The issue with your configuration is the Comware's limitation that does not allow you to have VLAN mapping and routing of the mapped VLANs on the same device. If I remember correctly it was somehow connected to the ARP table, but I can't recall all the details right now.
You need another switch between your premises and your ISP that will perform the VLAN translation. Or move the routing between VLAN 33 and other VLANs to another device.
Original Message:
Sent: Mar 10, 2022 05:24 PM
From: Daniel Dudkin
Subject: HP FlexFabric 5700 (Comware) VLAN 1-to-1 Mapping. ISP assigned vlan I already use
vlan 33description New VLAN on my sidevlan 10description Existing VLAN on my side. ISP's new drop has this tagged the same
==Standard VLAN ATTEMPT== Working!
In this port is the drop from my ISP:interface Ten-GigabitEthernet1/0/2 description ISP DROP port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10In this port is a trunk with vlan 10:interface Ten-GigabitEthernet2/0/21 description VMUPLINK port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 200 300 400 601#Simple access port:interface Ten-GigabitEthernet2/0/22 description Test VLAN10 port access vlan 10#Test Vlan interface in existing VLAN 10interface Vlan-interface10 ip address 142.84.55.62 255.255.255.252I can now ping 142.84.55.61 (IP modified for the internet but it is indeed a /30) from:1. The Vlan interface2. the access port 2/0/223. a VM in a Port Group assigned vlan id 10
==VLAN MAPPING ATTEMPT== Not working!
In this port is the drop from my ISP:interface Ten-GigabitEthernet1/0/2 description ISP DROP port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 33 10 vlan mapping 10 translated-vlan 33In this port is a trunk with vlan 33 and a vlan in it:interface Ten-GigabitEthernet2/0/21 description VMUPLINK port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 33 200 300 400 601#This port is a simple access port in 33interface Ten-GigabitEthernet2/0/22 description Test VLAN33 port access vlan 33#Attempted Vlan interface in New VLAN 33interface Vlan-interface33 ip address 142.84.55.62 255.255.255.252I can't ping 142.84.55.61 (IP modified for the internet but it is indeed a /30) from neither:1. The Vlan interface2. the access port 2/0/223. a VM in a Port Group assigned vlan id 33
I thought along the same routes. Its clear the CPE expects a vlan tag of 10 based on testing. I've been lead to believe the "vlan mapping 10 translated-vlan 33" is enough. I tried adding the reverse as well for testing, but no go. Do you see anything obvious missing?
------------------------------
Daniel Dudkin
Original Message:
Sent: Mar 10, 2022 02:46 PM
From: Alexander Maroukian
Subject: HP FlexFabric 5700 (Comware) VLAN 1-to-1 Mapping. ISP assigned vlan I already use
Hello Daniel,
Mapping is used for inbound packets on a port. This means that if you have one port towards your network and one to the provider you can map them accordingly and remap the traffic. The issue could be that you are sending the traffic with the wrong vlan tag towards the ISP and you are not remaping the traffic back to vlan 10 for ISP traffic. Also there is an issue how you route the traffic when you have vlan 10 in your network. If you use routed ports does the traffic pass properly? It so you may use l3 port towards the provider.
Hope this helps!
------------------------------
-Alex
Original Message:
Sent: Mar 08, 2022 04:25 PM
From: Daniel Dudkin
Subject: HP FlexFabric 5700 (Comware) VLAN 1-to-1 Mapping. ISP assigned vlan I already use
I have a new feed from an ISP, that would be slow to respond to any change requests.
They tagged this drop with a vlan ID of 10, which I happen to already be using on my switches.
I want a brand new vlan (let's say 33) for this.
Is it possible on HP flexfabric to take this feed, strip the 10 and put it in 33 on my side?
This is working (but undesired):
interface T1/0/2port link-type trunkport trunk permit vlan 10
I can then put a VirtualMachine in Vlan10 or even assign a VLAN-Interface10 on the switch itself and ping the ISP's gateway.
What I WANT to do is essentially retag anything coming in on vlan 10, as vlan 33 on my side - and vice versa. With loads of reading I tried this:
(Vlan 10 already exists on my side, Vlan 33 is new)
interface Ten-GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 33 10 vlan mapping 33 translated-vlan 10
or
interface Ten-GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 33 10 vlan mapping 10 translated-vlan 33
Have also tried inserting both vlan mapping statements.
I've also tried various iterations of a hybrid port and setting 10 as tagged and 33 as untagged & vice-versa.
I feel like I'm missing something silly and driving myself mad.
Is there anyone that could provide some insight?