pingtests again.

you now should be able to ping PC2 from P

 

my guess would be that you are only missing a route on the gateway...!

hth..

Alex

Hi ALex,

 

That would indeed explain traffic comming from the PFsense so internet  but traffic between PC1 en PC2 needs to be routed via 2930f from what I understood. 

Hi Dobias

I hard reseted the switch. So I'm sure there is nothing else.

Here the sh running

Core(config)# sh ru

Running configuration:

; JL259A Configuration Editor; Created on release #WC.16.03.0004
; Ver #10:08.3f.ff.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:7e
hostname "Core"
module 1 type jl259a
ip routing
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 13-14
untagged 1-12,15-28
ip address 10.70.200.11 255.255.255.0
exit
vlan 100
name "Test"
untagged 13-14
tagged 24
ip address 10.70.201.12 255.255.255.0
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

 

It's as easy as possible

PC1 in port 1 :

ip : 10.70.200.101 gw : 10.70.200.11 (int address)

PC2 in port 13 :

ip : 10.70.201.102 gw :10.70.201.12 (the int.address)

 

PC1 ping :

it's own : ok

to int 10.70.200.11 : ok

to pfsense 10.70.200.254 : ok

to other int 10.70.201.12 : nok

to pc2 ok

to internet : nok

 

PC2 ping:

it's own : ok

to int 10.70.201.12 : ok

to pfsense : nok

to int 10.70.200.11 : ok

to pc1 : nok

to internet : nok

 

With pc1 and gw:10.70.200.254 ----> internet ok

for pc2 no other results

 

Thank you very much. The switch looks fine now. From your ping results I can see it's still not correct. At least from PC1 and PC2 you must be able to ping both VLAN IP's and PC's. Could it be that you maybe have dual default GW configured on the PC's or one of them or a FW that's enabled?

Hi,

 

on your switch you are now missing the default route...

ip route 0.0.0.0 0.0.0.0 10.70.200.254

 

and at the pfsense....

you need to add a route with destination 10.70.201.0 with gateway 10.70.200.11

 

and check if your PCs have the local firewall enabled

 

hth...

Alex

Hi Alex,

 

That's correct but pfsense is only needed when sending traffic to internet. PC to PC will go via 2930f. My feeling is also local firewall on PC's or dual default gateway or something. 

Hi

here the sh ru :

Core(config)# sh run

Running configuration:

; JL259A Configuration Editor; Created on release #WC.16.03.0004
; Ver #10:08.3f.ff.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:7e
hostname "Core"
module 1 type jl259a
ip route 0.0.0.0 0.0.0.0 10.70.200.254
ip routing
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 13-14
untagged 1-12,15-28
ip address 10.70.200.11 255.255.255.0
exit
vlan 100
name "Test"
untagged 13-14
tagged 24
ip address 10.70.201.12 255.255.255.0
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

 

So you see the route is added.

 

The only that I can say is :

If I set the GW from PC1 to 10.70.200.11 then I can ping both interfaces and also the pc2.

On pc2 i have echo demand for virtual machines on.

 

So for the moment with this configuration I can ping from pc1 to pp2 and reverse

With pc1 I can ping 8.8.8.8 and not with pc2.

I will now try to add the route on my pfsense (201 to 200)

Thx

 

 

Great now we have first step done and that's the local routing on 2930f. That's working now due to fact PC's can ping each other. I can see you already added the default gateway on the switch. Indeed next step is to make sure pfsense understands the route back to vlan 100 as Alex already mentioned. 

Hi,

I think from now on, the problem is in my pfsense i gues

Delan009

 

I think so. You need to create static back to VLAN 100. Hope you get all working soon. Let me know if you need any help.

Thank you all for help !!!

 

Delan009

You're more than welcome!

Met vriendelijke groet / Kind regards,


[ruba-hp-signature-2_160x105.jpg]

Dobias van Ingen
EMEA CTO and SE Director
UC & C: + 31202450591 | M: +31 651 785440 | @networkingdvi
Startbaan 16 | 1187 XR Amstelveen | Netherlands

WWW.ARUBANETWORKS.COM| FOLLOW US | Twitter | LinkedIn

Hi

Yes that is possible. I can ping to the VLAN IP's

 

Delan009