Unsolved
This post is more than 5 years old
29 Posts
0
179377
Getting DHCP through Dell 6224 VLANs
Hello,
I have a very simple setup in my test lab that I am having trouble getting working. I have a Dell PowerConnect 6224 (Layer 3) and a Dell PowerConnect 2724 (Layer 2), two laptops and a Windows 2008 server setup as a domain controller.
My 6224 has 3 VLANs setup on it, 10, 20 & 30.
My 2724 also has the 3 VLANs setup on it. I have a connection from each VLAN on the 6224 to matching VLAN on the 2724.
I am using the 6224 to be able to route the VLANs, such that they can all communicate with each other.
I need VLANs because we need more IP Addresses than one subnet can provide and to minimize MultiCast traffic on my main office network.
Currently I have all three of my PCs plugged into the 2724 on the three different VLANs. The domain controller is on a port with all three VLANs, 10,20 and 30 and this port is Tagged on all three. There is a laptop on VLAN 20 and a Laptop on VLAN 30. Everything works great. I was able to add the laptops to the domain, and they are getting DHCP addresses.
The problem is that when I move the 6224 onto my real network, I am going to want the Domain Controller to be directly connected to the 6224, not to another switch. When I try to duplicate this in my lab it does not work.
I moved the Domain Controller to port 7 on the 6224, gave it access to all 3 VLANs and set them as Tagged. But when I do that I cannot see the Domain Controller from the laptops. Am I missing a step? Can this be done?
Also, I am know unable to access the web interface on the 6224? Can someone tell me how I do that?
Here is my running config:
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 2,10,20,30
vlan routing 10 1
vlan routing 20 2
vlan routing 30 3
exit
stack
member 1 1
exit
ip address 172.16.1.254 255.255.255.0
ip address vlan 2
ip routing
ip helper-address 172.16.10.10 dhcp
interface vlan 10
routing
ip address 172.16.10.254 255.255.255.0
exit
interface vlan 20
routing
ip address 172.16.20.254 255.255.255.0
exit
interface vlan 30
routing
ip address 172.16.30.254 255.255.255.0
exit
username "admin" password 80f3be0c63f2722b4293c531e1e7a09f level 15 encrypted
!
interface ethernet 1/g1
switchport access vlan 10
exit
!
interface ethernet 1/g2
switchport access vlan 20
exit
!
interface ethernet 1/g3
switchport access vlan 30
exit
!
interface ethernet 1/g7
switchport mode general
switchport general allowed vlan add 10,20,30 tagged
exit
!
interface ethernet 1/g24
switchport mode general
switchport general allowed vlan add 2
exit
snmp-server community public rw ipaddress 172.16.10.14
exit
console#
Thanks for you help.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 3rd, 2012 10:00
The routing commands look good, but it sounds like there may be a misunderstanding of how the different switchport modes are used. I will outline the basics here.
Access Links connect VLAN unaware devices to the port of a VLAN-aware switch. All frames on access links are untagged. The VLAN switch adds tags to received frames, and removes tags when transmitting frames. End users and VLAN-unaware workstations commonly reside on access links.By Default all ports are in ACCESS mode assigned to the default VLAN (VLAN 1). Ports set to Access mode belong to one VLAN only.
Trunk Links attach two VLAN aware switches (or other VLAN aware devices) together and allows for multiple VLAN frames to cross one link. On VLAN trunk links, all frames must be tagged with the respective VLAN ID’s The native VLAN must match on all switches in the segment. (VLAN 1 is default Native VLAN). The native VLAN is NOT tagged.
Default behavior: An interface placed into trunk mode on the PowerConnect 62xx will drop all untagged traffic, including default VLAN 1 untagged traffic, and will permit tagged traffic from multiple VLANs to pass. As with general mode, the additional tagged VLANs must be explicitly defined on the interface.
General Links consist of a combination of VLAN Trunk and Access Links.
General Links can have both tagged and untagged frames, However, all frames sent to a specific VLAN must be tagged. All untagged frames are sent to the native VLAN.The native VLAN still applies to the General LINK. While it is possible to have multiple untagged vlans on a General link, you can only have ONE (1) PVID. The PVID represents the native VLAN. While untagged traffic may be sent via several untagged VLANs, returning untagged traffic will only be received by the PVID and therefore will NOT be forwarded to a specific VLAN.General links are mostly used today for legacy equipment. However, on the PowerConnect 62xx series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID. If you use Trunk mode, you will not have the default VLAN on those ports. The ports will only allow tagged traffic.
With this information in mind, I would suggest the following.
