mchit
asked on
VLANs on HP Procurve and Sonicwall
Hello all. I have 2 separate networks setup with 2 procurve 5406 switches connected via fiber with sonicwall gateways on either end. I have gotten to the point where I can ping devices on either end, however that is all I can do. I can't telnet, rdp, etc. either way. Below are the configurations and traceroutes from each end. I'm at a loss as to why I can ping, but nothing else.
Thanks in advance!
Tracing route to EXCHANGESVR [192.168.35.3]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms 192.168.1.254
2 1 ms 1 ms 1 ms 192.168.100.1
3 <1 ms <1 ms <1 ms EXCHANGESVR [192.168.35.3]
Trace complete.
; J8697A Configuration Editor; Created on release #K.14.41
hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
ip default-gateway 192.168.1.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B23,C1-C21,C23-C
ip address 192.168.1.254 255.255.255.0
no untagged B24,C22
exit
vlan 100
name "VLAN100"
untagged B24,C22
ip address 192.168.100.2 255.255.255.0
exit
ip route 192.168.32.0 255.255.252.0 192.168.100.1
snmp-server community "public" unrestricted
Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.32.1
2 2 ms 2 ms 2 ms 192.168.100.2
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2]
Trace complete.
; J8697A Configuration Editor; Created on release #K.15.04.0003
; Ver #01:00:01
hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
module 4 type J8705A
module 5 type J8705A
interface B6
speed-duplex auto-10-100
exit
interface B10
speed-duplex auto-10-100
exit
ip default-gateway 192.168.35.50
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B19,B21-B24,C1-C
ip address 192.168.32.1 255.255.252.0
no untagged B20,C21
exit
vlan 100
name "VLAN100"
untagged B20,C21
ip address 192.168.100.1 255.255.255.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
power-over-ethernet pre-std-detect
no ip ssh
ip route 192.168.1.0 255.255.255.0 192.168.100.2
snmp-server community "public" unrestricted
snmp-server host 192.168.35.23 community "public"
snmp-server host 192.168.35.33 community "public"
snmp-server host 192.168.35.34 community "public"
snmp-server contact "IT Department" location "Server Room"
Thanks in advance!
Tracing route to EXCHANGESVR [192.168.35.3]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms 192.168.1.254
2 1 ms 1 ms 1 ms 192.168.100.1
3 <1 ms <1 ms <1 ms EXCHANGESVR [192.168.35.3]
Trace complete.
; J8697A Configuration Editor; Created on release #K.14.41
hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
ip default-gateway 192.168.1.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B23,C1-C21,C23-C
ip address 192.168.1.254 255.255.255.0
no untagged B24,C22
exit
vlan 100
name "VLAN100"
untagged B24,C22
ip address 192.168.100.2 255.255.255.0
exit
ip route 192.168.32.0 255.255.252.0 192.168.100.1
snmp-server community "public" unrestricted
Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.32.1
2 2 ms 2 ms 2 ms 192.168.100.2
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2]
Trace complete.
; J8697A Configuration Editor; Created on release #K.15.04.0003
; Ver #01:00:01
hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8705A
module 4 type J8705A
module 5 type J8705A
interface B6
speed-duplex auto-10-100
exit
interface B10
speed-duplex auto-10-100
exit
ip default-gateway 192.168.35.50
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B19,B21-B24,C1-C
ip address 192.168.32.1 255.255.252.0
no untagged B20,C21
exit
vlan 100
name "VLAN100"
untagged B20,C21
ip address 192.168.100.1 255.255.255.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
power-over-ethernet pre-std-detect
no ip ssh
ip route 192.168.1.0 255.255.255.0 192.168.100.2
snmp-server community "public" unrestricted
snmp-server host 192.168.35.23 community "public"
snmp-server host 192.168.35.33 community "public"
snmp-server host 192.168.35.34 community "public"
snmp-server contact "IT Department" location "Server Room"
jakethecatuk
stupid question for you - have you checked the Sonicwall's at both ends to make sure they are configured to allow the traffic you are expecting.
