16-24 port switch for VLAN Trunking + Layer-3

The 2716 supports both 802.1q(Trunking) and Link aggregation. The 2716 switches may be in unmanaged mode, and that is why you do not see these options. Once placed in managed mode you can create the additional VLANs, setup the LAGs you need, and Trunk the VLANs. Here is the user guide, it will have all the details on how to configure these features.

http://bit.ly/1J2Vs0q

Here is the spec sheet on the 27xx switches.

http://dell.to/1JKtEPw

The 34xx switches are 10/100 just like the 2716. The 34xx also support VLAN tagging.

The 28xx is a GB switch, supports link aggregation, VLAN trunking, and does not have any fans on the 8 and 16 port models.

From what I can see, all the other GB switches have fans in them. The layer 3 switches all have 24 ports or more, and have fans. If the 2716 switches are operational, and your not hitting big bottlenecks, I would switch them to managed mode.

They ARE in managed mode... I can only trunk VLANs at a 1:1 ratio --meaning if I want to forward VLANs 30 & 33 over LAG1 to my ESXi host, I can forward the first VLAN fine but when I try to send the second VLAN over the same LAG it fails. The switch becomes inoperable between the create VLAN page and the VLAN port assignment page. It then freezes and needs to be reset and I need to start all over again.

I do not have any bandwidth issues at all so the 2716 switches are fine except that I can not forward or trunk more than one VLAN over any one LAG on the 2716. If I could trunk five or six VLANs over one LAG on any of the 2716's I have it would be perfect... Is there something I'm missing? I just assumed you repeated the same process as creating the first VLAN but as I said, adding the second VLAN is where it breaks. I have 8x 2716 and 5x 2708 switches (inherited them) so it would be great to operate within the hardware I already own.

Thanks.

EDIT: To clarify a little further; I have an old laptop loaded up with XP PRO x86 as well as an XP PRO x86 VM which I use to manage these things. They like very old versions of IE and everything else is horrible I've found - Chromium and FireFox on Ubuntu is **OK** but still has issues at times. Chrome on OSX is better than Chrome on Windows --at times. They are most certainly in managed mode and I am able to get one VLAN trunked properly, the question I have now is whether or not the switches are capable of trunking multiple VLAN's through the same route [meaning VLAN11, 22, 33 & 44 on Port1 going to same VLANs at LAG1] --OR-- is there something wrong with my firmware/switches?? 

That's bizarre behavior, What level firmware are the switches at? If an update is available, it may help with operability.

It sounds like you have the process down correctly. In the VLAN membership tab you would select the option to create VLAN ID. Enter the VLAN number, name the VLAN if you want, and then set the port or LAG to T for the new VLAN.

It's a PowerConnect 2716, Boot Version 1008 and FW 1.0.1.07 (the latest --and last/final firmware for the switches).

The problem is I believe they do NOT support trunking multiple VLANs through the same ports or routes.

I create:

LAG-1 consisting of ports 3-4

LAG-2 consisting of ports 5-8

LAG-3 consisting of ports 9-12

I then create VLANs 11, 14, 28, 30, 32, 33, 39, 46, 47, 67, 92 and 99 on the "VLAN Membership" page... That same VLAN Membership page is where you mark your packets as tagged or untagged. Assuming port #1 is kept as the uplink and management/VLAN-1 port, I then proceed to assign the VLANs to ports, again on the VLAN Membership page --note there is NOWHERE to assign a name to your VLANs, numbers from the dropdown only.

What works is marking Port #1 as tagged (T) and port # 15 as untagged (U) - that will forward the appropriate VLAN to the end user device connected to port # 15 such as a PC, printer, wireless AP, etc.

What also works is marking Port #1 as tagged (T) and LAG-1 as tagged (T) - that will forward the VLAN properly into my ESXi hosts' LAG (VMware calls it LCAP) and on to the assigned VMware Distributed Switch Port Group - the VMs from there can then pull a DHCP IP address, hit the internet or intranet (or wherever the firewall allows them to hit).

What I can NOT do is then go back and make TWO VLANs members of the same port group - meaning I can mark Port #1 tagged (T) for VLAN 32 and VLAN 33 and I can mark Port 14 as tagged (T) or untagged (U) for the same VLANs 32 and 33 --and then as soon as I hit apply for the second VLAN assignment it freezes, locks me out and requires factory resetting the switch and starting over.

All I want to do is forward about five VLANs (VLANs 11, 14, 46, 47 & 67) through LAG-2 above (4x gigabit uplinks) and have them all hit my ESXi host. I can forward a single VLAN but not multiple VLANs over the same route.

What is the lowest/entry level PowerEdge switch that will allow me to perform these routing functions?

EDIT: I know these 27xx switches do not support what I am attempting to do because on the "VLAN Port Settings" page the web GUI (no ssh console with these things) does not allow you to assign more than one VLAN to a port or LAG. 

to add to the above, in theory this should be no different than VoIP + PC data on the same drop --can the 27xx switches support this and if so how would they be configured given:

Switch Uplink = Port 1

VoIP VLAN = 88

PC Data VLAN = 99

The drop is coming out of Port 4 going to the phone and PC.

What or how would you mark and configure the switch to tag (T) or untag (U) packets so that both VoIP and PC Data traffic can travel over same port and be isolated to its respective client?

