1

I have a VLAN routing issue on our network. We have two ProCurve 5406zl's being used as our core switches, each vlan on these switches has an IP address and VRRP is configured on each vlan for redundancy. I have enabled IP routing and Inter VLAN routing is working to some degree but not fully.

Testing with some devices connected to the same core switch I was able to ping a device on vlan 30 from all other vlans. But the device on vlan 30 is unable to ping devices on the other vlans.

Below are my test results.

JW3-CAB02-CORE02# ping 10.10.20.2
10.10.20.2 is alive, time = 14 ms
JW3-CAB02-CORE02# ping 10.10.20.2 source 10
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 20
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 30
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 40
10.10.20.2 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.10.20.2 source 50
Request timed out.

JW3-CAB02-CORE02# ping 10.30.33.41
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 10
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 20
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 30
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 40
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 50
10.30.33.41 is alive, time = 1 ms

Here are the two devices showing in the ARP cache table

 IP ARP table

  IP Address       MAC Address       Type    Port
  ---------------  ----------------- ------- ----
  10.30.33.41      00155d-053406     dynamic B9
  10.10.20.2       00181c-0253fd     dynamic A9

Here are the important bits of the switch configuration

hostname "JW3-CAB02-CORE02"

ip route 0.0.0.0 0.0.0.0 10.30.255.254
ip routing   

router vrrp
   ipv4 enable
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged A9-A14,A18-A22,B1-B10
   untagged A1-A8,A15-A17,A23-A24,B11-B24
   ip address 192.168.255.252 255.255.255.0
   exit
vlan 10
   name "BMS"
   tagged A1-A8,B20,B22
   ip address 10.10.2.252 255.255.255.0
   vrrp vrid 10
      virtual-ip-address 10.10.2.251
      enable
      exit
   exit
vlan 20
   name "Security"
   untagged A12-A14
   tagged A1-A8,B20,B22
   ip address 10.10.3.252 255.255.255.0
   vrrp vrid 20
      virtual-ip-address 10.10.3.251
      enable
      exit
   exit
vlan 30
   name "JW3 Management"
   untagged A18-A22,B1-B10
   tagged A1-A8,B20,B22
   ip address 10.30.255.252 255.255.0.0
   ip proxy-arp
   ip helper-address 10.30.33.11
   vrrp vrid 30
      virtual-ip-address 10.30.255.251
      enable
      exit
   exit
vlan 40
   name "IPTV"
   untagged A9-A11
   tagged A1-A8,B20,B22
   ip address 10.10.20.252 255.255.255.0
   ip proxy-arp
   ip helper-address 10.10.20.30
   ip igmp
   vrrp vrid 40
      virtual-ip-address 10.10.20.251
      enable
      exit
   exit
vlan 50
   name "Public WiFi"
   tagged A1-A8,A19-A21,B20,B22
   ip address 10.34.255.252 255.255.252.0
   ip helper-address 10.34.255.254
   vrrp vrid 50
      virtual-ip-address 10.34.255.251
      enable
      exit
   exit

Simplified Network Diagram

stambata
  • 1,668
  • 3
  • 14
  • 18
Ben White
  • 11
  • 1

1 Answers1

0

So it looks like this is working now, in the end the particular devices I was pinging didn't have the right default gateway and/or subnet mask setup by the equipment installers.

I incorrectly assumed that if the switch could ping them then it was good enough and the device should be able to ping other subnets but it doesn't look like this is the case.

Ben White
  • 11
  • 1