Solved

VLAN Routing with Avaya IP Office

Posted on 2013-06-04
9
3,995 Views
Last Modified: 2014-03-15
I have two VLANS and they can't communicate with each other.  The first VLAN is for all computers & servers.  The second VLAN is for our AVAYA IP OFFICE phone system.  The AVAYA phone system has a WEB server on 192.168.2.10:8080 for managing voicemail and phones.  I can't reach this address from the 192.168.1.X address.  Listed below is my config


Running configuration:

; J9311A Configuration Editor; Created on release #K.15.02.0005

hostname "ProCurve Switch 3500yl-48G-PoEP"
qos dscp-map 101110 priority 6
module 1 type J93yyA
module 2 type J93xxA
interface 18
   name "Avaya IPOffice"
exit
interface 38
   name "Office"
exit
trunk 43-44 Trk1 Trunk
ip default-gateway 192.168.2.1
ip routing
vlan 1
   name "Data_Vlan"
   untagged 1-16,18-42,45-48,Trk1
   ip helper-address 192.168.1.24
   ip address 192.168.1.7 255.255.255.0
   tagged 17
   ip igmp
   exit
vlan 10
   name "Voice_Vlan"
   qos dscp 101110
   ip helper-address 192.168.1.24
   ip address 192.168.2.7 255.255.255.0
   tagged 3,7,10,14-21,23-26,28,30-33,36,39-42,45-47,Trk1
   voice
   ip igmp
   exit
vlan 100
   name "Guest_Network"
   ip helper-address 192.168.1.24
   ip address 10.1.10.7 255.255.255.0
   tagged 13,45-48,Trk1
   ip igmp
   exit
gvrp
qos type-of-service diff-services
mirror 1 port 33
power-over-ethernet pre-std-detect
qos device-priority 10.1.1.1 dscp 101110
qos device-priority 10.1.1.10 dscp 101110
qos device-priority 192.168.2.5 priority 6
sflow 1 destination 192.168.1.135 2055
sflow 1 polling 1-42,45-48 60
sflow 1 sampling 1-42,45-48 50
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.1.10.0 255.255.255.0 vlan 100
ip route 192.168.1.0 255.255.255.0 vlan 1
ip route 192.168.2.0 255.255.255.0 vlan 10
interface 45
   monitor all both mirror 1
   exit
interface 47
   monitor all both mirror 1
   exit
snmp-server community "public" unrestricted
snmp-server host 192.168.1.135 community "public"
snmp-server host 172.16.0.50 community "public"
snmp-server contact "Tom Kvech"
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree priority 1
vlan 1
   ip rip 192.168.1.7
   exit
vlan 10
   ip rip 192.168.2.7
   exit
0
Comment
Question by:tkvech
  • 4
  • 3
  • 2
9 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39222952
What routing do you have on the Avaya? Just a default gw?
0
 

Author Comment

by:tkvech
ID: 39222978
The current IP routes is listed.  This is from the IP Office.
IP Address     IP Mask                  Gateway
0.0.0.0           0.0.0.0                   192.168.2.1
192.168.2.0   255.255.255.0       192.168.2.1
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39222996
Okay, so it has 192.168.2.1 as the gateway to every subnet.

Problem is, it would need to use 192.168.2.7 as the gateway/nexthop to the 192.168.1.x subnet. Also, the devices on the 192.168.1.x subnet will need to know to use 192.168.1.7 to get back to the 192.168.2.x voice subnet. This is assuming that the switch handles the inter-vlan routing, and not a firewall/router (192.168.2.1 ?)

Can you post a routing table from a device in the 192.168.1.x subnet?
0
 

Author Comment

by:tkvech
ID: 39223023
When you say a routing table from a device in the 1.X subnet.  Can that be any device like a computer?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 17

Expert Comment

by:TimotiSt
ID: 39223032
Sure, a 'route print' from a Windows PC is fine.
0
 

Author Comment

by:tkvech
ID: 39223605
Here is route print from a Windows XP machine

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1.MET>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x10005 ...00 13 72 e5 c6 70 ...... Broadcom NetXtreme 57xx Gigabit Controller -
 Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.107       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0   169.254.25.142  169.254.25.142       20
   169.254.25.142  255.255.255.255        127.0.0.1       127.0.0.1       20
  169.254.255.255  255.255.255.255   169.254.25.142  169.254.25.142       20
      192.168.1.0    255.255.255.0    192.168.1.107   192.168.1.107       20
    192.168.1.107  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.107   192.168.1.107       20
    192.168.126.0    255.255.255.0    192.168.126.1   192.168.126.1       20
    192.168.126.1  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.126.255  255.255.255.255    192.168.126.1   192.168.126.1       20
        224.0.0.0        240.0.0.0   169.254.25.142  169.254.25.142       20
        224.0.0.0        240.0.0.0    192.168.1.107   192.168.1.107       20
        224.0.0.0        240.0.0.0    192.168.126.1   192.168.126.1       20
  255.255.255.255  255.255.255.255   169.254.25.142  169.254.25.142       1
  255.255.255.255  255.255.255.255    192.168.1.107   192.168.1.107       1
  255.255.255.255  255.255.255.255    192.168.126.1   192.168.126.1       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 39224181
Default gateway of PC is 192.168.1.1 and 192.168.2.1 in vlan 10
So now your router (not 3500yl) is handling the inter-vlan routing between vlan 1 and vlan 10, as TimotiSt wrote.

If you want to keep it that way, perhaps some ACL's at the router have to be looked at.

If you want the the inter-vlan routing between vlan 1 and vlan 10 to happen on 3500yl, then default gateway's should point that way, that is 192.168.1.7 and 192.168.2.7 respectively. Perhaps a change in scope options on a DHCP-server can make a good part of that change.
0
 

Author Comment

by:tkvech
ID: 39224631
I understand what your saying.  It appears that I have some devices using the router as the gateway and some devices using the switch as the gateway.  So I should change the gateway to point to the switch.  My other questions has to do with a few of the config lines on the Procurve.

This is currently pointing to the router.  Should I delete this entry?  If not what should it be?
ip default-gateway 192.168.2.1

Do these route statements seem correct?  Do I need the last 2 route statements?  Every example I've ever seen never shows a route statement for the vlan
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.1.10.0 255.255.255.0 vlan 100
ip route 192.168.1.0 255.255.255.0 vlan 1
ip route 192.168.2.0 255.255.255.0 vlan 10
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 500 total points
ID: 39225352
When you remove 192.168.2.1 from router, make sure there is an route back
IP route 192.168.2.0  255.255.255.0  192.168.1.7

Both default-gateway statemenst should be present.

ip default-gateway 192.168.2.1   L2-gateway let the switch act as a managed switch

ip route 0.0.0.0 0.0.0.0 192.168.1.1  L3-default gateway let packets from routed networks on this switch, not directly connected, that is not destined for vlans here, have a way out.

I've never seen  a route statement for the vlan either.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now