HP Switch Question with 2 routers

I have an HP core switch.  It has about 20 vlans programmed on it.  of which 1 is actually needed

Vlan 10 is configured for 10.70.1.0 255.255.240 0  This goes into a firewall that is 10.70.1.4 255.255.240.0  No problems on this..

the folks on vlan 10 also need to hit a network that is 172.24.94.0/24.  This firewall is plugged into a port on vlan 10 on the switch.

However, no one can see to hit it.  Nor can I ping an IP from the switch that is supposedly ping able.

do I need to add anything to my switch configuration?  

Thanks!
LVL 1
lefty431Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
the folks on vlan 10 also need to hit a network that is 172.24.94.0/24.  This firewall is plugged into a port on vlan 10 on the switch.
Based on the information provided, it sounds like you'll need a static route to the 172.24.94.0 network.
On the HP, you would create this route with the command:
ip route 172.24.94.0 255.255.255.0 10.70.1.x

Open in new window

(where 10.70.1.x is the IP address of the firewall that connects to the 172 network).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lefty431Author Commented:
do I just put that in the pain config?  also, the x  is that 0 or some range?
lefty431Author Commented:
sorry.  just saw the comment. below..

all ports should be in the same vlan?
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

lefty431Author Commented:
so the other router is 10.70.1.4

when I typed the code

ip route 172.24.94.0 255.255.255.0 10.70.1.4

I got
ECMP can not be applied to interface/reject/blackhole routes
lefty431Author Commented:
never mind.  I got it to accept the command there was  an
IP route 172.24.94.0 255.255.255.0 vlan10

i removed that line and added the other.

however, I still can't ping or get to anything over there...
lefty431Author Commented:
; J9091A Configuration Editor; Created on release #K.15.08.0013
; Ver #02:1b.ef:f6
hostname "PHISCORE01"
module 1 type j9537a
module 2 type j9534a
module 3 type j9537a
module 4 type j9534a
module 5 type j9534a
module 11 type j9534a
module 12 type j9534a
mirror 1 port L22
logging 10.70.1.10
max-vlans 2048
timesync sntp
sntp unicast
sntp 30
sntp server priority 1 204.13.200.99
no telnet-server
time daylight-time-rule continental-us-and-canada
time timezone -300
no web-management
web-management ssl
ip default-gateway 10.70.32.1
ip route 172.24.94.0 255.255.255.0 10.70.1.4
interface A1
   name "PHISMDF01 Uplink"
   exit
interface A2
   name "PHISMDF02 Uplink"
   exit
interface A3
   name "PHISIDF101 Uplink"
   exit
interface A4
   name "PHISIDF102 Uplink"
   exit
interface A5
   name "PHISIDF201 Uplink"
   exit
interface A6
   name "PHISIDF202 Uplink"
   exit
interface A7
   name "PHISIDF301 Uplink"
   exit
interface A23
   name "ISP1 Unlink 300"
   speed-duplex 1000-full
   exit
interface A24
   name "Uplink to HSIACore02"
   exit
interface B1
   name "VLAN 32 Link to Astaro"
   exit
interface B2
   name "Open"
   exit
interface B3
   name "Incentient LAN 168"
   exit
interface B5
   name "TrustWave IVS"
   exit
interface B10
   name "Incentient WAN"
   exit
interface B11
   name "WAN TW Lantronix"
   exit
interface B12
   name "delphi-new-srv"
   exit
interface B13
   name "Link to key lock server"
   exit
interface B15
   name "IT Office"
   exit
interface B17
   name "IT Office"
   exit
interface B18
   name "MDF Patch 35"
   exit
interface B19
   name "IT Office"
   exit
interface B20
   name "MDF Patch 36"
   exit
interface B21
   name "IT Office"
   exit
interface B22
   name "DIT VLAN 32"
   exit
interface B23
   name "IT Office"
   exit
interface B24
   name "MDF Patch 33 DIT"
   exit
interface D1
   name "VLAN 10 Uplink"
   exit
interface D8
   monitor all both mirror 1
   exit
interface D17
   monitor all both mirror 1
   exit
interface D20
   name "UTM-U Port 1 VLAN 301"
   exit
interface D23
   name "Core Rack Power A"
   exit
interface D24
   name "Core Rack Power B"
   exit
interface E1
   name "IJWS Server"
   exit
interface K4
   name "UTM A 1/7 Uplink VLAN 26"
   exit
interface K5
   name "UTM B 1/7 Uplink VLAN 26"
   exit
interface K7
   name "On-Q-UPLINK"
   exit
interface L1
   name "Uplink to PHISWiFi"
   exit
interface L22
   name "Appneta FlowView"
   exit
interface L23
   name "Appneta PathView"
   exit
interface L24
   name "Uplink to PHISWiFi01"
   exit

snmpv3 enable
snmpv3 restricted-access
snmpv3 user "PHISHAUser"
snmpv3 user "initial"
spanning-tree force-version rstp-operation
vlan 1
   name "PHI_Default"
   no untagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,K1-K3,K7,K15-K24,L1-L24
   untagged K4-K6,K8-K14
   ip address dhcp-bootp
   exit
vlan 10
   name "PHI_Admin"
   untagged B1,B4-B6,B12-B15,B17-B21,B23-B24,D1-D9,D11-D19,D21-D24,E3-E11,E13-E2
2,K2-K3,K7,L1-L8,L10-L11,L13-L23
   tagged A1-A23,B2,B22,L24
   ip address 10.70.5.200 255.255.240.0
   exit
vlan 16
   name "PHI_POS_Term"
   untagged B8,E23
   tagged A1-A7,A24,D4
   no ip address
   exit
JustInCaseCommented:
Try to trace route from PC to some host in destination network and you will find out where ping stops.

tracert x.x.x.x

If you add route on one side, that does not automatically means that other side that you are trying to reach knows the way back to where ping started. Maybe ping gets there, but you need also add route on some other router to point how reach source network of ping, otherwise ping will fail.

And also, is this switch where you are adding static route your default gateway? In the case if it is not, maybe packet never reaches this device, so packet is not routed by static route. L3 device that is your default gateway will forwarded packet according to most specific route that can be find in routing table and that route can be default route, so packet can easily be routed to your ISP (this applies to all L3 devices along path).

To enable routing on switch, I guess you need command #ip routing but I don't see it in configuration (at least that was on HP switches that I worked with).
lefty431Author Commented:
the router for vlan 10 is 10.70.1.4  this works.   everything on vlan 10 has internet.

they are adding a second firewall for another network that the computers on vlan 10 need to be able to get to.

it is just plugged into a untagged port on vlan 10.  I was told the gateway for that  was 172.24.94.254
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.