How to allow traffic between two VLANs by using HP ProCurve 5406zl?

[Hridayeshu]

I am having two HP ProCurve 5406zl Networking Switch. Both the switch are running with the flat network without having any vlans. I was looking to introduce vlans by simply adding one. I am having a computer in that vlan which can ping firewall and switch. However I am not able to ping the other IP on VLAN1. How can I permit traffic between both the vlans?

J8697A Configuration Editor; Created on release #K.14.89
hostname "PLDCSS-SW2"
max-vlans 64
ip access-list extended "AllowSANOut"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "Allow1In"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
module 1 type J8702A
module 2 type J8702A
interface A3
speed-duplex 100-full
exit
ip default-gateway 10.1.121.1
ip routing
snmpv3 only
vlan 1
name "DEFAULT_VLAN"
untagged A1-A13,B1-B24
ip address 10.1.121.151 255.255.255.0
no untagged A14-A24
ip access-group "AllowSANOut" vlan
exit
vlan 3
name "Switches"
tagged A2
no ip address
exit
vlan 5
name "Servers"
tagged A2
no ip address
exit
vlan 7
name "SAN"
untagged A14-A24
ip address 10.1.7.2 255.255.255.0
tagged A2
ip access-group "Allow1In" vlan
exit
vlan 11
name "VM"
tagged A2
no ip address
exit
vlan 13
name "Operations"
tagged A2
no ip address
exit
vlan 19
name "Teleconf"
no ip address
exit
vlan 23
name "MGMT"
no ip address
exit
vlan 17
name "VPN"
no ip address
exit
console inactivity-timer 60
timesync sntp
sntp unicast
sntp server priority 1 10.1.121.1 3
no web-management
web-management ssl
ip route 0.0.0.0 0.0.0.0 10.1.121.1
ip route 10.1.7.0 255.255.255.0 10.1.121.1
snmp-server community "public" unrestricted
no autorun
password manager
password operator

[Caelyn]

Tell me whether clients in the vlan 1 and vlan is having default gateway. I am suspecting that there could be routing issue. I think routes between 5406zl should be connected VLAN as per the default settings.

[Hridayeshu]

hey thanks a lot for the prompt replies of yours.
Clients on VLAN1 are having default gateway is 10.1.121.151.
Clients on VLAN7 are having default gateway is 10.1.7.2.

[AmaF]

I could not find out how you have setup. I am suspecting that you are using static routes on your systems. Let me know whether do you using default route. If you have implemented default route then computers on the vlan1 are going to use this route and it would be blackholed. If you have added static route then the default gateway is supposed to be Asa firewall.

[Bjork]

The very first thing which I wanted to tell you that you should enable routing on the switches which you are using. According to me there is no need to provide the access list on vlan as this access list will not have any effect. You will require to set default route on switch 10.1.121.1. clients on VLAN7 on the default gateway is 10.1.7.2. the port which has been connected to Cisco is untagged on VLAN1 and rest of all other ports are supposed to be untagged with respective VLAN. You will need to add static route for 10.1.7.0/24 to point to 10.1.121.151