Comware

 View Only

  • 1.  Cannot access Internet from VLANs other than VLAN1

    Posted Jul 28, 2017 03:52 PM

    I have got an HP A5120 EI switch. I created some VLANs. I have got an ADSL router on VLAN1 with IP address 192.168.1.2. I can access Internet from VLAN1 but I cannot access Internet from the other VLANs. From the other VLANs I can access the other VLANs and I can ping the switch at the IP address 192.168.1.1.

    Here is my switch configuration:

    ******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP          *
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************


Login authentication


Password:
<Switch>dis cu
#
 version 5.20.99, Release 2222P01
#
 sysname Switch
#
 clock timezone Italy add 01:00:00
 clock summer-time Italy repeating 02:00:00 2017 March last Sunday 03:00:00 2017 October last Sunday  01:00:00
#
 dhcp relay server-group 1 ip 192.168.1.1
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 dns resolve
 dns server 8.8.8.8
 dns server 8.8.4.4
 dns server 192.168.1.2
#
 telnet server enable
#
 lldp compliance cdp
#
 password-recovery enable
#
vlan 1
 description Base
#
vlan 20
 description Windows XP
#
vlan 100
 description Periferiche
#
vlan 182
 description PC
#
vlan 840
 description Wi-Fi
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool nome
 network 192.168.1.0 mask 255.255.255.0
 gateway-list 192.168.1.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool pc
 network 192.168.182.0 mask 255.255.255.0
 gateway-list 192.168.182.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool periferiche
 network 192.168.100.0 mask 255.255.255.0
 gateway-list 192.168.100.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool wifi
 network 192.168.200.0 mask 255.255.255.0
 gateway-list 192.168.200.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool xp
 network 192.168.20.0 mask 255.255.255.0
 gateway-list 192.168.20.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
user-group system
 group-attribute allow-guest
#
local-user XXXXX
 password cipher XXXXXX
 authorization-attribute level 3
 service-type ssh telnet
 service-type web
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.20.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface100
 ip address 192.168.100.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface182
 ip address 192.168.182.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface840
 ip address 192.168.200.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface GigabitEthernet1/0/1
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/2
 description Stampante Lexmark
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/3
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/4
 description Stampante LBP5050N
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/5
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/6
 description NAS (Network Attached Storage)
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/7
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/8
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/9
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/10
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/11
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/12
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/13
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/14
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/15
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/16
 port access vlan 840
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/17
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/18
 port access vlan 182
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/19
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/20
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/21
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/22
 description PC Windows XP
 port access vlan 20
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/23
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/24
 description Modem e access point
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/25
 shutdown
#
interface GigabitEthernet1/0/26
 shutdown
#
interface GigabitEthernet1/0/27
 shutdown
#
interface GigabitEthernet1/0/28
 shutdown
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.2 preference 65
#
 dhcp server forbidden-ip 192.168.1.0 192.168.1.2
#
 dhcp enable
#
 ntp-service unicast-server 193.204.114.232
 ntp-service unicast-server 193.204.114.233
#
 ssh server enable
#
 load xml-configuration
#
user-interface aux 0
user-interface vty 0
 user privilege level 3
 set authentication password cipher XXXXXX
user-interface vty 1 15
#
return
<Switch>

    How can I solve my issue?

    One strange thing I noticed on the ADSL router is that it has got a WAN IP address 79.35.XXX.XXX and gateway 192.168.100.1; but I cannot modify that. The ADSL router is provided by the phone company.



  • 2.  RE: Cannot access Internet from VLANs other than VLAN1

    Posted Aug 04, 2017 07:39 AM

    Do you have the other network segments configured on the ISP router?

    I'm asking it because you need a NAT for each network segment. If you can't add the other segments on the ISP's router so you can't surf on the web through the other vlans, just the VLAN 1 will work.

    You can ping inter vlan because the switch L3 routes the traffic but to surf the web you need to configure the ISP's router.

    I have a scenario here with a HP5500 acting as a gateway and the border router is a Cisco RV082.

    To make the traffic of the other VLAN's flow through the Cisco to web, it is needed to add the network segment on the router, in that case, the VLAN gateway IP that I pre defined earlier. In my case defined as x.x.x.254 /24. Oh, RV082 is limited just to 5 another LAN segments.

    I hope it can help you.

    Regards.



  • 3.  RE: Cannot access Internet from VLANs other than VLAN1

    Posted Aug 09, 2017 09:35 AM

    HI

    I agree with the previous poster - its likely that your router does not support the NAT'ing of multiple Vlans. I cannot be of any further help as I am still learning and have come across the exact same issue which I am at somepoint going to try to remedy. I am planning to put a cisco router inbetween the Wan router and a Layer 3 switch, which I have been told should work. This is just a test setup for my own learning purposes.

    Regards

    Gary



Related Content