Unsolved
This post is more than 5 years old
22 Posts
0
46646
Default route on a stack of 6224
Hello,
In my business, I configures two stack switches (Dell PowerConnect 6224).
I set up multiple VLANs (servers, printers, users ...) with an IP address on the interface for each VLAN in the stack, which will be the gateway for each network.
No problem so far, but I do not know how to set up for interconnection with my 2 FW clustered.
Here is a diagram :
Legend :
- The two Layer 3 switches in red are my stack (Dell PowerConnect 6224);
- The two switches of level 2 in green are for users, printers ...
What I thought:
Set a default route on the stack 6224.
I set the default route interface 1?
So all packets going out are "Untagged".
Thank you for your help
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 9th, 2012 09:00
For communication from the Green level 2 switches to the Red 6224 stack, and with the Red 6224 stack to the orange firewall devices, you will need to setup a switchport general mode on the LAG/port-channel that connects the two devices together.
You would navigate to the interface that connects the two devices and run a command similar to this.
console(config)# interface port-channel 1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2 tagged
console(config-if)# end
On the 6224, using general mode will allow tagged frames across the connection, along with untagged frames such as the management VLAN. The management VLAN is by default VLAN 1.
Once the ports are configured on the PowerConnect 6224 devices, the other devices will need to be properly configured to mirror the type of setup that is on the PowerConnect 6224.
More information can be found on the switchport mode on page 600 of the user manual.
support.dell.com/.../cli_en.pdf
I hope this information is helpful.
Thanks.
denis_fr
22 Posts
0
July 10th, 2012 07:00
Thank you for your help.
I configured an IP address on VLAN 1 in each of my switches, the VLAN is "Untagged" and pass the links port-channel/LAG:
switchport general allowed vlan add 2-5 tagged
However I still have some questions:
On switches in green (2848), I do not use the VLAN 2 (Servers). Do I still have to create?
It is created and used on switches red (6224).
And on 2848 it is not possible to save the startup-config? copy startup-config tftp :/ / xxxx / save does not work. Do you have another method?
Finally for interconnection with the two firewall, I'll create a new VLAN and create a LAG on four ports. But the frames that pass must be to arrive at Untagged by firewall that does not have to manage VLANs. How?
Thank :)
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 10th, 2012 10:00
If nothing on the Green switches needs to be in VLAN 2, then there should be no reason to create VLAN 2 on the Green switches.
The 2848 has a limited CLI. Page 79 of the owners manual goes through the process of saving the running config to the startup config.
support.dell.com/.../ug_en.pdf
I am not certain I fully understand your last question, but I will try to provide some info that may help.
If the Firwalls are not VLAN aware devices, then on the switch you would put the firewall ports into access mode for the VLAN you need the firewalls to access.
Example:
console> enable
console# config
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# end
Access Links connect VLAN unaware devices to the port of a VLAN-aware switch. All frames on access links are untagged.
The VLAN switch adds tags to received frames, and removes tags when transmitting frames.
End users and VLAN-unaware workstations commonly reside on access links.
By Default all ports are in ACCESS mode assigned to the default VLAN (VLAN 1).
Ports set to Access mode belong to one VLAN only.
More info on page 601
support.dell.com/.../cli_en.pdf
If you need to leave the ports in general mode to allow multiple VLANs, you should be able to set the allowed VLANs to untagged.
Example would be something like this.
console(config-if-1/g8)#switchport general allowed vlan add 1,2,5,8 untagged
Keep us updated,
Thanks
denis_fr
22 Posts
0
July 11th, 2012 05:00
Thank for your help.
But I have another problem.
I created two LAG as shown in the diagram below:
But the LAG 2 goes into "Discarding" in the STP LAG, and so I can make more ping on the management interface switch, or take control by being connected to a VLAN 1 on another switch.
How to solve this problem? Should we disable STP?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 11th, 2012 12:00
We do not recommend disabling STP.
Can you do the following command on the stack, see If we can pinpoint any possible cause.
show spanning-tree
show running-config
Page 535
support.dell.com/.../cli_en.pdf
Thanks
denis_fr
22 Posts
0
July 12th, 2012 06:00
Hello Dianel.
show spanning-tree :
show running-config :
Another question :
Do I have to leave the "Hash Algorithm Type" on the LAG to 3 (Source IP and Source TCP / UDP Port) ?
DELL-Willy M
802 Posts
1
July 12th, 2012 11:00
Have you tried setting the cost manually to conform to your specific needs?
Since you have the Stack of 6224 it is just three switches with no redundant paths and STP should not be blocking. In your “Show Run” it does not show anything that is blocking. CH1 is the Root and CH2 is Designated as the best path. It is recommended to not disable STP, but does the problem go away if it is turned off? You may need to think about creating a LAG between the two 2848 switches.
spanning-tree cost
Use the spanning-tree cost command in Interface Configuration mode to
configure the spanning-tree path cost for a port. To return to the default port
path cost, use the no form of this command.
The command "spanning-tree mst 0 external-cost" on page 553 is used to set path
cost for rstp.
Syntax
spanning-tree cost cost
no spanning-tree cost
• cost — The port path cost. (Range: 0–200,000,000)
Default Configuration
The default cost is 0, which signifies that the cost is automatically calculated
based on port speed.
• 10G Port path cost — 2000
• Port Channel — 20,000
• 1000 mbps (giga) — 20,000
• 100 mbps — 200,000
• 10 mbps — 2,000,000
Command Mode
Interface Configuration (Ethernet, Port-Channel) mode
Example
The following example configures the spanning-tree cost on 1/g5 to 35000.
console(config)#interface ethernet 1/g5
console(config-if-1/g5)#spanning-tree cost 35000
denis_fr
22 Posts
0
July 13th, 2012 03:00
Hello Willy ;)
Thanks for your help.
I put the default STP cost on my 2 LAG:
no spanning-tree cost
After saving all my configurations, I restarted all equipment (6224 and 2848).
Now if I do a "show spanning-stree" :
Strangely my 2 LAG ch1 and ch2 have every 2 a cost of 10000 and not 20000 as you told me above.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 13th, 2012 06:00
Were you able to set the STP costs manually to see if there was any change?
Were you able to test turning off STP, and seeing what the outcome is?
It looks like the 6224 switches are at a current firmware level, what firmware level are the 2848 switches at?
Thanks
denis_fr
22 Posts
0
July 13th, 2012 08:00
Thanks Daniel :emotion-5:
Current firmware level :
SW-6224-STACK : 3.3.3.3
SW-2848-1 : 1.0.0.44
SW-2848-2 : 1.0.0.44
By disabling the STP LAG 1 and 2 of 6224 stack, it works :
interface port-channel 1
spanning-tree disable
interface port-channel 2
spanning-tree disable
By reactivating the LAG STP 1 and 2, it also works :
interface port-channel 1
no spanning-tree disable
interface port-channel 2
no spanning-tree disable
So I leave STP enabled by default, turning off a 6224 and one 6224 becomes the stack master and all my VLANs communicate together.
On the other side, I lose several pings when I turn off a stack member (6224), this must be normal (as long as the switch to standby takes over):
But oddly enough, when I turn back a 6224, I lose again pings:
I do not lose more than ping, once the operational stack :
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 13th, 2012 09:00
Great to hear things are working! It is normal to have a brief interruption while failover occurs.