HP Switch Question with 2 routers

I have an HP core switch.  It has about 20 vlans programmed on it.  of which 1 is actually needed

Vlan 10 is configured for 255.255.240 0  This goes into a firewall that is  No problems on this..

the folks on vlan 10 also need to hit a network that is  This firewall is plugged into a port on vlan 10 on the switch.

However, no one can see to hit it.  Nor can I ping an IP from the switch that is supposedly ping able.

do I need to add anything to my switch configuration?  

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
the folks on vlan 10 also need to hit a network that is  This firewall is plugged into a port on vlan 10 on the switch.
Based on the information provided, it sounds like you'll need a static route to the network.
On the HP, you would create this route with the command:
ip route 10.70.1.x

Open in new window

(where 10.70.1.x is the IP address of the firewall that connects to the 172 network).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lefty431Author Commented:
do I just put that in the pain config?  also, the x  is that 0 or some range?
lefty431Author Commented:
sorry.  just saw the comment. below..

all ports should be in the same vlan?
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

lefty431Author Commented:
so the other router is

when I typed the code

ip route

I got
ECMP can not be applied to interface/reject/blackhole routes
lefty431Author Commented:
never mind.  I got it to accept the command there was  an
IP route vlan10

i removed that line and added the other.

however, I still can't ping or get to anything over there...
lefty431Author Commented:
; J9091A Configuration Editor; Created on release #K.15.08.0013
; Ver #02:1b.ef:f6
hostname "PHISCORE01"
module 1 type j9537a
module 2 type j9534a
module 3 type j9537a
module 4 type j9534a
module 5 type j9534a
module 11 type j9534a
module 12 type j9534a
mirror 1 port L22
max-vlans 2048
timesync sntp
sntp unicast
sntp 30
sntp server priority 1
no telnet-server
time daylight-time-rule continental-us-and-canada
time timezone -300
no web-management
web-management ssl
ip default-gateway
ip route
interface A1
   name "PHISMDF01 Uplink"
interface A2
   name "PHISMDF02 Uplink"
interface A3
   name "PHISIDF101 Uplink"
interface A4
   name "PHISIDF102 Uplink"
interface A5
   name "PHISIDF201 Uplink"
interface A6
   name "PHISIDF202 Uplink"
interface A7
   name "PHISIDF301 Uplink"
interface A23
   name "ISP1 Unlink 300"
   speed-duplex 1000-full
interface A24
   name "Uplink to HSIACore02"
interface B1
   name "VLAN 32 Link to Astaro"
interface B2
   name "Open"
interface B3
   name "Incentient LAN 168"
interface B5
   name "TrustWave IVS"
interface B10
   name "Incentient WAN"
interface B11
   name "WAN TW Lantronix"
interface B12
   name "delphi-new-srv"
interface B13
   name "Link to key lock server"
interface B15
   name "IT Office"
interface B17
   name "IT Office"
interface B18
   name "MDF Patch 35"
interface B19
   name "IT Office"
interface B20
   name "MDF Patch 36"
interface B21
   name "IT Office"
interface B22
   name "DIT VLAN 32"
interface B23
   name "IT Office"
interface B24
   name "MDF Patch 33 DIT"
interface D1
   name "VLAN 10 Uplink"
interface D8
   monitor all both mirror 1
interface D17
   monitor all both mirror 1
interface D20
   name "UTM-U Port 1 VLAN 301"
interface D23
   name "Core Rack Power A"
interface D24
   name "Core Rack Power B"
interface E1
   name "IJWS Server"
interface K4
   name "UTM A 1/7 Uplink VLAN 26"
interface K5
   name "UTM B 1/7 Uplink VLAN 26"
interface K7
   name "On-Q-UPLINK"
interface L1
   name "Uplink to PHISWiFi"
interface L22
   name "Appneta FlowView"
interface L23
   name "Appneta PathView"
interface L24
   name "Uplink to PHISWiFi01"

snmpv3 enable
snmpv3 restricted-access
snmpv3 user "PHISHAUser"
snmpv3 user "initial"
spanning-tree force-version rstp-operation
vlan 1
   name "PHI_Default"
   no untagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,K1-K3,K7,K15-K24,L1-L24
   untagged K4-K6,K8-K14
   ip address dhcp-bootp
vlan 10
   name "PHI_Admin"
   untagged B1,B4-B6,B12-B15,B17-B21,B23-B24,D1-D9,D11-D19,D21-D24,E3-E11,E13-E2
   tagged A1-A23,B2,B22,L24
   ip address
vlan 16
   name "PHI_POS_Term"
   untagged B8,E23
   tagged A1-A7,A24,D4
   no ip address
Try to trace route from PC to some host in destination network and you will find out where ping stops.

tracert x.x.x.x

If you add route on one side, that does not automatically means that other side that you are trying to reach knows the way back to where ping started. Maybe ping gets there, but you need also add route on some other router to point how reach source network of ping, otherwise ping will fail.

And also, is this switch where you are adding static route your default gateway? In the case if it is not, maybe packet never reaches this device, so packet is not routed by static route. L3 device that is your default gateway will forwarded packet according to most specific route that can be find in routing table and that route can be default route, so packet can easily be routed to your ISP (this applies to all L3 devices along path).

To enable routing on switch, I guess you need command #ip routing but I don't see it in configuration (at least that was on HP switches that I worked with).
lefty431Author Commented:
the router for vlan 10 is  this works.   everything on vlan 10 has internet.

they are adding a second firewall for another network that the computers on vlan 10 need to be able to get to.

it is just plugged into a untagged port on vlan 10.  I was told the gateway for that  was
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.