N3048 VLAN setup issue

Question

Hi All,   I know I'm missing something simple, but I'm fairly new to L3 networking and maybe you all can help some.   I have the following: 1x N3048 core switch in L3 mode. 7x X-1052's (6 as PoE, 1 as non-poe) as edge switches. 1x Sonicwall TZ-400 with failover ISP (fibre and cable).   I'm creating a series of VLANs (Current network is a 192.168.x range) for general Lan, Guest Wireless and Voice.  At the same time changing to the 10.0.x.x range for most of the vlans. VLAN 1 => keeping 192.168.x.x range VLAN 10 => general LAN 10.0.0.x/24 VLAN 20 => Voice 10.0.1.x/24 VLAN 30 => Guest Wireless 10.0.2.x/24   Only certain ports on one X-1052 and on the Core switch will be configured for a specific VLAN (servers, access points, door locks, etc).  All of the rest will be 'auto detect' mode for General LAN and Voice.  Some devices will need to stay on VLAN 1 for the time being as they are static IPs and are not 'computers' but IoT and require additional time to change.   Issue 1: When I configure as the above with the X-1052's still on VLAN 1 range (e.g. 192.168.1.14) I can no longer ping the switch from any other vlan, even though I can ping any other device on that vlan (e.g. computer in VLAN 1 on the X series or a computer in VLAN 1 on the N3048), even if the device pinging is on that specific switch.  Below is a sample of the N3048 configuration (ports that are missing take the same configuration as the previous port, e.g. port Gi1/0/8 is configured the same as port Gi1/0/7).  The N3048 and X-1052 are connected via Gi1/0/1 on each.  The X Series also has the VLANs created and has its own IP as 192.168.1.27. Issue 2: I'm having trouble with the routing to the Sonicwall (I want the N3048 to do the VLAN routing) for internet connectivity.  I think I need some static routes, but I'm not sure how to configure those.   !Current Configuration:!Software Capability 'Stack Limit = 8, VLAN Limit = 1024'!Image File 'N3000AdvLitev6.5.3.7'!System Description 'Dell EMC Networking N3048, 6.5.3.7, Linux 3.6.5-e3cd5a07, Not Available'!System Software Version 6.5.3.7!configurevlan 10,20,30exitvlan 1vlan association subnet 192.168.1.0 255.255.255.0exitvlan 10name 'General LAN'vlan association subnet 10.0.0.0 255.255.255.0exitvlan 20name 'Voice LAN'vlan association subnet 10.0.1.0 255.255.255.0exitvlan 30name 'Guest Wireless'vlan association subnet 10.0.2.0 255.255.255.0exithostname 'N3048-01'slot 1/0 3 ! Dell EMC Networking N3048stackmember 1 4 ! N3048exitinterface out-of-bandip address 192.168.3.1 255.255.255.0 0.0.0.0exitip routingservice dhcpip dhcp excluded-address 192.168.1.1 192.168.1.100ip dhcp excluded-address 10.0.0.1 10.0.0.100ip dhcp excluded-address 10.0.1.1 10.0.1.100ip dhcp pool 'VLAN1'default-router 192.168.1.13network 192.168.1.0 255.255.255.0netbios-node-type b-nodeexitip dhcp pool 'VLAN10'default-router 10.0.0.13network 10.0.0.0 255.255.255.0netbios-node-type b-nodeexitip dhcp pool 'VLAN20'default-router 10.0.1.13network 10.0.1.0 255.255.255.0netbios-node-type b-nodeexitip dhcp pool 'VLAN30'default-router 10.0.2.13network 10.0.2.0 255.255.255.0netbios-node-type b-nodeexitinterface vlan 1ip address 192.168.1.13 255.255.255.0ip irdpexitinterface vlan 10ip address 10.0.0.13 255.255.240.0ip irdpexitinterface vlan 20ip address 10.0.1.13 255.255.240.0ip irdpexitinterface vlan 30ip address 10.0.2.13 255.255.240.0ip irdpexitswitchport voice vlanspanning-tree priority 0ip vrrpapplication install SupportAssist auto-restart start-on-bootapplication install hiveagent start-on-boot!interface Gi1/0/1spanning-tree portfastswitchport mode trunkswitchport trunk allowed vlan 1,10,20,30lldp tlv-select system-description system-capabilitiesswitchport voice vlan 20exit!interface Gi1/0/2switchport mode trunkswitchport trunk allowed vlan 1,10,20,30exit!interface Gi1/0/3spanning-tree portfastswitchport mode trunkexit!interface Gi1/0/4switchport mode trunkexit!interface Gi1/0/5spanning-tree portfastswitchport mode generalswitchport general allowed vlan add 10,20,30 taggedexit!interface Gi1/0/7spanning-tree portfastswitchport mode generalswitchport general pvid 10switchport general allowed vlan add 10switchport general allowed vlan add 20,30 taggedswitchport general allowed vlan add 1 taggedexit!interface Gi1/0/9spanning-tree portfastswitchport mode generalswitchport general pvid 200switchport general allowed vlan add 10,20,30 taggedswitchport general allowed vlan add 1 taggedexit!interface Gi1/0/10switchport mode generalswitchport general pvid 20switchport general allowed vlan add 1,10,30 taggedswitchport general allowed vlan add 20 untaggedexit!interface Gi1/0/11spanning-tree portfastswitchport access vlan 10exit!interface Gi1/0/13spanning-tree portfastswitchport mode generalswitchport general allowed vlan add 10 taggedexit!interface Gi1/0/15spanning-tree portfastswitchport mode generalswitchport general pvid 10switchport general allowed vlan add 10switchport general allowed vlan add 20,30 taggedswitchport general allowed vlan add 1 taggedexit!interface Gi1/0/17spanning-tree portfastexit!interface Gi1/0/37spanning-tree portfastswitchport mode generalswitchport general pvid 10switchport general allowed vlan add 10exit!interface Gi1/0/39spanning-tree portfastswitchport mode generalswitchport general pvid 10switchport general allowed vlan add 10switchport general allowed vlan add 20,30 taggedswitchport general allowed vlan add 1 taggedexit!interface Gi1/0/41spanning-tree portfastswitchport mode generalswitchport general allowed vlan add 10,20,30 taggedexit!interface Te1/0/1spanning-tree portfastswitchport mode trunkswitchport trunk allowed vlan 1,10,20,30exit!interface Te1/0/2spanning-tree portfastswitchport mode trunkswitchport trunk allowed vlan 1,10,20,30exitsnmp-server engineid local 800002a203e4f00481f374exit

