?
Solved

procurve 2650.  Routing subnets through the switch

Posted on 2009-04-29
8
Medium Priority
?
924 Views
Last Modified: 2012-05-06
This is my first experience using a layer 3 switch so i'm sure i'm missing something.  I read a few of the other procurve switch posts on here but i still must me missing something.  

Heres the layout:
network 1
192.168.20.0  internet gateway 192.168.20.2

Network 2
192.168.40.0 internet gateway 192.168.40.2

What i would like to accomplish:
We merged with another company and are now occupying the same building. they have multiple subnets under 192.168 that can all see each other.  We have one network (192.168.20.0)  We would like to share some resources so that we don't have to duplicate equipment.  We needed a new switch so i bought a layer3 switch figuring that I could use that switch to connect the two networks.   My thinking was that we could assign a port on the switch to our network, assign a port on the switch to their network and let the switch do the routing between the two with minimal changes to existing ip addresses.  We don't want to completely merge the networks but sharing a few devices would make things much simpler.

At the moment I can ping the address that they gave me (that i assigned to a port on the switch) from our network but I cannot ping through the switch to other ip addresses on their side.

here is the running config

cdp run
ip default-gateway 192.168.20.2
ip routing
snmp-server community "public" Unrestricted
vlan 1
     name "DEFAULT_VLAN"
     untagged 1-45,47,49-50
     ip addresses 192.168.20.252 255.255.255.0
     no untagged 46,48
     exit
vlan 2
     name "NEWCO"
     untagged 46,48
     ip addresses 192.168.40.50 255.255.255.0
     exit

HP ProCurve Switch 2650#

On our (20 network)sonicwall router I have the following route
source any
 Destination 192.168.40.0
service any  
Gateway 192.168.20.252  
 metric 20  priority 1

So now from anywhere on the 20 network I can ping 192.168.40.50 but nothing else on the 40 or their other networks.
Any help pointing out what i am missing would be greatly appreciated.

thanks

0
Comment
Question by:kbtechnical
  • 4
  • 3
8 Comments
 
LVL 7

Expert Comment

by:Onlyodin
ID: 24266438
The configuration you have looks good - however you need the machines (on both sides) to know how to get to the other network, by means of adding a route, either a route on each machine, or a route from whatever their equivalent of your sonicwall router is.

Otherwise, your ping will be reaching their network, and they'll try to send it back via their default route (ie. their firewall or internet link).
0
 
LVL 3

Expert Comment

by:yegs2000
ID: 24267169
well, adding a route to the "machines" is not efficient nor the proper way to do things in my opinion. You can add routes on the switch itself though to tell it where the next hop destination is to send packets. Not sure about the terminology with an HP switch (I work with Cisco devics) but they should all be fairly similar.

on a cisco device you would type the command:

ip route <destination network> <destination network mask> <next hop address>

Adding statements such as this on the switch will direct the traffic destined to those networks to travel through the next hope device and consequently be routed to their proper destinations.

Let me know if you have any other questions.

Best,
-Yegs
0
 

Author Comment

by:kbtechnical
ID: 24274467
Yegs,
            This is what I was looking for.  I was thinking that I needed to add a route on the switch to tell it where to go once it gets to the switch.  As i posted i can get to the .40 network address on the switch but nothing past it.  I though i was missing something on the switch to tell it where to go once it got to the .40 address on the switch.  I'm assuming i would create a route from the .40 address on the switch to the main router on the .40 network which should then give me access to their whole network.  I will probably have to put a route on their main router pointing at our network so they can see us as well.

I did not see anything like that in the telnet menu that i get when i telnet into the switch but i will see if i can find a better guide on hp's website.

thanks
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 7

Expert Comment

by:Onlyodin
ID: 24276070
yegs2000 is correct in saying it is not efficient to add routes on individual machines, but adding a route on the switch is the wrong place.  The switch already has interfaces on both networks, so it already knows how to get to both networks - a route is not needed here, just the 'ip routing' command which tells the switch to route between networks.

You will need to add a route on whatever device the machines have as their default gateway, ie the 'main router' on the .40 network that you mentioned.

If it's a cisco router, the command would be as yegs2000 described:

ip route 192.168.20.0 255.255.255.0 192.168.40.50


That way when machines on the .40. network want to get to the .20. network, they will go to their default gateway which will in turn forward the packets to the layer 3 switch - you've already described setting the reverse route up on your sonicwall router for the .20. network.
0
 

Author Comment

by:kbtechnical
ID: 24287642
@onlyodin
                    If that's the case then shouldn't I be able to ping any address on the 40 network from the 20 network as it stands?  Right now I cannot.  on our sonicwall we have the following route

source any
 Destination 192.168.40.0
service any  
Gateway 192.168.20.252  

20.252 is the the ip address i gave the switch.  40.50 is the address i gave the port on the switch that i have their cable plugged in.  i can ping 40.50 but cannot ping 40.1 or 2.  should i change the route on the router so that the gateway for the 40 network is 40.50 and not 20.252?
0
 
LVL 7

Accepted Solution

by:
Onlyodin earned 2000 total points
ID: 24292681
192.168.40.50 is your Layer 3 Switch isn't it?

Because the switch has interfaces on both the .20. and .40. networks it already knows how to get to both of these networks, so it knows where to send the response to a ping from the .20. network.

If you want to test my theory, set the following route on a workstation/machine on the .40. subnet and you will be able to ping this machine from the .20. network and vice versa:

route add 192.168.20.0 mask 255.255.255.0 192.168.40.50

The above route will disappear when you reboot the machine, but will allow you demonstrate the route.

The route you have on the sonicwall router is correct - if you change it or delete you will not be able to ping 192.168.40.50 any more.

Like I said above, you need to add a route on whatever the .40.'s default router is, you have everything correct on the .20. network already.
0
 

Author Comment

by:kbtechnical
ID: 24298497
thanks you were correct.  Putting that route on their PC gave me access to our entire network.  I just submitted a request with their admin to get that route installed on their gateway.  Once i get that done and tested I'll close out this question.  Thanks again for the help.  


Now i just have to keep them from invading our network! hahaha  we're a little stricter then they are.  Too bad i cannot allow access by mac address at the switch.


thanks
0
 

Author Comment

by:kbtechnical
ID: 24298862
never mind.  I can filter by mac address.  : )
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question