We are trying to setup so that the switch handel routing and communication between a few vlans. And then have a link network up to the fw.
Here is the config:
Running configuration:
; J9145A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-24G"
module 1 type j9145a
ip access-list extended "105"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
20 permit ip-in-ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "test"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
11 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
12 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list standard "allow"
10 permit 0.0.0.0 0.0.0.0
exit
ip access-list standard "test2"
10 permit 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.16.1
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip routing
interface 1
ip access-group "test" in
flow-control
exit
interface 2
ip access-group "test" in
exit
interface 3
ip access-group "test" in
exit
interface 4
ip access-group "test" in
exit
interface 5
ip access-group "test" in
exit
interface 6
ip access-group "test" in
exit
interface 7
ip access-group "test" in
exit
interface 8
ip access-group "test" in
exit
interface 9
ip access-group "test" in
exit
interface 10
ip access-group "test" in
exit
interface 11
ip access-group "test" in
exit
interface 12
ip access-group "test" in
exit
interface 13
ip access-group "test" in
exit
interface 14
ip access-group "test" in
exit
interface 15
ip access-group "test" in
exit
interface 16
ip access-group "test" in
exit
interface 17
ip access-group "test" in
exit
interface 18
ip access-group "test" in
exit
interface 19
ip access-group "test" in
exit
interface 20
ip access-group "test" in
exit
interface 21
ip access-group "test" in
exit
interface 22
ip access-group "test" in
exit
interface 23
ip access-group "test" in
exit
interface 24
ip access-group "test" in
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-2,4
untagged 3,5-24
ip address 192.168.16.135 255.255.255.0
exit
vlan 861
name "ine-Back-Localexample.net"
untagged 4
tagged 1-2
ip address 10.250.32.1 255.255.255.128
ip rip 10.250.32.1
ip rip 10.250.32.1 receive v1-only
ip rip 10.250.32.1 send v1-only
protocol "IPv4,ARP"
exit
vlan 862
name "ine-Front-Inetexample.net"
tagged 1-2
ip address 10.250.32.129 255.255.255.128
ip rip 10.250.32.129
ip rip 10.250.32.129 receive v1-only
ip rip 10.250.32.129 send v1-only
protocol "IPv4,ARP"
exit
vlan 863
name "ine-Back-Inetexample.net"
tagged 1-2
ip address 10.250.33.1 255.255.255.0
protocol "IPv4,ARP"
exit
vlan 864
name "ine-Front-s-example.net"
tagged 1-2
ip address 10.250.34.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 865
name "ine-Back-s.example.net"
tagged 1-2
ip address 10.250.34.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 866
name "ine-esx-uplink.example.net"
untagged 1-2
ip address 10.250.37.2 255.255.255.252
protocol "IPv4,ARP"
exit
vlan 867
name "ine-Front-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 868
name "ine-Back-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 869
name "ine-Client-nat.example.net"
tagged 1-2
ip address 10.250.36.1 255.255.255.0
protocol "IPv4,ARP"
exit
password manager
Here is a pastbin on the config http://pastebin.com/tvp5dRKp
Routing works from managmet network we can access every vlan and resources on them. But from ex Vlan 862 we can not access vlan 861. (we can sen ICMP traffic to all host on it) but bot access any server on HTTP/SSH etc.
Any advice would be greate!
0 Answers