HP Procurve 2910AL permite tráfego de VLAN para VLAN

1

Estamos tentando configurar para que o switch faça o roteamento e a comunicação entre algumas vlans. E então ter uma rede de links até o fw.

Aqui está a configuração:

Configuração em execução:


; J9145A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-24G"
module 1 type j9145a
ip access-list extended "105"
     10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
     20 permit ip-in-ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit
ip access-list extended "test"
     10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
     11 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
     12 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit
ip access-list standard "allow"
     10 permit 0.0.0.0 0.0.0.0
   exit
ip access-list standard "test2"
     10 permit 0.0.0.0 255.255.255.255
   exit
ip default-gateway 192.168.16.1
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip routing
interface 1
   ip access-group "test" in
   flow-control
   exit
interface 2
   ip access-group "test" in
   exit
interface 3
   ip access-group "test" in
   exit
interface 4
   ip access-group "test" in
   exit
interface 5
   ip access-group "test" in
   exit
interface 6
   ip access-group "test" in
   exit
interface 7
   ip access-group "test" in
   exit
interface 8
   ip access-group "test" in
   exit
interface 9
   ip access-group "test" in
   exit
interface 10
   ip access-group "test" in
   exit
interface 11
   ip access-group "test" in
   exit
interface 12
   ip access-group "test" in
   exit
interface 13
   ip access-group "test" in
   exit
interface 14
   ip access-group "test" in
   exit
interface 15
   ip access-group "test" in
   exit
interface 16
   ip access-group "test" in
   exit
interface 17
   ip access-group "test" in
   exit
interface 18
   ip access-group "test" in
   exit
interface 19
   ip access-group "test" in
   exit
interface 20
   ip access-group "test" in
   exit
interface 21
   ip access-group "test" in
   exit
interface 22
   ip access-group "test" in
   exit
interface 23
   ip access-group "test" in
   exit
interface 24
   ip access-group "test" in
   exit
snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-2,4
   untagged 3,5-24
   ip address 192.168.16.135 255.255.255.0
   exit
vlan 861
   name "ine-Back-Localexample.net"
   untagged 4
   tagged 1-2
   ip address 10.250.32.1 255.255.255.128
   ip rip 10.250.32.1
   ip rip 10.250.32.1 receive v1-only
   ip rip 10.250.32.1 send v1-only
   protocol "IPv4,ARP"
   exit
vlan 862
   name "ine-Front-Inetexample.net"
   tagged 1-2
   ip address 10.250.32.129 255.255.255.128
   ip rip 10.250.32.129
   ip rip 10.250.32.129 receive v1-only
   ip rip 10.250.32.129 send v1-only
   protocol "IPv4,ARP"
   exit
vlan 863
   name "ine-Back-Inetexample.net"
   tagged 1-2
   ip address 10.250.33.1 255.255.255.0
   protocol "IPv4,ARP"
   exit
vlan 864
   name "ine-Front-s-example.net"
   tagged 1-2
   ip address 10.250.34.1 255.255.255.128
   protocol "IPv4,ARP"
   exit
vlan 865
   name "ine-Back-s.example.net"
   tagged 1-2
   ip address 10.250.34.129 255.255.255.128
   protocol "IPv4,ARP"
   exit
vlan 866
   name "ine-esx-uplink.example.net"
   untagged 1-2
   ip address 10.250.37.2 255.255.255.252
   protocol "IPv4,ARP"
   exit
vlan 867
   name "ine-Front-Ihostnet-example.net"
   tagged 1-2
   ip address 10.250.35.1 255.255.255.128
   protocol "IPv4,ARP"
   exit
vlan 868
   name "ine-Back-Ihostnet-example.net"
   tagged 1-2
   ip address 10.250.35.129 255.255.255.128
   protocol "IPv4,ARP"
   exit
vlan 869
   name "ine-Client-nat.example.net"
   tagged 1-2
   ip address 10.250.36.1 255.255.255.0
   protocol "IPv4,ARP"
   exit
password manager

Aqui está um pastbin no link de configuração

O roteamento funciona a partir da rede de gerenciamento, podemos acessar todas as variáveis e recursos nelas. Mas a partir do ex Vlan 862 não podemos acessar vlan 861. (podemos sen o tráfego ICMP para todo o host nele), mas bot acessar qualquer servidor em HTTP / SSH etc.

Qualquer conselho seria ótimo!

    
por WebFooL 10.10.2012 / 21:31

0 respostas