HP Procurve 5412zl, new vlan won't pass traffic
I have the switch above.. trying to setup a new vlan for my servers. I have the following config currently:
So my issue is that pings from the 49.1 subnet can't reach 128. However other vlan source pings do make it through.
I know I missed something stupid.. any help?
MAIN-IT# sh run
Running configuration:
; J8698A Configuration Editor; Created on release #K.15.18.0007
; Ver #09:24.6b.ff.f7.fc.7f.ff.3f.ef:e2
hostname "MAIN-IT"
module 1 type j8705a
module 2 type j8705a
module 3 type j8702a
module 4 type j8702a
module 5 type j8702a
module 6 type j8702a
module 7 type j8702a
module 8 type j8702a
module 9 type j8702a
module 10 type j8702a
module 11 type j8702a
module 12 type j8702a
mirror 1 port C5
trunk G23 trk11 trunk
web-management idle-timeout 6000
ip access-list extended "I8"
exit
ip default-gateway 128.128.128.10
ip route 0.0.0.0 0.0.0.0 128.128.128.10
ip routing
ipv6 access-list "I8"
exit
interface A22
speed-duplex auto
exit
interface B17
power-over-ethernet high
exit
interface C1
power-over-ethernet high
poe-lldp-detect enabled
exit
interface C15
name "X04 Sonicwall (VPN)"
exit
interface G23
name "IT wap"
exit
interface H13
name "Unifi"
exit
snmp-server community "public" unrestricted
snmp-server contact "Ben Hart"
no lldp config C1 dot3TlvEnable poeplus_config
vlan 1
name "DEFAULT_VLAN"
untagged
A1-A21,B1-B13,B15-B18,B20-B21,C1-C24,D1-D24,E1-E24,F1-F24,G1-G22,G24,H1-H24,I1-
I23,J1-J24,K1-K24,L1-L24,Trk11
tagged A22-A24,B14,B19,B22-B24,I24
ip address 128.128.128.98 255.255.0.0
monitor all both mirror 1
exit
vlan 3
name "Vault (R&D)"
tagged B21
ip address 192.168.51.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 4
name "Fostoria"
tagged B22
ip address 192.168.52.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 5
name "Filcon"
ip address 192.168.53.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 6
name "Farwell"
tagged B19
ip address 192.168.54.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 7
name "Servers"
tagged E13-E20
ip address 192.168.55.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 10
name "WiFi"
tagged A18,A21-A24,B13-B19,B21-B24,I24,J2
ip address 192.168.56.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 11
name "Guest"
tagged A18,A21-A24,B13-B19,B21-B24,I24
ip address 192.168.254.1 255.255.255.0
ip helper-address 128.128.128.2
exit
vlan 12
name "SSL VPN"
tagged C15
ip address 192.168.50.102 255.255.255.0
exit
spanning-tree
spanning-tree Trk11 priority 4
no spanning-tree bpdu-throttle
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
MAIN-IT#
MAIN-IT# sh vlan
Status and Counters - VLAN Information
Maximum VLANs to support : 256
Primary VLAN : DEFAULT_VLAN
Management VLAN :
VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
3 Vault (R&D) | Port-based No No
4 Fostoria | Port-based No No
5 Filcon | Port-based No No
6 Farwell | Port-based No No
7 Servers | Port-based No No
10 WiFi | Port-based No No
11 Guest | Port-based No No
12 SSL VPN | Port-based No No
MAIN-IT#
MAIN-IT(config)# ping source 192.168.50.1 128.128.128.2
Source IP address is not configured on this switch.
MAIN-IT(config)# ping source 192.168.51.1 128.128.128.2
128.128.128.2 is alive, time = 1 ms
MAIN-IT(config)# ping source 192.168.49.1 128.128.128.2
Request timed out.
MAIN-IT(config)#
MAIN-IT(config)# sh ip route
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 128.128.128.10 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
128.128.0.0/16 DEFAULT_VLAN 1 connected 1 0
192.168.49.0/24 Servers 13 connected 1 0
192.168.50.0/24 SSL VPN 12 connected 1 0
192.168.51.0/24 Vault (R&D) 3 connected 1 0
192.168.52.0/24 Fostoria 4 connected 1 0
192.168.54.0/24 Farwell 6 connected 1 0
192.168.56.0/24 WiFi 10 connected 1 0
192.168.254.0/24 Guest 11 connected 1 0So my issue is that pings from the 49.1 subnet can't reach 128. However other vlan source pings do make it through.