ASKER
I understand why you asked that because it acts like a firewall issue, however I have the following routes and firewall rules setup on each end:
Zone: LAN to Zone: LAN Source: 192.168.32.0/22, 192.168.100.0/24 Destination: 192.168.1.0/24 Service: ANY
Route
Source: ANY Destination: 192.168.1.0/24 Service: ANY Gateway: 192.168.100.1
The other sonicwall is setup the same way.
Thanks!
Zone: LAN to Zone: LAN Source: 192.168.32.0/22, 192.168.100.0/24 Destination: 192.168.1.0/24 Service: ANY
Route
Source: ANY Destination: 192.168.1.0/24 Service: ANY Gateway: 192.168.100.1
The other sonicwall is setup the same way.
Thanks!
what do the logs on the Sonicwall tell you - are they passing the traffic?
ASKER
The sonicwalls don't show anything. From the traceroutes, the traffic isn't even going through the Sonicwalls. Here is the tracert from my pc(192.168.32.28/22) to a workstation on the other switch(192.168.1.2/24). My pc's gateway is 192.168.35.50 which is the sonicwall.
Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.32.1 <- my pc is connected to this switch (vlan 1)
2 2 ms 2 ms 2 ms 192.168.100.2 <- vlan 100 on other switch
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2] <- connected to vlan 1 on other switch
Thanks!
Tracing route to BMCPASERVER [192.168.1.2]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.32.1 <- my pc is connected to this switch (vlan 1)
2 2 ms 2 ms 2 ms 192.168.100.2 <- vlan 100 on other switch
3 <1 ms <1 ms <1 ms BMCPASERVER [192.168.1.2] <- connected to vlan 1 on other switch
Thanks!
Ah - thought the 192.168.100.2 address was a sonic wall - not a switch on the other network (wasn't paying attention clearly).
ok - so it's switch to switch. ACL's on the switches could be involved with this - have you set any up yet for your inter-vlan routing?
ok - so it's switch to switch. ACL's on the switches could be involved with this - have you set any up yet for your inter-vlan routing?
ASKER
There are no ACL's setup on either switch.
maybe not having an ACL is the problem.
in theory, the inter-vlan routing should default to open when there is nothing else in place, but its the only other thing I can think
may be worth creating a simple ACP to allow a particular protocol to pass over.
only other thing that springs to mind is the default gateway for the devices at each end - is the sonicwalls or the switches?
if it's the sonic walls, might be worth putting an explicit route in place for the subnets involved on a machine at each end to see if that helps
in theory, the inter-vlan routing should default to open when there is nothing else in place, but its the only other thing I can think
may be worth creating a simple ACP to allow a particular protocol to pass over.
only other thing that springs to mind is the default gateway for the devices at each end - is the sonicwalls or the switches?
if it's the sonic walls, might be worth putting an explicit route in place for the subnets involved on a machine at each end to see if that helps
ASKER
The default gateways are the sonicwalls for both ends.
I put an explicit route on my pc:
route add 192.168.1.0 255.255.255.0 192.168.32.1
and also on a pc on the other switch
route add 192.168.32.0 255.255.252.0 192.168.1.1
This allows me to rdp, telnet, etc. so this is what I am trying to accomplish, but I don't want to have to add routes to each pc. So looking at the routes on each switch, what should be changed?
Route on 192.168.1.254 switch:
ip route 192.168.32.0 255.255.252.0 192.168.100.1
Route on 192.168.32.1 switch:
ip route 192.168.1.0 255.255.255.0 192.168.100.2
I put an explicit route on my pc:
route add 192.168.1.0 255.255.255.0 192.168.32.1
and also on a pc on the other switch
route add 192.168.32.0 255.255.252.0 192.168.1.1
This allows me to rdp, telnet, etc. so this is what I am trying to accomplish, but I don't want to have to add routes to each pc. So looking at the routes on each switch, what should be changed?
Route on 192.168.1.254 switch:
ip route 192.168.32.0 255.255.252.0 192.168.100.1
Route on 192.168.32.1 switch:
ip route 192.168.1.0 255.255.255.0 192.168.100.2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I changed the static route on the sonicwall to point to the switches vlan 1 ip instead of the vlan 100 and all is working. Not sure if its the correct way, but for now it will work fine.
Thanks alot for your help Jake!
Thanks alot for your help Jake!