Routing – Cannot access Internet from VLANs on an HP layer 2 and layer 3 switch

hplayer3routingswitchvlan

I have got an HP switch, layer 2 and layer 3 capable. I created some VLANs. I have an ADSL router on VLAN 1 with the IP address 192.168.1.2. From VLAN 1, I can access Internet, but from the other VLANs, I cannot access Internet. From the other VLANs I can access other VLANs.

Here is the switch configuration:

******************************************************************************
* Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP          *
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************


Login authentication


Password:
<Switch>dis cu
#
 version 5.20.99, Release 2222P01
#
 sysname Switch
#
 clock timezone Italy add 01:00:00
 clock summer-time Italy repeating 02:00:00 2017 March last Sunday 03:00:00 2017 October last Sunday  01:00:00
#
 dhcp relay server-group 1 ip 192.168.1.1
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 dns resolve
 dns server 8.8.8.8
 dns server 8.8.4.4
 dns server 192.168.1.2
#
 telnet server enable
#
 lldp compliance cdp
#
 password-recovery enable
#
vlan 1
 description Base
#
vlan 20
 description Windows XP
#
vlan 100
 description Periferiche
#
vlan 182
 description PC
#
vlan 840
 description Wi-Fi
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool nome
 network 192.168.1.0 mask 255.255.255.0
 gateway-list 192.168.1.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool pc
 network 192.168.182.0 mask 255.255.255.0
 gateway-list 192.168.182.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool periferiche
 network 192.168.100.0 mask 255.255.255.0
 gateway-list 192.168.100.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool wifi
 network 192.168.200.0 mask 255.255.255.0
 gateway-list 192.168.200.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
dhcp server ip-pool xp
 network 192.168.20.0 mask 255.255.255.0
 gateway-list 192.168.20.1
 dns-list 8.8.8.8 8.8.4.4 192.168.1.2
#
user-group system
 group-attribute allow-guest
#
local-user XXXXX
 password cipher XXXXXX
 authorization-attribute level 3
 service-type ssh telnet
 service-type web
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.20.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface100
 ip address 192.168.100.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface182
 ip address 192.168.182.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface Vlan-interface840
 ip address 192.168.200.1 255.255.255.0
 dhcp select relay
 dhcp relay server-select 1
#
interface GigabitEthernet1/0/1
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/2
 description Stampante Lexmark
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/3
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/4
 description Stampante LBP5050N
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/5
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/6
 description NAS (Network Attached Storage)
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/7
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/8
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/9
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/10
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/11
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/12
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/13
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/14
 port access vlan 100
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/15
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/16
 port access vlan 840
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/17
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/18
 port access vlan 182
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/19
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/20
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/21
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/22
 description PC Windows XP
 port access vlan 20
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/23
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/24
 description Modem e access point
 lldp compliance admin-status cdp txrx
#
interface GigabitEthernet1/0/25
 shutdown
#
interface GigabitEthernet1/0/26
 shutdown
#
interface GigabitEthernet1/0/27
 shutdown
#
interface GigabitEthernet1/0/28
 shutdown
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.2 preference 65
#
 dhcp server forbidden-ip 192.168.1.0 192.168.1.2
#
 dhcp enable
#
 ntp-service unicast-server 193.204.114.232
 ntp-service unicast-server 193.204.114.233
#
 ssh server enable
#
 load xml-configuration
#
user-interface aux 0
user-interface vty 0
 user privilege level 3
 set authentication password cipher XXXXXX
user-interface vty 1 15
#
return
<Switch>

How could I solve my issue?

One strange thing that I noticed on the ADSL router is that it has got a WAN IP 79.35.XXX.XXX and gateway 192.168.100.1 (why?); but I cannot modify that. The ADSL router is provided by the phone company and it has got limited configuration possibilities.

<Switch>display ip routing-table
Routing Tables: Public
    Destinations : 10       Routes : 10

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

0.0.0.0/0           Static 65   0            192.168.1.2     Vlan1  
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0  
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0  
192.168.1.0/24      Direct 0    0            192.168.1.1     Vlan1  
192.168.1.1/32      Direct 0    0            127.0.0.1       InLoop0  
192.168.20.0/24     Direct 0    0            192.168.20.1    Vlan20  
192.168.20.1/32     Direct 0    0            127.0.0.1       InLoop0  
192.168.100.0/24    Direct 0    0            192.168.100.1   Vlan100  
192.168.100.1/32    Direct 0    0            127.0.0.1       InLoop0

I cannot ping the ADSL router at its IP address, 192.168.1.2, from VLANs other than VLAN1.

Best Answer

Using the HP R110 WW (J9975A) router NAT feature to connect my network to my phone company modem/router solved the issue. Thank you

Your ASA configuration:

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

This will provide a default route via the outside interface, but how will the ASA know how to reach subnets residing behind the Layer 3 Distribution Switch?

You'll need to add routes to the internal subnets via the inside interface using the Layer 3 Distribution Switch as the next-hop IP address.

ASA static routing example:

route inside 172.19.12.0 255.255.255.240 172.16.2.2
route inside 172.19.3.0 255.255.255.0 172.16.2.2
route inside 172.20.100.0 255.255.255.224 172.16.2.2

Your Cisco Router's configuration:

ip route 0.0.0.0 0.0.0.0 200.200.200.200

Additionally, how will your border router know how to reach subnets other than it's connected routes, and the catch all default route via the outside interface's next-hop address 200.200.200.200?

Router static routing example:

ip route 172.19.12.0 255.255.255.240 172.16.1.10
ip route 172.19.3.0 255.255.255.0 172.16.1.10
ip route 172.19.100.0 255.255.255.224 172.16.1.10
ip route 172.16.2.0 255.255.255.224 172.16.1.10

Vlan – Setting up PIM Sparse mode

My questions are:

Should we setup on our core network switch OSPF with a router ID of 1.1.1.1 and then not set any OSPF settings on any other switch?

OSPF is not necessary for this implementation.

Would PIM Sparse Mode only need to be enabled on the core switches or on all of the switches in the network?

Pim-SM needs to be enabled on each L3 interface on which you want to allow the multicast traffic. For example, if you wish to contain the traffic to Vlans 15 and 14, you would have to do the following on your core:

configure
ip multicast
ip igmp
ip pim sparse
interface vlan 14
ip igmp
ip pim
interface vlan 15
ip igmp
ip pim
exit

If you want the traffic to traverse all Vlans, then you will need the appropriate interface configuration under each Vlan. Your L2 switches will need IGMP snooping turned on (ideally on all interfaces via the global configuration).

configure
ip igmp snooping 
bridge multicast filtering

For a very basic multicast setup like this, these should be the only features that you would need.

Best Answer

Related Solutions

Cisco ASA Routing Issue

Your ASA configuration:

ASA static routing example:

Your Cisco Router's configuration:

Router static routing example:

Vlan – Setting up PIM Sparse mode

Related Topic