vlan routing problem HP procurve 2650 can't see a VLAN

I'm at a company that has a VPN into the whse from a distributor.  The company would like to do wireless scanning directly into the distributor's system.  I set up a VLAN on our HP procurve switch where the port assigned to the VLAN is directly connected to their cisco 800 router.  If i log into the switch I can ping any address on the distributor's network I want.  From outside the switch (default or VLAN1) I cannot ping anything on the distributors network.  

I think that the problem is that the distributor needs to put a route on their side so that their network knows how to route packets back to our network.  The IT people at the distributor's site are telling me that I have a configuration error.  I think i have my configuration correct and would like some expert opinions on my setup to see if i indeed have my side setup before i start pushing their IT people.

The IP addresses have been changed but they are all in the same classes as the original.

I attached a diagram of the config.  Hopefully someone will spot my error or let me know it should be ok so i can start pushing their IT people.

thanks experts
experts-diagram.doc
kbtechnicalAsked:
Who is Participating?
 
Rick_O_ShayCommented:
Yes you ou need a route to their site with the next hop of their router and they need a route to your site with a next hop of your router.
0
 
lanboyoCommented:
Hard to say, but I would delete this route on the HP:


ip route 10.10.7.0 255.255.255.240 10.10.7.1

As it seems like it would conflict with the normal interface connected route, 10.10.7.6 . There is no similar route for 192.168.2.0.

It might work anyway though. Does the HP have an arp entry for 10.10.7.1 ?

If the users on the 192.168.200.0/24 network can ping 10.10.7.6 but not 10.10.7.1, that seems to indicate that the 800 does not have a route back to the 192.168.200.0 network.


0
 
kbtechnicalAuthor Commented:
@lanboyo

That 10.10.7.0 route was thrown in there in desperation :)  I will remove it.  

the 192.168.200.0 network cannot ping anything on the 10 network.  when i traceroute it, it stops at the switch which is why i suspected that routed were needed on their side so the packets can find their way back..  

As far as i know they are not running OSPF or RIP.  I know i am not running either on that VLAN.  I am waiting to hear from their side if they are running either.  At this point I'm going to push for them to at least put a route on the 800 and try my tests again.

thanks all  will keep you updated
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
lanboyoCommented:
If you can not ping the 10.10.7.6 ip from the 192.168.200.0/24 desktops then the problem is on your side. What is the default route for the workstations? Does it match the ip of the HP on that vlan?
0
 
lanboyoCommented:
Because 10.10.7.6 is on your switch....
0
 
Rick_O_ShayCommented:
The Cisco 800 needs a route to the 192.168.2.0 and 192.168.200.0 networks with a next hop of your switch 10.10.7.6.
I don't think you have shown the routes on the 800 right?
0
 
kbtechnicalAuthor Commented:
from the 192 network we can ping the 10.10.7.6 on the switch but we can't ping any of the addresses behind the Cisco800.  From the switch management console we can ping all addresses.  Our thought is the Cisco 800 is letting the traffic back to the 10.10.7.6 interface (as it should) but if it sees any coming from the 192 it will not allow it to return or the packet just doesn't know how to return.  

We have not shown routes for the 800 as we don't know how that is setup.  The admin of the 800 clearly stated that he does not have to setup any routes.  Our only thought on that is that they have dynamic routing setup but haven't told us that either.  We were hoping for collective agreement here that the 800 does either require static routes as Rick O Shay confirmed OR that Dyanamic Routing was required.  We are sure either static or dynamic is required and that it just cannot be left to our side to determine all routes to and from.

We may just enable OSPF on that VLAN and see if we can send any packets until we hear back from the 800 admin.  Although that won't help if the 800 employs a different dynamic routing protocal.
0
 
Rick_O_ShayCommented:
You can ping from your switch to those remote address behind the 800 router because the source of the packet from the switch is 10.10.7.6 and the 800 has a route to that network because it is directly connected to it.

For the same reason your internal devices can hit 10.10.7.6 because your switch knows about both networks.

If you enable OSPF on your side they have to do that also on the 800. This would take care of getting the routes into the 800 but is way overkill.
0
 
kbtechnicalAuthor Commented:
Once they got through their change management and security review they put the routes on their side and everything  came right up.

Thanks for confirming my suspicions
0
 
kbtechnicalAuthor Commented:
Sorry for such a long wait on closing this.  It took them a while to go through change management and security review When they added the routes everything came right up.  Thanks guys for confirming my suspicions .
0
 
Rick_O_ShayCommented:
Have a good weekend.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.