1. It sounds like you have three separate connections from switch to switch, using access mode? It is fine to have three physical connections from switch to switch, but those connections should probably be set into a LAG, and then that LAG set to General mode allowing the specific VLANs across it. Something similar to the following.
console(config)# interface range ethernet 1/g1-3
console(config-if)# channel-group 1 mode on
console(config)# interface channel-group 1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 10,20,30 tagged
console(config-if)# switchport general pvid 2
2. Each laptop, desktop, and server should be on a port that is in access mode for a specific VLAN. Unless the server has a virtual switch with VLANs on it. If there is no virtual switch on the server, then it is sending out untagged traffic, and in a general port that untagged traffic will just go onto the PVID.
3. To access the management web gui you will use the IP address assigned to the management VLAN, which looks to be 172.16.1.254
Here is a good article that talks more about VLAN routing and setup.
www.dell.com/.../app_note_38.pdf
Side note, it is always a good idea to keep the switch firmware up to date, it can help ensure things run as smooth as possible.
62xx firmware
www.dell.com/.../powerconnect-6224
2724 firmware
www.dell.com/.../powerconnect-2724
Hope you find this information helpful, keep us updated.
Thanks.
eric117
29 Posts
0
October 3rd, 2012 12:00
Thank you for the information this is very helpful.
A couple more questions.
In the Article you sent above in the Step by Step instructions #4 says:
Define routes to each network.
Dell-6024(config)# ip route 10.10.0.0 255.255.255.0 10.10.0.2
Dell-6024(config)# ip route 10.20.0.0 255.255.255.0 10.20.0.2
Can you explain this? Where did the 10.10.0.2 and 10.20.0.2 addresses come from?
Then also in that article it says:
we assume the router has previously been configured to reach the DHCP server on the
10.100.0.0/24 subnet.
However this is the part I need help with.
In my domain controller I have DHCP setup with 3 scopes, one for each VLAN. I will be connecting this server directly to the 6224. How do I need to setup the port that this server is connected to? From what I had read on other posts I was under the impression that this port needed to be tagged (or trunked?) and setup with all 3 VLANs. Is that wrong?
Thanks.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 3rd, 2012 13:00
a static route is a way to define a path in the router that specifies how the router will get to a certain subnet by using a certain path.
Looking at the command
ip route 10.20.0.0 255.255.255.0 10.20.0.2
The first address 10.20.0.0 is the destination address
255.255.255.0 is the subnet
And the last address is 10.20.0.2 is the next-hop
With one DHCP server servicing multiple VLANs, that is where the ip helper-address comes into play. Which you already have in place.
Page 555 of the configuration guide goes into this some more.
support.dell.com/.../ucg_en.pdf
The DHCP server should be placed on an access port. Unless you have a virtual switch configured on the server, or some other method of tagging the traffic coming from the server, plugging a server into a general port will result in that port receiving untagged traffic from the server and then placing it on the PVID. So even thought you have that port set to general mode with VLANs 10,20,30 added, the server is not directly communicating with those VLANs.
Layer 2 functionality of this would be DHCP l2relay.
Page 461
support.dell.com/.../ucg_en.pdf
eric117
29 Posts
0
October 4th, 2012 08:00
Thanks.
On the DHCP Server. First, if I put this on an Access port, it only allows me to put it on one VLAN, is that ok?
Then I read the information on the DHCP l2relay, and I understand that I need to turn it on globally, but which individual ports do I need to enable it on? Just the one with server attached? Or do I also need to enable it on the port that connects to the layer 2 switch? Or do I need to turn it on, on the layer 2 switch?
Thanks.
eric117
29 Posts
0
October 4th, 2012 12:00
By the way....i have the same setup, but I reset my switch and started over....here is my new running-config:
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.4.1, VxWorks 6.5"
!System Software Version 3.3.4.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 2,10,20,30
vlan routing 10 1
vlan routing 20 2
vlan routing 30 3
exit
stack
member 1 1
exit
ip address 172.16.1.254 255.255.255.0
ip address vlan 2
ip routing
ip helper-address 172.16.10.10 dhcp
interface vlan 10
routing
ip address 172.16.10.254 255.255.255.0
exit
interface vlan 20
routing
ip address 172.16.20.254 255.255.255.0
exit
interface vlan 30
routing
ip address 172.16.30.254 255.255.255.0
exit
username "admin" password 80f3be0c63f2722b4293c531e1e7a09f level 15 encrypted
dhcp l2relay
!
interface ethernet 1/g1
dhcp l2relay
switchport access vlan 10
exit
!
interface ethernet 1/g24
dhcp l2relay
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
exit
exit
console#
eric117
29 Posts
0
October 4th, 2012 14:00
Here is a very quick drawing of my setup:
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 9th, 2012 09:00
Yes it is fine that the DHCP server is on one VLAN. The server sends out untagged traffic, which when received by a general port, the general port places the untagged traffic onto the PVID. So no matter how many VLANs the general port participates in, the server traffic will always go on the PVID since it is not tagged. Because of this we are simplifying things and setting the port to access mode for a specific VLAN.
