2 out of 4 vlans on 2610 can not connected to the internet

[midair77]

Dear, all. We recently bought this HP Procurve 2610 and tried to segment our network into 4 segments. We connected this switch to a Vyatta 514 appliance. We turned on IP routing for layer 3 feature on this switch but at this point only 2 vlans out of 4 can get to the internet through the vyatta firewall.

Procurve (trk1 Trunk = 802.3ad port 49-50) vlan 58 192.168.58.2/30 connected to vyatta (802.3ad port 2-3) 192.168.58.1/30.

vlan 0: gw 192.168.0.1, and windows xp 192.168.0.100
vlan 78: gw 192.168.78.254, and windows xp 192.168.78.78
vlan 88: gw 192.168.88.254, and ubuntu 192.168.88.88
vlan 98: gw 192.168.98.254, and ubuntu 192.168.98.98

Currently only vlan 78 and 98 could get on the internet and I believe I set correct NAT rules on the vyatta. I can ping on the switch to gw's, nodes and 192.168.58.1 on vyatta, and to the internet.

On xp 192.168.0.100 (firewall disable), I could ping all gw's, nodes, hp vlan 58 192.168.58.2. When I tried to ping vyatta 192.168.58.1, I got the first icmp reply but the the rest are timed out.

On ubuntu vlan 88 (no iptables), I could ping all gw's, nodes, hp vlan 58 192.168.58.2. When I tried to ping 192.168.58.1, I got no icmp output at all. All boxes in this test network use google's public dns servers.

I am new to HP Procurve switch and this has troubled me a great deal. Please tell me what could be wrong here.

Thank you in advance.

Here is the output of the procurve configuration. I also attached the "show tech".

; J9088A Configuration Editor; Created on release #R.11.25

hostname "2610"
trunk 49-50 Trk1 Trunk
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 51-52
no ip address
no untagged 1-48,Trk1
exit
vlan 58
name "bridge"
untagged Trk1
ip address 192.168.58.2 255.255.255.252
exit
vlan 100
name "servers"
untagged 40-48
ip address 192.168.0.1 255.255.255.0
exit
vlan 78
name "lab"
untagged 1
ip address 192.168.78.254 255.255.255.0
exit
vlan 88
name "guest"
untagged 2
ip address 192.168.88.254 255.255.255.0
exit
vlan 98
name "users"
untagged 3-39
ip address 192.168.98.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.58.1
no stack
spanning-tree
spanning-tree Trk1 priority 4

 

[cajuntank]

So do you have back routes on the Vyatta to those "non- working" subnets that point to 192.168.58.2 ?

 

[midair77]

Hi, cajuntank. I am at home right now and do not have access to the vyatta firewall. I will check that first thing in the morning.

 

[midair77]

I got to the office and looked at the configuration on my Vyatta firewall. There are default back routes to all my private subnets

vlan 78 back to 192.168.58.2
vlan 88 back to 192.168.58.2
vlan 98 back to 192.168.58.2
vlan 100 back to 192.168.58.2

I am really befuddled by this...

 

[cajuntank]

Have you tried this minus the trunk and just did a single port to the Vyatta? I am not familiar with the Vyatta to talk intelligently about it, so are you sure it knows about LACP?

 

[midair77]

I changed the type of the trunk to static LACP and everything works now.

From
trunk 49-50 Trk1 Trunk

to
trunk 49-50 Trk1 LACP

Thanks for your helps, cajuntank.

 

[cajuntank]

Glad I could point you in the right direction. So evidently, the Vyatta understands LACP.