Comware

 View Only

  • 1.  5406zl not routing multiple subnets to default dateway

    Posted Nov 03, 2009 09:22 PM
    Hello,

    This is my first experience with a zl switch. I have mutliple vlans with routing enabled. However, only the vlan in the gateway subnet can access the default gateway located on vlan 3 port a2:

    Gateway Route

    ip route 0.0.0.0/24 10.100.153.10

    vlan 3 10.100.153.1
    vlan 6 10.100.156.1

    Config...


    ip routing
    ...

    vlan 3
    name "BUILDING-AB"
    untagged A5
    ip address 10.100.153.1 255.255.255.0
    tagged A2
    exit

    ...

    vlan 6
    name "BUILDING-G"
    untagged A3
    ip helper-address 10.100.153.10
    ip address 10.100.156.1 255.255.255.0
    tagged A2,Trk6
    exit
    ...

    ip dns server-address 10.100.153.10
    ip route 0.0.0.0 0.0.0.0 10.100.153.10






  • 2.  RE: 5406zl not routing multiple subnets to default dateway

    Posted Nov 04, 2009 05:47 AM
    Hi,

    What is the device that is the default gateway?
    The first guess would be that the default gateway does not have a route back for the 10.100.156.0/24 subnet.
    Are the hosts on vlan 6 are successfully getting DHCP addresses? If so can you can ping the 10.100.153.1 address from a vlan 6 host?


  • 3.  RE: 5406zl not routing multiple subnets to default dateway

    Posted Nov 04, 2009 08:30 AM
    >What is the device that is the default gateway?

    The device is a linux firewall/Content filter. Using an 802.1q interface (A2) with ip in each VLAN.

    >The first guess would be that the default >gateway does not have a route back for the >10.100.156.0/24 subnet.

    It actually has an interface built on the 156 subnet (vlan6). Keep in mind, if I use 10.100.15x.10 (The Linux Box) as the default gateway for clients on any subnet everything works fine. Internet routing is lost when the HP swtich is the gateway and the client is not in the same subnet a the 0.0.0.0/24 route (ie 10.100.153.0). My goal is to use the HP switch as a router to prevent all the local traffic from congesting the linux box and allow it to manage Internet traffic only.

    >Are the hosts on vlan 6 are successfully >getting DHCP addresses? If so can you can >ping the 10.100.153.1 address from a vlan 6 >host?

    Disregard the dhcp-helper address. I now have an interface for each subnet built on the Linux box. But to answer yes they are getting addresses and yes they can ping each other.

    Thanks,

    -Jim


  • 4.  RE: 5406zl not routing multiple subnets to default dateway

    Posted Nov 04, 2009 09:15 AM
    Hello,
    sounds like an asymetrical routing problem to me.
    Try to use only one interface on your firewall (only vlan 3 interface) and add a static route to reach 10.100.156.0/24 through 10.100.153.1




  • 5.  RE: 5406zl not routing multiple subnets to default dateway

    Posted Nov 04, 2009 09:16 AM
    Ok so routing on the HP appears to be working then.
    Do you disable the vlan 6 802.1q interface on the firewall when you set the clients to use 10.100.156.1 as their gateway?
    One potential issue may be your firewall not liking the fact that it's routing responses out a different interface from which they were received.
    For example, a VLAN 6 host pings an internet address, the request will be routed by the HP and come into the vlan 3 interface on the firewall. The firewall would attempt to route the reply through it's vlan 6 interface.


  • 6.  RE: 5406zl not routing multiple subnets to default dateway

    Posted Nov 04, 2009 08:47 PM
    >sounds like an asymetrical routing problem >to me.
    >Try to use only one interface on your >firewall (only vlan 3 interface) and add a >static route to reach 10.100.156.0/24 >through 10.100.153.1

    Yup, that fixed it. Removed the other VLAN interfaces and created routes on the firewall and it works like a top!

    Thanks guys.


Related Content