Wired Intelligent Edge

 View Only

  • 1.  create vlan and route to interface

    Posted Jun 25, 2020 02:03 AM

    we have 3 aruba switch  one of them connected to firewall interface 

     

    the main LAN 10.20.90.0/24

    and i need to create another vlan 10.20.91.0/24 it will used for ip phone.

     

    this new vlan should communicate over mpls line to another LAN(10.20.45.0/22)

     

    we do not have control over firewall (controlled by third party) we contact them and they create behind route interface for the new VLAN under firewall .

    Presentation1.png

    my problem there is no traffic go to interface from vlan.

    i can not ping to 10.20.91.1,10.20.45.1

    this configuration for 3 switch :-

    10.20.90.13

    ---------------------------------------------------

    LANDING-SW(config)# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "LANDING-SW"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.13 255.255.255.0
    ip helper-address 10.20.40.62
    exit
    vlan 91
    name "VOCIP"
    tagged 1-52
    ip address 10.20.91.13 255.255.255.0
    exit
    vlan 92
    name "VOICE-VLAN"
    tagged 1-52
    ip address 10.20.92.13 255.255.255.0
    exit
    vlan 199
    name "VLAN199"
    ip address 10.20.119.0 255.255.252.0
    exit
    primary-vlan 92
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    LANDING-SW(config)#

    ----------------------------------------------------------

    10.20.90.11

    -------------------------------------------------------

    PLANNING-SW1# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "PLANNING-SW1"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    ip route 0.0.0.0 0.0.0.0 10.20.91.1
    ip route 10.20.91.0 255.255.255.0 10.20.91.1
    ip routing
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.11 255.255.255.0
    exit
    vlan 91
    name "VOCIP"
    tagged 1-49
    ip address 10.20.91.11 255.255.255.0
    exit
    vlan 92
    name "VOICE-VLAN"
    tagged 1-49
    ip address 10.20.92.11 255.255.255.0
    voice
    exit
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    PLANNING-SW1#

    ---------------------------------------

    10.20.90.12

    -------------------------------------------------------------

    PLANNING-SW2# show running-config

    Running configuration:

    ; JL262A Configuration Editor; Created on release #WC.16.05.0007
    ; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
    hostname "PLANNING-SW2"
    module 1 type jl262a
    ip default-gateway 10.20.90.1
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    untagged 1-52
    ip address 10.20.90.12 255.255.255.0
    exit
    vlan 91
    name "VOCIP"
    tagged 1-52
    ip address 10.20.91.12 255.255.255.0
    exit
    vlan 92
    name "VOICE_VLAN"
    tagged 1-52
    ip address 10.20.92.12 255.255.255.0
    voice
    exit
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager

    PLANNING-SW2#

     



  • 2.  RE: create vlan and route to interface

    Posted Jun 25, 2020 07:05 PM

    Hi! Why your Firewall is not directly connected to the Aruba switch which is performing IPv4 routing? ...just curious about topology shown.

     

    Another interesting thing is this (the Switch is PLANNING-SW1 10.20.90.11):

    ip default-gateway 10.20.90.1
ip route 0.0.0.0 0.0.0.0 10.20.91.1
ip route 10.20.91.0 255.255.255.0 10.20.91.1
ip routing

    I don't understand (a) why ip default-gateway is configured if the IPv4 Routing service is enabled (it doesn't harm but it is not useful) and (b) why there is the 10.20.91.0/24 via 10.20.91.1 static route IF the Firewall is physically (in)directly connected to PLANNING-SW1 (because the Firewall is physically directly connected to LANDING-SW 10.20.90.13) and both the PLANNING-SW1 10.20.90.11 and the Firewall stay within the same network segment 10.20.91.0/24 (indeed all listed switches have VLAN 91 with SVI address exactly on the 10.20.91.0/24 network).



  • 3.  RE: create vlan and route to interface

    Posted Jun 28, 2020 01:23 AM

    thanks 

     

    sire the firewall connected directly to switch(landing:10.20.90.13) but it use one interface  for (10.20.90.0/24) Now we create another VLAN under these 3 switch  what i need is to to route traffic from valn to 10.20.90.1

    i put default gateway 10.20.90.1 but no traffic go outside to interface

    10.20.90.1 even it try static route for testing but without luck ,i do not Know what i miss

     

    and firewall already configure to accepted traffic from VLAN 91 and route it to destination another LAN.

     

    if the configuration wrong can you please guide me . 



Related Content