Solved HP Switch config question
-
On site today tracking down the FTP server config.
WingFTP is running on Server 2012 R2. Ok.
Server 2012 R2 IP 192.168.1.10/24 and gateway 192.168.1.254Wait what? .254 is a switch.
/me logs in to check. yup. WTF..
WTF is right. Why is the switch acting like a router?
Why isn't this internet on 192.168.1.1 hooked into the pfSense and load balanced, or failing over or something.............
If I follow that image... anything hitting one of the *.254 addresses routes all traffic in to the switch loopback (127.0.0.1)
Then the switch has a default route (0.0.0.0 / 0.0.0.0) pointing to 192.168.1.1?
-
@jaredbusch said in HP Switch config question:
crazy over complicating a network for no business
I agree with your assessment.
-
oh and 192.168.1.1 is not an address on the primary router here (pfSense). It is a hardware fortigate device.
The "normal" network config for devices here have a gateway of 192.168.1.5, which is the pfSense. The same for the reworked WiFi I setup withy guest VLAN and such. Everything pointing to the pfSense box and it handles choosing which one of the 2 internet services to send the traffic.
I knew there was a third service here, but had never gotten access to it at this point and nothing I have previously had to work on was pointing to it.
-
@jaredbusch Fun times. I've got a few of those switches at 1 of our locations and HATE them. It's rebranded 3com, give me a real procurve or aruba any day. But yeah, that's a weird setup for sure.
-
@jaredbusch I assume that this is because the switch is a layer 3 switch. I would recommend to instead of using the 192.168.1.1 as the next hop for 0.0.0.0 to 192.168.1.5 since that is the pfsense everything goes through. Otherwise you might need to do a hardcoded route on the WingFTP server or change the default gateway of it. I have multiple customers in the UK that use layer 3 this way.
-
@dbeato said in HP Switch config question:
I have multiple customers in the UK that use layer 3 this way.
I know you "can" use switches this way. It is one of the reasons layer 3 switching is a thing.
But not here. This is a SMB, more towards the S. This is just crazy over complicating a network for no business purpose.
-
@dbeato said in HP Switch config question:
I would recommend to instead of using the 192.168.1.1 as the next hop for 0.0.0.0 to 192.168.1.5 since that is the pfsense everything goes through.
I would recommend cleaning up the network to point everything direct to a gateway. I do not think they need to use layer 3 switching.
This entire site needs a rework.
-
@jaredbusch said in HP Switch config question:
crazy over complicating a network for no business
I agree with your assessment.
-
@jaredbusch There is no reason right now for sure.
-
Talk about over complicate things with routing. everything like you say should just point to pfsense. I wonder why it was setup like that.
-
The person who set this up would clearly know what he was doing or he wouldn't have been able to make it work.
I'm guessing it was a move in the making. The intention was probably to move over to pfsense, drop the fortigate and perhaps remove routing from the switch. It's possible the fortigate is old and can't handle routing at line speed, hence the L3 routing in the switch.
I'm guessing the fortigate and the switch was setup long before pfsense.
-
@pete-s One would guess, but one would be wrong.
That is what I originally thought.
-
@pete-s said in HP Switch config question:
The person who set this up would clearly know what he was doing or he wouldn't have been able to make it work.
I'm guessing it was a move in the making. The intention was probably to move over to pfsense, drop the fortigate and perhaps remove routing from the switch. It's possible the fortigate is old and can't handle routing at line speed, hence the L3 routing in the switch.
I'm guessing the fortigate and the switch was setup long before pfsense.
If the fortigate is the actual edge device, maybe this was setup as a simple way to bypass the pfsense for fussy devices or troubleshooting?
I could see setting something like this up so that you can tell a remote user "go plug it into xyz switch and let me know if it starts working"
