Networking General

Last reply by 05-10-2019 Unsolved
Start a Discussion
2 Bronze
2 Bronze
2444

Connections issues on Radius configured switches

Hi,

we are moving from Cisco to DELL and so we bought some DELL N3048-ON Switches and stack the to gether. 

We have a environment with 802.1x / Radius. 

I build a Switch configuration with our radius settings included, the ports are in general mode.

In our testings, we didn't noticed that there are some Problems in general mode.... 

  • If a Port is in general mode some clients are not visible on that port. The client is not reachable via PING and the mac address is not visible in the mac address table.
    it does not matter if I ping from a different subnet or from the sam subnet and vlan.

  • The mac address is not visible until the device generates more traffic 
    • For example: I send Ping from the device to another device 
    • A perfect example is a temperature logger, this device sends traffic every minute.
  • Some times the device is flapping...
    • If the device sends traffic, I can reach the device. When the device stops sending traffic the device isn't reachable anymore

  • I connected a Cisco Switch to one of the uplink ports of our N3000 switches and configured the port as trunk -> No Problems on the Cisco Switch ! All devices came up directly

  • I configured the affected vlans as static vlans on my switche
  • I configured a port in access mode on the same switch ... some times its working... sometimes not :(

  • I made a factory reset and configured the switch without radius settings and ports in access mode -> working

 

Very strange and confusing problems ... Does anyone has any idea?

Of couse, I opened a support ticket, but they couldn't help me and he escalated the ticket to 3rd level support. 

 

Greetings

Tobias

Replies (4)
2418

Hi,
Is the firmware up to date? If you private message me the service request or the service tag I can take a look.


Thanks,

DELL-Josh Cr
Social Media and Communities Professional
Dell Technologies | Enterprise Support Services
#IWork4Dell

Did I answer your query? Please click on ‘Accept as Solution’. ‘Kudo’ the posts you like!

2395

Hi,

yes, the firmware is the newest version for that switch. 
We also updated the firmware on our Cisco Catalyst 4500e Core Switch to exclude that der is a problem between Dell & Cisco.

But without success.

 

Greetings

Tobias

 

1389

Hi,

actually the problem is not resolved... and I don't have any idea what I can do.

But I don't think it's a Radius problem. I think that the N Series and our Cisco Catalyst speak a different Rapid-PVST language and that cause the problems. 

What I figured out:

  • It's maybe not a firmware bug, we tested N3000Advv6.5.3.37, N3000Advv6.5.3.36 and N3000AdvLitev6.5.3.3 
  • N3000AdvLitev6.5.3.3 is working on other DELL Stacks without that problem 
  • We connected the not working DELL Stack to the same CORE-Switch like the working DELL-Stack --> Does not resolve the problem
  • We removed the Portchannel config from the Stack
  • If I change the Uplink port from TE2/0/1 to any other TE Port on that switch, Spanning-Tree put that port into discarded mode and says that he is the root-bridge... If I disable Spanning Tree everything is working fine and all devices are reachable. We also disabled all other ports to exclude that the issue is caused by a connected device --> Issue persists
  • If I plug back into TE2/0/1 the port is back in forwarding state (root role and the root ID is correct)
  • The TE Ports have the same configuration (also on the cisco side)
  • If I connect a CISCO Access Switch to the Dell Stack (trunk), configure a port in the same vlan and connect a device to that port, the device is reachable immediately. The interessting point: In that case, the devices on the Dell STACK are reachable without any problems too !
  • The problem exists on VLAN Interfaces on that switch too ! 
  • If I start a ping from that vlan interface to any device which is not connected to the Stack (for example the gateway or just google.de) the IP is also reachable remote... after stopping the ping the device isn't reachable anymore. 
  • The problem exists only on vlans with low traffic on that switch. For Example vlan 100 has many clients like Notebooks and PCs and that is working well, also a configured VLAN Interface IP is reachable remotely. 
    The VLAN 150 has only a few clients active on that switch and if I configure a vlan interface on that switch I do have the same issue. 

Maybe someone have any idea?

Tobias

 

1375

Hi,

I made a small overview about our network topology

DELL-Cisco.png

 

Latest Solutions
Top Contributor