Thank you.

The 2716 supports link aggregation, and sending multiple tagged VLANs. Something I overlooked was that the 2716 only supports static LAGs, it does not support LACP. With that in mind The switch must be set to perform 802.3ad link aggregation in static mode ON and the virtual switch must have its load balancing method set to Route based on IP hash.  Ensure that the participating NICs are connected to the ports configured on the same physical switch.  

http://vmw.re/1FOZmqV

The 2716 switches do not support STP. So another possibility is that when setting up one of these ports to tag multiple VLANs, it is somehow creating a loop/broadcast storm, which could lock the switch up. Do you have a network topology you could share with us? Detailing what each port plugs into.

Do you happen to have one of these switches that is not in production, or that you could pull from production? One that you could set on the bench and perform these tasks with no addition devices plugged into them.

The 2716 does not support voice VLAN. But what you can do is set the port to T for the VLAN you want the phone traffic to be on. Then set the port PVID to be the VLAN the client traffic is placed on. The phone would need to be setup to send tagged traffic. The tagged traffic from the phone would be separate from the untagged traffic on the client.

First, DELL-Daniel C, THANK YOU very much for your help and continued responses thus far. I really appreciate it.

I have some updates. First thoughts are that the 27xx series switches were not intended to be core switching devices --and that's what I am trying to use them for so I may have the wrong tool for the job. Second and for clarification, I used VoIP as an example, there is no VoIP/Voice in this part of the network. Third, I do not have a topology. I have been in the process of evaluating the free/open-source options for a few months. I'll get there eventually but also I have extensive firewall rules, jails, etc. and wonder if the ping type topology software solutions would accomplish that goal or will it be a manual process?

I pulled a 2708 and 2716: what I thought were "known working and in good condition" switches and put them on the bench to play with. It's been a learning process:

PASSWORDS:

Are there any papers or documentations regarding passwords? I had been using special characters in my passwords such as !, @, #, $ and *. I found that when trying to reproduce the problem on the bench using the default settings I was able to get further along in the process. When I exactly reproduced the process I had previously taken [factory reset, change passwords and add usernames, change IP address, add LAGs, and then VLANs <<< in that order] I found that the default "admin" and blank password got me further. I noticed that when the default settings are in place I was able to navigate around the web admin page using IE, Chrome, Opera and even Safari. However, as soon as I change the password to include one of the special characters I listed above the web management GUI would time out almost immediately or depending on the browser not even let me log in. There seems to be an issue with using those special characters --I even dragged out an old laptop as well as created a VM [ESXi VM version 10] each with fresh installs of XP PRO SP3 -same results. For the record, I replaced the special characters with regular characters [@ was replaced with 2, ! was replaced with 1, etc.] and got the same result which is why I **think** that it is not a length of password issue but a special character issue. The password I was using was 12 characters long, 12#4567890!! << as an example, the numbers could also be uppercase or lowercase letters.

The only thing I can say about the above is that I can reproduce it exactly over and over and have done it with 2x 2708 and 3x 2716 switches on the latest .5 and .7 firmwares for each respective switch. On current edition web browsers and OS'es [2012r2, w8x64, Ubuntu 14.04 LTS x64, OS X and CentOS 6.6 i386] I get locked out almost immediately in all situations. When I play around on the fresh installs of XP PRO SP3 I get further but eventually same results between the VLAN Membership and the VLAN Port Settings pages. It seems as soon as I create a VLAN on more than one port [T on port 1 and U on ports X and Y] OR T/T on port X/Y I get locked out with the web GUI going directly to the login screen regardless of what I do.

So the next issue is that when I am creating VLANs, if I try to mark Port #1 as T (tagged) and any number of other ports as U (untagged) everything is fine. If I create a VLAN with port #1 T (tagged) and any ONE SINGLE other port also as T (tagged) it's also fine. However, if I create a VLAN as Port 1 T (tagged) and Port X + Port Y **OR** LAG X with any number of ports [including 1] also as T (tagged), as soon as I hit apply the very next screen I'm brought to is the login screen and I am unable to navigate back tot he VLAN Port Settings or VLAN Membership pages again. I log in and from there I can navigate but if I try to select either of the VLAN Port settings or membership pages it locks me out. Depending on circumstances it gets so bad I can't even log in.

Question is: Am I doing something the switch can't handle, is it something I am screwing up, is it a bug Dell didn't consider, am I causing an issue by adding some ports to specific VLANs on the VLAN Port Settings page but not others?? I'm at a loss here and have no idea where to go or what to do.

Is there an inexpensive more modern PowerConnect switch that will accomplish this while not letting me blow things up?

In terms of Topology the only thing I can offer at this point is this:

WAN0+1 >> FIREWALL >> LAN+VLANs >> PC2716 Port1+2 in LAG >>

2716 ports 3-4 are LAN going to two other PC2716 switches all on LAN (no VLANs involved).

2716 ports 7-16 are all either LAG or single ports ALL attempting to forward single or multiple VLANs to ESXi hosts or NAS devices.

I tried to revert back to earlier versions of boot & firmware code but could not find either on Dell's website.

Thanks again for responses. At this point I'm open to suggestions about newer/more advanced switches that will handle this. My only issue is that I'm looking for something that is quiet/silent. and I'm not sure that Dell makes anything fanless past the 28xx series switches.