csailinstyle
1 Nickel

Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Happy holidays everyone - 

I've been reading through several posts here and elsewhere about the 6224's inability to route its own management interface. Ok, enough, I get it. But what I don't get is a practical solution to what seems like a huge problem if you want to use the network to connect to the device to manage it (instead of the serial console port).

Let's say I want to have three networks A, B, and C, on the 6224 and configure it to route between any combination of them. Let's call them VLANs 1, 2, and 3. Three ethernet cables will connect to three ports on the 6224. one for network A, one for B, and one for C. Let's just ignore LAGs and redundant connections for this.

The management VLAN cannot be assigned to any of those networks, right? It says so in the documentation, and it's proven if you try to do it on the switch configuration. it doesn't let you do it.

So how do you reach the 6224 for management? Create a fourth network D, VLAN 4? That seems to be the general theme of answers to questions like this, but how do you reach this apparently isolated network? By definition it cannot be routed. Any computer that you normally use on A, B, or C, can't reach D.

So what then? A dedicated computer on D which can't reach anything but the management port of the switch? How about another completely separate router (I've got a Cisco ASA with some spare ports, or for a touch of irony, another 6224!) to provide a connection between D and one of the normally used networks? This is insane. 

Obviously I'm missing something here. I can't believe that the answer is, "if you turn on routing, the management interface is basically unusable" but that's how it looks from my possibly twisted perspective. I want to have my laptop, and any other computer, sit on a network that can be routed by the 6224, and also for that same laptop be able to reach the management interface of that same 6224. 

Will someone please help me understand this?

Thanks

Chris 

PS: I have an email address. It's pretty much unique on across the entire planet. I use it to log into this forum. But Dell, like so many others, insists on ignoring those facts and making me create another unique identifier by playing a game of 20 questions. Hence my remarkably stupid random user name.

Thanks again, and I hope someone at least gets a good laugh out this whole thing.

0 Kudos
13 Replies
Moderator
Moderator

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

The management vlan can be thought of as an OOB port. so the intention is for it to be separate from the rest of traffic and on it's own dedicated network. However you are not restricted to managing the switch through just the management vlan interface. Each VLAN that has an IP address can be used by clients in that vlan to manage the switch.

For example, if you assign VLAN 2 and ip address of 192.168.2.1. Clients in VLAN 2 with and ip address in subnet 192.168.2.x can access 192.168.2.1 to manage the switch, while still being able to communicate with clients in other vlans.

Hope this helps some, let me know if you need any assistance looking over your config, or clarifying anything.

Thanks

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
csailinstyle
1 Nickel

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Daniel, thank you, your comments helped me get my head around this. Unfortunately I just spent a half hour typing up an informative summary of what all this means,to try to help the next guy out,  but this F'ing web page just blew it away when I clicked "this answered my question" or whatever that button is. Could have used a little Ajax there.

Anyways I got over the confusion. Use the CLI to set up one routable interface with a static IP on your regular subnet and put the management interface somewhere else. Then you can jump into the web utility and finish the job.

Thanks again for your reply.

Chris

0 Kudos
csailinstyle
1 Nickel

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

well I'm not completely out of the woods yet. This has solved the conflict between the management vlan and whatever other vlans you want to make routable, but now after finishing that configuration I am not getting good routing action. From a PC connected to one interface I can ping the address of another interface (different vlan, different subnet), but I cannot ping the address of a known good answering device at another address on the other interface. Example from 192.168.1.100 (my laptop on the default vlan 1) I can ping 192.168.1.22 which is the address of the 6264's interface on my subnet. I can also ping 192.168.4.1 which is the address of the 6264's interface on the other subnet, vlan 4.

But when I try to ping another device on the 192.168.4.0 /24 address from my laptop on 192.168.1.100,  I timeouts. I don't get destination unreachable. tracert shows me that I'm correctly hitting the .22 gateway address from my laptop.

what am I missing? I've set up the port configuration for each vlan as general mode, assigned ip addresses to each interface, verified that global routing and routing on each vlan is enabled, verified that the switch itself can ping an ip address on some other device on each interface. Finally, I rebooted the switch.

Am I supposed to manually create a routing table? That seems ridiculous. The switch has implicit knowledge of how to route from one interface to another. the switches existing routing table seems to bear this out. it shows what look like correct routes on the two interfaces I have cables actually plugged into. I hope that's normal. The other routing-enable interfaces do not appear in the table, but they have no cables plugged in.

Thanks again

Chris

0 Kudos
Moderator
Moderator

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Glad to hear you have made some progression. Could you post up your current running config? I can help look through it and see if i spot anything that needs to be changed or added. Also, what OS is installed on the devices you are pinging back and forth to?

Thanks

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
csailinstyle
1 Nickel

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Here's the running config. It's interesting to note that port 1/g1 does not appear in this output. I ran it twice to be sure. 1/g1 is on the default vlan, presently set to Access mode although I have tested it in General mode as well with the same results of no traffic beyond the interface port.

The other devices on the network include my laptop (Win7Pro), another laptop (some flavor of windows 7), Windows Server2008, and two ESXI hosts. All of these devices will answer pings from each other within their own subnets, i.e. from one to the other without involving the 6224, and will answer a ping when initiated from the 6224 CLI.

