Wired Intelligent Edge

last person joined: 17 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

create vlan and route to interface

This thread has been viewed 2 times

  • 1.  create vlan and route to interface

    Posted Jun 25, 2020 02:03 AM

    we have 3 aruba switch  one of them connected to firewall interface 

     

    the main LAN 10.20.90.0/24

    and i need to create another vlan 10.20.91.0/24 it will used for ip phone.

     

    this new vlan should communicate over mpls line to another LAN(10.20.45.0/22)

     

    we do not have control over firewall (controlled by third party) we contact them and they create behind route interface for the new VLAN under firewall .

    Presentation1.png

    my problem there is no traffic go to interface from vlan.

    i can not ping to 10.20.91.1,10.20.45.1

    this configuration for 3 switch :-

    10.20.90.13

    ---------------------------------------------------

    LANDING-SW(config)# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "LANDING-SW"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.13 255.255.255.0
    ip helper-address 10.20.40.62
    exit
    vlan 91
    name "VOCIP"
    tagged 1-52
    ip address 10.20.91.13 255.255.255.0
    exit
    vlan 92
    name "VOICE-VLAN"
    tagged 1-52
    ip address 10.20.92.13 255.255.255.0
    exit
    vlan 199
    name "VLAN199"
    ip address 10.20.119.0 255.255.252.0
    exit
    primary-vlan 92
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    LANDING-SW(config)#

    ----------------------------------------------------------

    10.20.90.11

    -------------------------------------------------------

    PLANNING-SW1# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "PLANNING-SW1"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    ip route 0.0.0.0 0.0.0.0 10.20.91.1
    ip route 10.20.91.0 255.255.255.0 10.20.91.1
    ip routing
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.11 255.255.255.0
    exit
    vlan 91
    name "VOCIP"
    tagged 1-49
    ip address 10.20.91.11 255.255.255.0
    exit
    vlan 92
    name "VOICE-VLAN"
    tagged 1-49
    ip address 10.20.92.11 255.255.255.0
    voice
    exit
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    PLANNING-SW1#

    ---------------------------------------

    10.20.90.12

    -------------------------------------------------------------

    PLANNING-SW2# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "PLANNING-SW2"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.12 255.255.255.0
    exit
    vlan 91
    name "VOCIP"
    tagged 1-52
    ip address 10.20.91.12 255.255.255.0
    exit
    vlan 92
    name "VOICE_VLAN"
    tagged 1-52
    ip address 10.20.92.12 255.255.255.0
    voice
    exit
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    PLANNING-SW2#

     



  • 2.  RE: create vlan and route to interface

    MVP GURU
    Posted Jun 25, 2020 07:05 PM

    Hi! Why your Firewall is not directly connected to the Aruba switch which is performing IPv4 routing? ...just curious about topology shown.

     

    Another interesting thing is this (the Switch is PLANNING-SW1 10.20.90.11):

    ip default-gateway 10.20.90.1
ip route 0.0.0.0 0.0.0.0 10.20.91.1
ip route 10.20.91.0 255.255.255.0 10.20.91.1
ip routing

    I don't understand (a) why ip default-gateway is configured if the IPv4 Routing service is enabled (it doesn't harm but it is not useful) and (b) why there is the 10.20.91.0/24 via 10.20.91.1 static route IF the Firewall is physically (in)directly connected to PLANNING-SW1 (because the Firewall is physically directly connected to LANDING-SW 10.20.90.13) and both the PLANNING-SW1 10.20.90.11 and the Firewall stay within the same network segment 10.20.91.0/24 (indeed all listed switches have VLAN 91 with SVI address exactly on the 10.20.91.0/24 network).



  • 3.  RE: create vlan and route to interface

    Posted Jun 28, 2020 01:23 AM

    thanks 

     

    sire the firewall connected directly to switch(landing:10.20.90.13) but it use one interface  for (10.20.90.0/24) Now we create another VLAN under these 3 switch  what i need is to to route traffic from valn to 10.20.90.1

    i put default gateway 10.20.90.1 but no traffic go outside to interface

    10.20.90.1 even it try static route for testing but without luck ,i do not Know what i miss

     

    and firewall already configure to accepted traffic from VLAN 91 and route it to destination another LAN.

     

    if the configuration wrong can you please guide me .