I know I missed something stupid.. any help?
ASKER
sorry, I forgot that I deleted and recreated the vlan using a different ip just to make sure something on my end was not in conflict with .49
this is an inherited network and I'm still in semi-discovery mode.
this is an inherited network and I'm still in semi-discovery mode.
Please post the current config.
ASKER
That is the current config. My typed text was what was wrong. The issue was that vlan 7 could not see any other network. However overnight the problem has morphed, its still related to this switch so I'll try to not start a new question but feel free to tell me if I should.
Currently The switch uses it's own Default GW of 128.128.128.10 which is a Sonicwall nsa 3400. Why? I don;t know why it was done like this. I feel this is a stupid config but it's what I have and I cannot change it at this time.
So I went through the Sonicwalls config and found a VLANS service/address objects. I created a new object for this new vlan subnet and added it to that VLANs object group. Now if I static a host with an IP on this new subnet I can ping out. It's still an 'unknown network' but I have communications.
I cal also ping from the prod network to the server subnet.. so I hope Im golden on that. My issue now is understanding why it's using the sonicwall to route when the switch is obviously L3 and can do that on its own.
Currently The switch uses it's own Default GW of 128.128.128.10 which is a Sonicwall nsa 3400. Why? I don;t know why it was done like this. I feel this is a stupid config but it's what I have and I cannot change it at this time.
So I went through the Sonicwalls config and found a VLANS service/address objects. I created a new object for this new vlan subnet and added it to that VLANs object group. Now if I static a host with an IP on this new subnet I can ping out. It's still an 'unknown network' but I have communications.
I cal also ping from the prod network to the server subnet.. so I hope Im golden on that. My issue now is understanding why it's using the sonicwall to route when the switch is obviously L3 and can do that on its own.
ASKER
And also DHCP won't pass through to this subnet.
So you're saying the problem is with the Sonicwall?
If that's the case, then you should delete this question and open a new one. Sonicwall experts probably won't be looking at this question since the title references an HP Procurve.
The default gateway setting on the HP is irrelevant since it's routing and has a default route. I see this all the time. When the switch is initially setup, the default gateway gets defined just so management works. Then once the configuration is finished, that command doesn't get removed. It's no big deal. Doesn't hurt anything for it to be there.
If that's the case, then you should delete this question and open a new one. Sonicwall experts probably won't be looking at this question since the title references an HP Procurve.
The default gateway setting on the HP is irrelevant since it's routing and has a default route. I see this all the time. When the switch is initially setup, the default gateway gets defined just so management works. Then once the configuration is finished, that command doesn't get removed. It's no big deal. Doesn't hurt anything for it to be there.
ASKER
So wait.. I need to understand the GW thing you just said.
So you see in the config, the routes on the switch are only : 0.0.0.0 0.0.0.0 128.128.128.10
which is, correct me if Im wrong, but everything to .10 (sonicwall).
So from my POV all internal traffic between vlans is passing thru the firewall, is this right?
So you see in the config, the routes on the switch are only : 0.0.0.0 0.0.0.0 128.128.128.10
which is, correct me if Im wrong, but everything to .10 (sonicwall).
So from my POV all internal traffic between vlans is passing thru the firewall, is this right?
No. The only traffic going to the firewall is traffic destined for unknown networks.
Put another way, traffic to any network that is not in the routing table is sent to 128.128.128.10.
So traffic from 49.0 to 51.0 never goes to the firewall. The same for any traffic from one of the VLANs on the switch going to any VLAN on the switch.
Put another way, traffic to any network that is not in the routing table is sent to 128.128.128.10.
So traffic from 49.0 to 51.0 never goes to the firewall. The same for any traffic from one of the VLANs on the switch going to any VLAN on the switch.
ASKER
Why are these switches so confusing? Even looking at the routing entries it's still not very clear. So any idea what might be stopping dhcp from 128 to .55?
Well, confusing is relative. ;-)
192.168.51.0/24 Vault (R&D) 3 connected
Any traffic destined for 192.168.51.0/24 will be sent out VLAN 3 which is directly connected.
