HP Procurve – Cannot Connect to 2920 from Different VLAN

hp-procurve

So here's the issue I am having.

I have a bunch of HP Procurve 2920s.

Inter vlan routing is being done by a single firewall.

Vlan 10 – 10.10.10.0/25
Vlan 20 – 10.10.20.0/25

Gateway for each 10.1 and 20.1

Vlan 10 interface on switch = 10.5
PC1 on Vlan 10 = 10.100
PC2 on Vlan 20 = 20.100

Interface from switch to firewall is Tagged for vlan 10 and 20.

So first test for intervlan routing works.
PC1 on vlan 10 can communicate with PC2 on vlan 20. (10.100 <–> 20.100)
PC1 switch interface is untagged vlan 10
PC2 switch interface is untagged vlan 20

So again intervlan routing via the L3 firewall is working. However where it breaks down is PC's on vlan 20 cannot talk to the actual switch IPs. (20.100 <-!-> 10.5) does not work.

I assume this has to do something the way the HP is handling these incoming packets on the tagged interfaces. I'm hoping there is a procurve expert around here that can help. I need other vlans to be able to access the switches in the mgmt vlan.

I have also tried both setting vlan 10 as "primary-vlan" and turned off "primary-vlan"

Sorry took so long to post code, I had to get some internet.

NLRC127A-DS1# sho run

Running configuration:

; J9727A Configuration Editor; Created on release #WB.15.12.0015
; Ver #05:18.41.ff.35.0d:9b

hostname "NLRC127A-DS1"
module 1 type j9727a
trunk 19-20 trk1 lacp
no telnet-server
ip default-gateway 10.10.10.1
ip routing
interface 1
   name "External from Firewall:Eth0"
   exit
interface 2
   name "WAN port to Juniper:0/0"
   exit
interface 3
   name "RSV for Switch Trunks"
   exit
interface 4
   name "RSV for Switch Trunks"
   exit
interface 5
   name "RSV for Switch Trunks"
   exit
interface 6
   name "RSV for Switch Trunks"
   exit
interface 7
   name "RSV for Switch Trunks"
   exit
interface 8
   name "RSV for Switch Trunks"
   exit
interface 9
   name "RSV for Switch Trunks"
   exit
interface 10
   name "RSV for Switch Trunks"
   exit
interface 11
   name "RSV for Switch Trunks"
   exit
interface 12
   name "RSV for Switch Trunks"
   exit
interface 23
   name "Trunk_to_NLRC127A-FW1"
   exit
interface 24
   name "Trunk_to_NLRC127A-FW2"
   exit

oobm
   ip address dhcp-bootp
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-18,21-24,Trk1
   untagged A1-A2,B1-B2
   no ip address
   forbid 1-18,21-24,Trk1
   exit
vlan 3
   name "Empty Vlan - DO NOT ROUTE"
   no ip address
   exit
vlan 5
   name "WAN_to_Juniper"
   tagged 1-2
   no ip address
   exit
vlan 10
   name "IT Mgmt-32.0/25"
   untagged 13-18
   tagged 1-12,21-24,Trk1
   ip address 10.10.10.4 255.255.255.128
   exit
vlan 15
   name "Bldg Infra-32.128/26"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 20
   name "NLSC-33.0/25"
   tagged 1,10,21-24,Trk1
   no ip address
   exit
vlan 25
   name "NLSC-WHSE-33.128/25"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 30
   name "NRC-34.0/24"
   tagged 10,21-24,Trk1
   no ip address
   exit
vlan 35
   name "NRC Testbed-32.192/26"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 40
   name "Shared-35.0/26"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 50
   name "NatAD-35.64/26"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 60
   name "Wireless-36.0/24"
   tagged 21-24,Trk1
   no ip address
   exit
vlan 70
   name "DMZ"
   tagged 21-24,Trk1
   no ip address
   exit
primary-vlan 3
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree mode rapid-pvst
spanning-tree vlan 5 root primary
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root primary
spanning-tree vlan 30 root primary

NLRC127A-DS1#

Best Answer

You say that inter-VLAN routing is done by the firewall, but you have IP routing enabled on the switch. Turn it off.

no ip routing
Related Topic