DELL-Josh Cr · Answer

Hi,

You should create a static route from the N3000 to the sonicwall. Page 1510 https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/networking-n3000-series_user%27s-guide11_en-us.pdf

Eskevar · Answer

Thanks for the reply @DELL-Josh Cr I'm still puzzling through it due to my testing SonicWall being flaky (it's an old TZ100 and I'm about to do a factory reset on it).

I've added the following to the N3048 config file:

route-map "internet-out" permit 1
set ip next-hop 192.168.1.1

Then I added that route-map to each VLAN (example VLAN 1)

interface vlan 1
ip address 192.168.1.13 255.255.255.0
ip irdp
ip policy route-map internet-out

My other issue above is relating to accessing network devices from a different VLAN.

I have an X1026 and an X1052P taking static IP's from the VLAN 1 range currently (192.168.1.27 and 192.168.1.20, respectively). I am able to ping those network devices from VLAN 1 only, and from anywhere connected. I can ping computers on any VLAN from any other VLAN. To say it another way, I can't ping the L2 network switches from any VLAN except for VLAN 1. It seems to be an issue with the N3048 routing, but I haven't found anything that would prevent access to the network switches but allow device access. Any ideas?

The X1026 is connected from 1026-Gi1/0/1 to N3048-Gi1/0/1 in the OP setup above.

