Options
New VLAN not working
I've created a new VLAN, same setup as existing VLANs however this isn't working. I have HP switches, all with the new VLAN configured the exact same way as existing VLANs however the switches can only ping the gateway (firebox vlan) and not a statically assigned pc. If I give the VLAN on any switch an IP address the same as the gw address the static client can ping out to the gateway but not receive. VLAN on Firebox has recorded sent packets but 0 received packets.
0
Sign In to comment.
Comments
When testing of your new VLAN, do you see anything in Traffic Monitor?
Where is the gateway addr located? On the firewall VLAN interface or on your switch?
Make sure that you have defined this as Tagged VLAN on the firewall.
Make sure that you have added this VLAN to the HP switch VLAN trunk interface which is connected to your firewall.
Have you added any policies to allow the new VLAN traffic anyplace?
What zone type have you set for the new VLAN? Trusted, Optional, Custom?
You can turn on Logging on a firewall policy to see packets allowed by that policy in Traffic Monitor.
You didn't mention how the other VLAN's were configured, but with HP (Aruba) switches this is how I would configure it.
On the clients set the NIC for DHCP. Depending upon the NIC you may be able to tag it for VLAN's, but I doubt it.
For the HP Switch, untag all client ports and assign the new VLAN ID to them. This way those ports only work on the new VLAN.
Tag the Uplink port from the switch to the Firebox (trunking in Cisco terms) with the new VLAN ID.
On the Firebox create the new VLAN within your VLAN Interface and assign it the VLAN ID.
Configure the new VLAN on the Firebox for DHCP and set your scope etc.... to the IP of the new VLAN.
In Firebox Policy Manager create policies for the new VLAN (or add to existing VLAN policies) for access to the Internet, DNS, other VLAN's on your network, and any other protocol you need. IE ping, SIP trunks, RDP ..........
Enable logging for any policies you feel necessary to monitor traffic.
Good Luck.
It's usually something simple.