Then VLAN routing enables the different VLANs to communicate with each other.
Were you able to get this working as desired? Any updates?
Thanks
eric117
29 Posts
0
October 9th, 2012 12:00
No I have not been able to get this to work. In fact I think I screwed it up more.
I am actually unable to communicate between my switches now. If you see my drawing above, I removed the three connections I had from the 6224 and the 2724 and replaced them with one connection. The port on either end of this connection is set to Trunk with all three VLANs. But I put one of the Laptops on the 2724 with a static address and I cannot ping it from the switch.
Should I have left the 3 connections from the 6224 to the 2724?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 9th, 2012 12:00
When doing ping tests, it is always a good idea to start small and work out to find the point of dropped communication. So start with trying to ping the switch the laptop plugs into. So if the laptop plugs into the 2724, make sure that communication is good, then try to ping the next switch 6224, then try to ping the server. From what you said it sounds like the communication is dropping off when trying to communicate from one switch to the next.
I am still not seeing any static routes being put in place. I would recommend getting that added in to the configuration. Then test for connectivity.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 9th, 2012 13:00
Side note-PowerConnect 62xx series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID. If you use Trunk mode, you will not have the default VLAN on those ports. The ports will only allow tagged traffic.
eric117
29 Posts
0
October 9th, 2012 13:00
I added in the Static Routes, but still have no connectivity between the two switches.
From the 6224, I can ping the Server, and I can ping all my "Gateway" addresses (i.e. 172.16.20.254). But I still cannot see the system on the 2724. And from the 2724 I can't ping anything.
Here is my current config:
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.4.1, VxWorks 6.5"
!System Software Version 3.3.4.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 2,10,20,30
vlan routing 10 1
vlan routing 20 2
vlan routing 30 3
exit
stack
member 1 1
exit
ip address 172.16.1.254 255.255.255.0
ip address vlan 2
ip routing
ip route 172.16.10.0 255.255.255.0 172.16.10.2
ip route 172.16.20.0 255.255.255.0 172.16.20.2
ip route 172.16.30.0 255.255.255.0 172.16.30.2
ip helper-address 172.16.10.10 dhcp
interface vlan 10
routing
ip address 172.16.10.254 255.255.255.0
exit
interface vlan 20
routing
ip address 172.16.20.254 255.255.255.0
ip helper-address 172.16.10.10 dhcp
exit
interface vlan 30
routing
ip address 172.16.30.254 255.255.255.0
ip helper-address 172.16.10.10 dhcp
exit
username "admin" password 80f3be0c63f2722b4293c531e1e7a09f level 15 encrypted
dhcp l2relay
!
interface ethernet 1/g1
dhcp l2relay
switchport access vlan 10
exit
!
interface ethernet 1/g24
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
exit
exit
console#
On the 2724 the connection from the 6224 is in port 24, which I have set to Tagged for all three VLANs.
eric117
29 Posts
0
October 9th, 2012 14:00
Still no connection.
The Laptop is set to:
IP - 172.16.20.20
SubNet - 255.255.255.0
Gateway - 172.16.20.254
Here are some images from the 2724:
And here is the latest Running Config:
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 9th, 2012 14:00
I would change the Trunk mode to General mode and set the PVID to the management VLAN which looks like you changed to VLAN 2.
switchport mode general
switchport general allowed vlan add 10,20,30
switchport general pvid vlan 2
Can you show us some screen shots of the 2724 vlan and port settings?
Then From the 6224 console can you ping the 2724 address? What are the static settings on the laptop?
Thanks
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 10th, 2012 11:00
These port configurations look good. Lets look at the following.
1. From the 6224 console, can you ping the 2724 switch itself, not the laptop but the actual IP address of the 2724.
2. From the server on the 6224 can you ping the 6224?
3. From the server on the 6224 can you ping the 2724 IP address, not the laptop, but the switch itself.
4. On the laptop connected to the 2724, the gateway is set to 172.16.20.254, is that the VLAN 20 IP address on the 2724?
5. If you move the laptop to the 6224, can it ping the DHCP server?
Thanks
eric117
29 Posts
0
October 10th, 2012 13:00
Here is the Interface Status:
console#show interfaces status
Port Type Duplex Speed Neg Link Flow Control
State Status
----- ------------------------------ ------ ------- ---- --------- ------------
1/g1 Gigabit - Level Full 1000 Auto Up Active
1/g2 Gigabit - Level N/A Unknown Auto Down Inactive
1/g3 Gigabit - Level N/A Unknown Auto Down Inactive
1/g4 Gigabit - Level N/A Unknown Auto Down Inactive
1/g5 Gigabit - Level N/A Unknown Auto Down Inactive
1/g6 Gigabit - Level N/A Unknown Auto Down Inactive
1/g7 Gigabit - Level N/A Unknown Auto Down Inactive
1/g8 Gigabit - Level N/A Unknown Auto Down Inactive
1/g9 Gigabit - Level N/A Unknown Auto Down Inactive
1/g10 Gigabit - Level N/A Unknown Auto Down Inactive
1/g11 Gigabit - Level N/A Unknown Auto Down Inactive
1/g12 Gigabit - Level N/A Unknown Auto Down Inactive
1/g13 Gigabit - Level N/A Unknown Auto Down Inactive
1/g14 Gigabit - Level N/A Unknown Auto Down Inactive
1/g15 Gigabit - Level Full 1000 Auto Up Active
1/g16 Gigabit - Level N/A Unknown Auto Down Inactive
1/g17 Gigabit - Level N/A Unknown Auto Down Inactive
1/g18 Gigabit - Level N/A Unknown Auto Down Inactive
1/g19 Gigabit - Level N/A Unknown Auto Down Inactive
--More-- or (q)uit
1/g20 Gigabit - Level N/A Unknown Auto Down Inactive
1/g21 Gigabit - Level N/A Unknown Auto Down Inactive
1/g22 Gigabit - Level N/A Unknown Auto Down Inactive
1/g23 Gigabit - Level N/A Unknown Auto Down Inactive
1/g24 Gigabit - Level Full 1000 Auto Up Inactive
1/xg1 10G - Level N/A Unknown Auto Down Inactive
1/xg2 10G - Level N/A Unknown Auto Down Inactive
1/xg3 10G - Level N/A Unknown Auto Down Inactive
1/xg4 10G - Level N/A Unknown Auto Down Inactive
Ch Type Link
State
--- ------------------------------ -----
ch1 Link Aggregate Down
ch2 Link Aggregate Down
ch3 Link Aggregate Down
ch4 Link Aggregate Down
ch5 Link Aggregate Down
ch6 Link Aggregate Down
ch7 Link Aggregate Down
ch8 Link Aggregate Down
ch9 Link Aggregate Down
--More-- or (q)uit
ch10 Link Aggregate Down
ch11 Link Aggregate Down
ch12 Link Aggregate Down
ch13 Link Aggregate Down
ch14 Link Aggregate Down
ch15 Link Aggregate Down
ch16 Link Aggregate Down
ch17 Link Aggregate Down
ch18 Link Aggregate Down
ch19 Link Aggregate Down
ch20 Link Aggregate Down
ch21 Link Aggregate Down
ch22 Link Aggregate Down
ch23 Link Aggregate Down
ch24 Link Aggregate Down
ch25 Link Aggregate Down
ch26 Link Aggregate Down
ch27 Link Aggregate Down
ch28 Link Aggregate Down
ch29 Link Aggregate Down
ch30 Link Aggregate Down
ch31 Link Aggregate Down
ch32 Link Aggregate Down
--More-- or (q)uit
ch33 Link Aggregate Down
ch34 Link Aggregate Down
ch35 Link Aggregate Down
ch36 Link Aggregate Down
ch37 Link Aggregate Down
ch38 Link Aggregate Down
ch39 Link Aggregate Down
ch40 Link Aggregate Down
ch41 Link Aggregate Down
ch42 Link Aggregate Down
ch43 Link Aggregate Down
ch44 Link Aggregate Down
ch45 Link Aggregate Down
ch46 Link Aggregate Down
ch47 Link Aggregate Down
ch48 Link Aggregate Down
Flow Control:Enabled
console#
And I could not find a MAC address-table command...but I did find a show bridge address-table command...here is the output:
console#show bridge address-table
Aging time is 300 Sec
Vlan Mac Address Port Type
-------- --------------------- ---------- --------------------
2 D067.E58A.8202 cpu Management
10 0015.17B6.7F29 1/g1 Dynamic
10 D067.E58A.8204 vlan 10 Management
20 001C.2347.98CA 1/g15 Dynamic
20 D067.E58A.8204 vlan 20 Management
30 D067.E58A.8204 vlan 30 Management
Total MAC Addresses in use:6
console#