Sample Switch config from the X1026:

config-file-header
CLT-LS-X1026-26
v3.0.1.1 / RASTUTE_800_013
CLI v1.0
set system mode L2
policy-based-vlans active

@
vlan database
vlan 10,20,30
exit
voice vlan id 20
voice vlan state oui-enabled
voice vlan cos 5
voice vlan oui-table add 000181 Nortel__________________
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 001049 Shoretel________________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00907a Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
lldp med network-policy 1 voice vlan 20 vlan-type tagged up 5 dscp 46
hostname LS-X1026
snmp-server location Switch26
snmp-server community Public ro view Default
clock timezone UTC -5
clock summer-time utc recurring usa
sntp anycast client enable both
sntp broadcast client enable both
sntp unicast client enable
sntp unicast client poll
sntp server 192.168.1.5 poll
!
interface vlan 1
ip address 192.168.1.27 255.255.255.0
no ip address dhcp
!
interface vlan 10
name "Lan"
!
interface vlan 20
name "Voice"
!
interface vlan 30
name "Guest"
!
interface gigabitethernet1/0/1
spanning-tree portfast
switchport mode trunk
!
interface gigabitethernet1/0/2
switchport mode trunk
!

DELL-Josh Cr · Answer

Does show ip route Show a route from the N1500 to the N3000? It seems like it isn’t sending traffic to be routed there.

Eskevar · Answer

Sorry for the delay, have had a few other emergencies in the office. The switches I'm using are the X-Series (X-1052 and X-1026) except for the N3048. The X-series doesn't support ip show route.

show ip route on the N3048:

N3048-01>show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, K - Kernel, S - Static
B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S U - Unnumbered Peer, L - Leaked Route, T - Truncated ECMP Route

* Indicates the best (lowest metric) route for the subnet.

No default gateway is configured.
C *10.0.0.0/24 [0/0] directly connected, Vl10
C *10.0.1.0/24 [0/0] directly connected, Vl20
C *10.0.2.0/24 [0/0] directly connected, Vl30
C *192.168.1.0/24 [0/0] directly connected, Vl1

DELL-Josh Cr · Answer

It looks like it has the correct routes to be able to route between the VLANs. Can you private message me the service tags?

Eskevar · Answer

Sent via PM.

The specific behavior that I'm working on is that I can access DHCP addresses in any VLAN from any VLAN. I can access Static IPs only from the same VLAN (e.g. Switch with static IP 192.168.1.10 can only be pinged from the VLAN1. Switch with Static IP 10.0.0.10 can only be pinged from VLAN10).

DELL-Josh Cr · Answer

Can you try updating the firmware? There are a couple of fixes that may relate to the issue. https://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverid=n53hg&oscode=naa&productcode=networking-n3000-series

Eskevar · Answer

Updated the firmware. Issue persists.

I had read something about some PowerConnect switches had an issue with not routing VLAN 1 properly, could this be an issue in the N3048?

Tomorrow I'm going to try to update the IP range for the Static IPs to a different VLAN and see if that affects the issue.

Eskevar · Answer

@DELL-Josh Cr I was thinking about this last night, could the Trunk ports be affecting the VLAN tagging for the switches? Meaning, I've set the switches to a static IP in the VLAN 1 range, but the N3048 doesn't know where they are since the traffic isn't being tagged as VLAN 1. I notice that there is no "switchport trunk native vlan" on any of the trunk ports.

If I get time today, I'm going to test adding that command to the trunk ports. Failing that, maybe switch them to General mode with default VLAN 1 and all VLANs allowed tagged.

Eskevar · Answer

I tried reworking to General mode and setting native vlan, still no dice.  I you have any other suggestions I'm all ears, this seems to be something that any L3 switch should do and I can't find a reason why the static IPs in VLAN 1 can't be accessed from any other VLAN.  The only thing I have left to try is to set the switches to VLAN 10 and see if that changes anything.

Networking General

Was this post helpful?