asked on 5/18/2011

VLANs on HP Procurve and Sonicwall

Hello all. I have 2 separate networks setup with 2 procurve 5406 switches connected via fiber with sonicwall gateways on either end. I have gotten to the point where I can ping devices on either end, however that is all I can do. I can't telnet, rdp, etc. either way. Below are the configurations and traceroutes from each end. I'm at a loss as to why I can ping, but nothing else.

Thanks in advance!

Tracing route to EXCHANGESVR [192.168.35.3]
over a maximum of 30 hops:

1 2 ms 2 ms 2 ms 192.168.1.254
2 1 ms 1 ms 1 ms 192.168.100.1
3 <1 ms <1 ms <1 ms EXCHANGESVR [192.168.35.3]

Trace complete.

; J8697A Configuration Editor; Created on release #K.14.41

hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
ip default-gateway 192.168.1.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B23,C1-C21,C23-C24
ip address 192.168.1.254 255.255.255.0
no untagged B24,C22
exit
vlan 100
name "VLAN100"
untagged B24,C22
ip address 192.168.100.2 255.255.255.0
exit
ip route 192.168.32.0 255.255.252.0 192.168.100.1
snmp-server community "public" unrestricted

Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.32.1
2 2 ms 2 ms 2 ms 192.168.100.2
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2]

Trace complete.

; J8697A Configuration Editor; Created on release #K.15.04.0003
; Ver #01:00:01

hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
module 4 type J8705A
module 5 type J8705A
interface B6
speed-duplex auto-10-100
exit
interface B10
speed-duplex auto-10-100
exit
ip default-gateway 192.168.35.50
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B19,B21-B24,C1-C20,C22-C24,D1-D24,E1-E24
ip address 192.168.32.1 255.255.252.0
no untagged B20,C21
exit
vlan 100
name "VLAN100"
untagged B20,C21
ip address 192.168.100.1 255.255.255.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
power-over-ethernet pre-std-detect
no ip ssh
ip route 192.168.1.0 255.255.255.0 192.168.100.2
snmp-server community "public" unrestricted
snmp-server host 192.168.35.23 community "public"
snmp-server host 192.168.35.33 community "public"
snmp-server host 192.168.35.34 community "public"
snmp-server contact "IT Department" location "Server Room"

Switches / Hubs

Last Comment

mchit

5/18/2011

jakethecatuk

5/18/2011

stupid question for you - have you checked the Sonicwall's at both ends to make sure they are configured to allow the traffic you are expecting.

mchit

5/18/2011

ASKER

I understand why you asked that because it acts like a firewall issue, however I have the following routes and firewall rules setup on each end:

Zone: LAN to Zone: LAN Source: 192.168.32.0/22, 192.168.100.0/24 Destination: 192.168.1.0/24 Service: ANY

Route
Source: ANY Destination: 192.168.1.0/24 Service: ANY Gateway: 192.168.100.1

The other sonicwall is setup the same way.

Thanks!

jakethecatuk

5/18/2011

what do the logs on the Sonicwall tell you - are they passing the traffic?

mchit

5/18/2011

ASKER

The sonicwalls don't show anything. From the traceroutes, the traffic isn't even going through the Sonicwalls. Here is the tracert from my pc(192.168.32.28/22) to a workstation on the other switch(192.168.1.2/24). My pc's gateway is 192.168.35.50 which is the sonicwall.

Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.32.1 <- my pc is connected to this switch (vlan 1)
2 2 ms 2 ms 2 ms 192.168.100.2 <- vlan 100 on other switch
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2] <- connected to vlan 1 on other switch

Thanks!

jakethecatuk

5/18/2011

Ah - thought the 192.168.100.2 address was a sonic wall - not a switch on the other network (wasn't paying attention clearly).

ok - so it's switch to switch. ACL's on the switches could be involved with this - have you set any up yet for your inter-vlan routing?

mchit

5/18/2011

ASKER

There are no ACL's setup on either switch.

jakethecatuk

5/18/2011

maybe not having an ACL is the problem.

in theory, the inter-vlan routing should default to open when there is nothing else in place, but its the only other thing I can think

may be worth creating a simple ACP to allow a particular protocol to pass over.

only other thing that springs to mind is the default gateway for the devices at each end - is the sonicwalls or the switches?

if it's the sonic walls, might be worth putting an explicit route in place for the subnets involved on a machine at each end to see if that helps

mchit

5/18/2011

ASKER

The default gateways are the sonicwalls for both ends.

I put an explicit route on my pc:
route add 192.168.1.0 255.255.255.0 192.168.32.1

and also on a pc on the other switch
route add 192.168.32.0 255.255.252.0 192.168.1.1

This allows me to rdp, telnet, etc. so this is what I am trying to accomplish, but I don't want to have to add routes to each pc. So looking at the routes on each switch, what should be changed?

Route on 192.168.1.254 switch:
ip route 192.168.32.0 255.255.252.0 192.168.100.1

Route on 192.168.32.1 switch:
ip route 192.168.1.0 255.255.255.0 192.168.100.2

ASKER CERTIFIED SOLUTION

jakethecatuk

5/18/2011

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

mchit

5/18/2011

ASKER

Ok, I changed the static route on the sonicwall to point to the switches vlan 1 ip instead of the vlan 100 and all is working. Not sure if its the correct way, but for now it will work fine.

Thanks alot for your help Jake!