And what's with the route table in the 6224? I've been testing between vlan 1 and vlan 4 as shown in the config below. I never manually entered a static route definition yet these two appear in the route table. When I do try to create a manual route, the 6224 produces some error message that basically says it couldn't create the route, with no other useful information about why.

Here's the routing table as it appears with vlan 1 (1/g1) plugged into my main subnet, and a win7 laptop with a static ip plugged directly into vlan 4 (1/g4)

DPC6264-1#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static

      B - BGP Derived, IA - OSPF Inter Area

      E1 - OSPF External Type 1, E2 - OSPF External Type 2

      N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

C      192.168.1.0/24 [0/1] directly connected,   vlan 1

C      192.168.4.0/24 [0/1] directly connected,   vlan 4

and here's the 6224 pinging that laptop:

DPC6264-1#ping 192.168.4.240

Pinging 192.168.4.240 with 0 bytes of data:

Reply From 192.168.4.240: icmp_seq = 0. time <10 msec.

Reply From 192.168.4.240: icmp_seq = 1. time <10 msec.

Reply From 192.168.4.240: icmp_seq = 2. time <10 msec.

Reply From 192.168.4.240: icmp_seq = 3. time <10 msec.

Here's the running config:

DPC6264-1#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.12.1, VxWorks 6.5"

!System Software Version 3.3.12.1

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 3-5,10,20,100

vlan routing 20 1

vlan routing 3 2

vlan routing 1 3

vlan routing 4 4

exit

snmp-server location "Exeter"

hostname "DPC6264-1"

clock timezone -5 minutes 0

stack

member 1 1

exit

ip address 192.168.10.1 255.255.255.0

ip address vlan 10

ip domain-name exeter.local

ip name-server 192.168.1.15

ip routing

interface vlan 1

routing

ip address 192.168.1.22 255.255.255.0

exit

interface vlan 3

name "SAN1"

routing

ip address 192.168.3.1 255.255.255.0

bandwidth 10000

ip mtu 1500

exit

interface vlan 4

name "SAN2"

routing

ip address 192.168.4.1 255.255.255.0

bandwidth 10000

exit

interface vlan 5

name "DMZ"

exit

interface vlan 10

name "internal management"

exit

interface vlan 20

name "vsphere"

routing

ip address 192.168.2.1 255.255.255.0

bandwidth 10000

ip mtu 1500

exit

interface vlan 100

name "internal user"

exit

!

interface ethernet 1/g2

switchport mode general

switchport general pvid 20

0 Kudos
csailinstyle
1 Nickel

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Ok, so this reply box apparently has an unadvertised input length limit and it cut off my configuration. Here's the rest of the running config starting with the 1/g2 from above:

!

interface ethernet 1/g2

switchport mode general

switchport general pvid 20

switchport general allowed vlan add 20

exit

!

interface ethernet 1/g3

switchport mode general

switchport general pvid 3

switchport general allowed vlan add 3

exit

!

interface ethernet 1/g4

switchport mode general

switchport general pvid 4

switchport general allowed vlan add 4

exit

!

interface ethernet 1/g10

switchport access vlan 10

exit

exit

0 Kudos
Moderator
Moderator

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

Thanks for posting up the additional info. The VLAN configuration looks alright to me. On the port configuration i suggest sticking with access mode unless you need the port to receive tagged frames from multiple VLANs. As an example, port 4 would be access mode for VLAN 4.

I would also double check the IP settings on the clients. It sounds like they have an IP address in the correct subnet, but double check the default gateway and make sure it is set to the IP address of the VLAN. For example, device plugged into port 4 will be in access mode for VLAN 4, will have an IP address in the 192.168.4.x subnet, and will have a default gateway of 192.168.4.1.

Specifically windows 7 can sometimes have some issues replying to pings. May be worth looking into.

www.sysprobs.com/enable-ping-reply-windows-7

For directly connected subnets you should not need to create a static route.

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
csailinstyle
1 Nickel

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

got some more progress here. I read somewhere that someone thought that vlan 1 was totally non routable. I thought that was kinda crazy, but I started up another 6224 from an empty config, set it up with vlan 1 and vlan 4, got no routing just like the first one, and then I replaced vlan 1 with a new vlan 100 on the same physical port (1/g1). All interfaces were Access mode.

This got me good routing from a device on vlan 100 to a device on vlan 4. Strangely though vlan 4 will still not route back to vlan 1.

So it appears that there is something magic about vlan 1. Maybe the OP was right, it's not routable. But I'm baffled now as to why the route won't go the other way.

This test configuration is starting to get fairly hacked up with multiple laptops hanging off various switch ports, mismatched vlans connected to each other, etc. All of that could still explain the no reverse route issue.

Any thoughts on the vlan1 no-routing idea?

0 Kudos
Moderator
Moderator

RE: Power Connect 6224 VLAN routing and management VLAN

Jump to solution

By default VLAN 1 is the management VLAN and is not routable. If you use the command console(config)# ip address vlan 99

You can move the management VLAN and VLAN 1 will then be a normally routable VLAN.

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos