?
Solved

vlan routing problem HP procurve 2650  can't see a VLAN

Posted on 2010-01-08
11
Medium Priority
?
1,028 Views
Last Modified: 2012-05-09
I'm at a company that has a VPN into the whse from a distributor.  The company would like to do wireless scanning directly into the distributor's system.  I set up a VLAN on our HP procurve switch where the port assigned to the VLAN is directly connected to their cisco 800 router.  If i log into the switch I can ping any address on the distributor's network I want.  From outside the switch (default or VLAN1) I cannot ping anything on the distributors network.  

I think that the problem is that the distributor needs to put a route on their side so that their network knows how to route packets back to our network.  The IT people at the distributor's site are telling me that I have a configuration error.  I think i have my configuration correct and would like some expert opinions on my setup to see if i indeed have my side setup before i start pushing their IT people.

The IP addresses have been changed but they are all in the same classes as the original.

I attached a diagram of the config.  Hopefully someone will spot my error or let me know it should be ok so i can start pushing their IT people.

thanks experts
experts-diagram.doc
0
Comment
Question by:kbtechnical
  • 4
  • 4
  • 3
11 Comments
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 1000 total points
ID: 26223274
Yes you ou need a route to their site with the next hop of their router and they need a route to your site with a next hop of your router.
0
 
LVL 10

Assisted Solution

by:lanboyo
lanboyo earned 1000 total points
ID: 26224951
Hard to say, but I would delete this route on the HP:


ip route 10.10.7.0 255.255.255.240 10.10.7.1

As it seems like it would conflict with the normal interface connected route, 10.10.7.6 . There is no similar route for 192.168.2.0.

It might work anyway though. Does the HP have an arp entry for 10.10.7.1 ?

If the users on the 192.168.200.0/24 network can ping 10.10.7.6 but not 10.10.7.1, that seems to indicate that the 800 does not have a route back to the 192.168.200.0 network.


0
 

Author Comment

by:kbtechnical
ID: 26260191
@lanboyo

That 10.10.7.0 route was thrown in there in desperation :)  I will remove it.  

the 192.168.200.0 network cannot ping anything on the 10 network.  when i traceroute it, it stops at the switch which is why i suspected that routed were needed on their side so the packets can find their way back..  

As far as i know they are not running OSPF or RIP.  I know i am not running either on that VLAN.  I am waiting to hear from their side if they are running either.  At this point I'm going to push for them to at least put a route on the 800 and try my tests again.

thanks all  will keep you updated
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:lanboyo
ID: 26274594
If you can not ping the 10.10.7.6 ip from the 192.168.200.0/24 desktops then the problem is on your side. What is the default route for the workstations? Does it match the ip of the HP on that vlan?
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 26274701
Because 10.10.7.6 is on your switch....
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26278207
The Cisco 800 needs a route to the 192.168.2.0 and 192.168.200.0 networks with a next hop of your switch 10.10.7.6.
I don't think you have shown the routes on the 800 right?
0
 

Author Comment

by:kbtechnical
ID: 26282868
from the 192 network we can ping the 10.10.7.6 on the switch but we can't ping any of the addresses behind the Cisco800.  From the switch management console we can ping all addresses.  Our thought is the Cisco 800 is letting the traffic back to the 10.10.7.6 interface (as it should) but if it sees any coming from the 192 it will not allow it to return or the packet just doesn't know how to return.  

We have not shown routes for the 800 as we don't know how that is setup.  The admin of the 800 clearly stated that he does not have to setup any routes.  Our only thought on that is that they have dynamic routing setup but haven't told us that either.  We were hoping for collective agreement here that the 800 does either require static routes as Rick O Shay confirmed OR that Dyanamic Routing was required.  We are sure either static or dynamic is required and that it just cannot be left to our side to determine all routes to and from.

We may just enable OSPF on that VLAN and see if we can send any packets until we hear back from the 800 admin.  Although that won't help if the 800 employs a different dynamic routing protocal.
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26283295
You can ping from your switch to those remote address behind the 800 router because the source of the packet from the switch is 10.10.7.6 and the 800 has a route to that network because it is directly connected to it.

For the same reason your internal devices can hit 10.10.7.6 because your switch knows about both networks.

If you enable OSPF on your side they have to do that also on the 800. This would take care of getting the routes into the 800 but is way overkill.
0
 

Author Closing Comment

by:kbtechnical
ID: 31696228
Once they got through their change management and security review they put the routes on their side and everything  came right up.

Thanks for confirming my suspicions
0
 

Author Comment

by:kbtechnical
ID: 26944249
Sorry for such a long wait on closing this.  It took them a while to go through change management and security review When they added the routes everything came right up.  Thanks guys for confirming my suspicions .
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26944818
Have a good weekend.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question