The DHCP issue appears to be related to your earlier confusion. If you look at the routing table you will see:
192.168.49.0/24 Servers 13 connected
But in the config, the servers VLAN is 7 with an IP on the 192.168.55.0 network.
vlan 7
name "Servers"
ip address 192.168.55.1 255.255.255.0
Since directly connected entries in the routing table are pulling from the config, I can't see how this is possible.
192.168.51.0/24 Vault (R&D) 3 connected
Any traffic destined for 192.168.51.0/24 will be sent out VLAN 3 which is directly connected.
The DHCP issue appears to be related to your earlier confusion. If you look at the routing table you will see:
192.168.49.0/24 Servers 13 connected
But in the config, the servers VLAN is 7 with an IP on the 192.168.55.0 network.
vlan 7
name "Servers"
ip address 192.168.55.1 255.255.255.0
Since directly connected entries in the routing table are pulling from the config, I can't see how this is possible.
ASKER
Ahh damn I should have double-checked that paste. Here's the routing table as it sits right now.
MAIN-IT# sh ip route
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 128.128.128.10 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
128.128.0.0/16 DEFAULT_VLAN 1 connected 1 0
192.168.50.0/24 SSL VPN 12 connected 1 0
192.168.51.0/24 Vault (R&D) 3 connected 1 0
192.168.52.0/24 Fostoria 4 connected 1 0
192.168.54.0/24 Farwell 6 connected 1 0
192.168.55.0/24 Servers 7 connected 1 0
192.168.56.0/24 WiFi 10 connected 1 0
192.168.254.0/24 Guest 11 connected 1 0
And this morning DHCP wouldnt pass through to my vm guest. Just tested with the server and no bueno on the dhcp.
MAIN-IT# sh ip route
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 128.128.128.10 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
128.128.0.0/16 DEFAULT_VLAN 1 connected 1 0
192.168.50.0/24 SSL VPN 12 connected 1 0
192.168.51.0/24 Vault (R&D) 3 connected 1 0
192.168.52.0/24 Fostoria 4 connected 1 0
192.168.54.0/24 Farwell 6 connected 1 0
192.168.55.0/24 Servers 7 connected 1 0
192.168.56.0/24 WiFi 10 connected 1 0
192.168.254.0/24 Guest 11 connected 1 0
And this morning DHCP wouldnt pass through to my vm guest. Just tested with the server and no bueno on the dhcp.
GIGO
And this morning DHCP wouldnt pass through to my vm guest
I don't know where the "vm guest" is. Network numbers (or VLAN numbers on the switch) please.
The information required is what network is the client on?
Are you sure there is a scope defined on the server for the network in question?
And this morning DHCP wouldnt pass through to my vm guest
I don't know where the "vm guest" is. Network numbers (or VLAN numbers on the switch) please.
The information required is what network is the client on?
Are you sure there is a scope defined on the server for the network in question?
ASKER
Sorry been one of those days.
I have a hyper-v host with a number of guest vm's. This host has 4 nics, 3 in production and the one I plugged into a port tagged for vlan 7 (servers) I tried pulling dhcp for that servers nic #4 but it never gets one. I static it in the valid range of 192.168.55.x but still no go.
This afternoon I had cause to tag a port in-house for a vlan in another building that is known working. The client does not get DHCP nor does a static ip work.
And yeah I def have scopes defined on the one DHCP server in my realm.
I have a hyper-v host with a number of guest vm's. This host has 4 nics, 3 in production and the one I plugged into a port tagged for vlan 7 (servers) I tried pulling dhcp for that servers nic #4 but it never gets one. I static it in the valid range of 192.168.55.x but still no go.
This afternoon I had cause to tag a port in-house for a vlan in another building that is known working. The client does not get DHCP nor does a static ip work.
And yeah I def have scopes defined on the one DHCP server in my realm.
Okay, so it's not a DHCP issue, no traffic is moving on the ports in question?
Which port are we talking about here?
Have you tried a plain access (untagged) port?
Which port are we talking about here?
Have you tried a plain access (untagged) port?
ASKER
Port E13 is the only one I am using thats tagged for Vlan 7. Also I thought untagged means it's caught by Vlan1??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So tagged == trunk port?
Yes
ASKER
Don.. that fixed me. I untagged the port and the servers nic 4 pulled an IP via DHCP. Now I'm in business. Thanks for your help!
What VLAN is that address assigned to?