Unsolved
This post is more than 5 years old
6 Posts
0
62892
Powerconnect 6224 Default Route
I am currently working on a pair of Dell PC6224. I have setup 4 vlans one of which has external access. They are currently configured for stacking and working properly with the exception of being able to give my clients outside access. When ssh'd in I am able to ping internal and external. I am able to connect to the routers form the outside but none of my clients are able to get internet access. Any Help would be appreciated. Below is my config:
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.5.5, VxWorks 6.5"
!System Software Version 3.3.5.5
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 100,200,300,600
vlan routing 600 1
vlan routing 200 2
vlan routing 300 4
exit
stack
member 1 1
member 2 1
exit
switch 1 priority 10
switch 2 priority 11
ip address 198.162.1.1 255.255.255.0
ip name-server 4.2.2.2
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.8.241
interface vlan 200
name "Data"
routing
ip address 10.5.5.1 255.0.0.0
exit
interface vlan 300
name "Management"
routing
ip address 172.16.1.1 255.255.0.0
ip helper-address 10.5.5.30
exit
interface vlan 600
name "Outside"
routing
ip address 192.168.8.244 255.255.255.240
exit
interface ethernet 1/g1
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g2
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g3
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g4
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g5
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g6
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g7
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g8
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 1/g9
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g10
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g11
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g12
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g13
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g14
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g15
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g16
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 1/g17
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 1/g18
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 1/g19
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 1/g20
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 1/g21
switchport mode general
exit
!
interface ethernet 1/g22
switchport mode general
exit
!
interface ethernet 1/g23
switchport mode general
exit
!
interface ethernet 1/g24
channel-group 6 mode auto
mtu 9000
switchport access vlan 600
exit
!
interface ethernet 2/g1
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g2
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g3
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g4
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g5
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g6
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g7
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g8
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport access vlan 100
exit
!
interface ethernet 2/g9
storm-control broadcast
storm-control multicast
spanning-tree portfast
mtu 9216
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g10
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g11
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g12
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g13
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g14
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g15
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g16
switchport mode general
switchport general pvid 200
switchport general allowed vlan add 200
exit
!
interface ethernet 2/g17
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 2/g18
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 2/g19
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 2/g20
switchport mode general
switchport general pvid 300
switchport general allowed vlan add 300
exit
!
interface ethernet 2/g21
switchport mode general
exit
!
interface ethernet 2/g22
switchport mode general
exit
!
interface ethernet 2/g23
switchport mode general
exit
!
interface ethernet 2/g24
channel-group 6 mode auto
mtu 9000
switchport access vlan 600
exit
!
interface port-channel 6
description 'Outside'
exit
!
exit
exit
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 27th, 2013 05:00
Overall the config looks good. The one thing I notices is you have ports 1/g24 and 2/g24 in a LAG, but then do not have the LAG configured. When a port is in a LAG the port configuration is not used, instead the port-channel configuration is used. So we need to place port-channel 6 into access mode for VLAN 600.
interface port-channel 6
description 'Outside'
switchport access vlan 600
If that still does not work, you may need to look at adding a static route on your firewall pointing traffic back to the switch.
Keep us updated.
Joor
6 Posts
0
December 27th, 2013 11:00
Also, 1/g24 and 2/g24 are used for my connection to the outside currently no firewall in place.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 27th, 2013 11:00
Correct, Link Aggregation has the ability to failover, but when a port is in a LAG the switch does not look at the specific port for configuration instructions, but the LAG the port has been placed in. So right now port channel6/LAG 6 is in default configuration which is access mode for VLAN 1. We need to change that to access mode for VLAN 600.
What device does 1/g24 and 2/g24 plug into?
Joor
6 Posts
0
December 27th, 2013 11:00
Thank you for the reply. I guess my understanding for the port-channel might be wrong. Currently I am using the port-channel for connection failover and it seems to be working. When I disconnect 1/g24, 2/g24 takes over and vice versa. But no matter what my clients can not ping my gateway (198.162.8.241) they can ping Vlan 600 (198.162.8.244) and other my vlans just fine as well as the clients in with those vlans.
Joor
6 Posts
0
December 28th, 2013 13:00
I did apply my port-channel to vlan 600 and still having the same issue. Routers can get outside and can be accessed from the outside but client on the inside can not.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 30th, 2013 05:00
What is the device is 192.168.8.241? May need to configure a route from that device back to the VLANs on the switch.
Joor
6 Posts
0
December 30th, 2013 12:00
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 30th, 2013 13:00
Everything i can see looks fine on the PowerConnect. I would double check the default gateway set on the clients and make sure they are set to the VLAN IP address. So any client in access mode for VLAN 200 would need a DG of 10.5.5.1. May also need to contact ISP and see if they can add some static routes on that Cisco directing traffic back to the PowerConnect.
Joor
6 Posts
0
December 30th, 2013 15:00
Contacted ISP and nothing came of that. The weird thing is I can can ping my powerconnect vlan 600 IP (.244) from the outside but can't get any further than that. From the inside my clients can ping vlan 600 but nothing outside of that. Should my VLAN switchport mode be setup as General or Access?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 31st, 2013 05:00
If you wanted the Cisco to perform all the VLAN routing, the Cisco had all the same VLANs created on it that you need along with IP addresses assigned to them, you would run the PowerConnect in layer 2 mode and pass all the VLAN traffic over to the Cisco through a Trunk/General mode connection.
In your case though I'm pretty sure you want the PowerConnect to perform the layer 3 function for your VLANs. So the way you have it setup is correct. From the behavior you have explained this is what it sounds like is happening. All of your internal VLAN traffic on the PowerConnect can communicate with each other because the PowerConnect is performing VLAN routing. The Cisco sees VLAN 600 as directly connected and has a route to VLAN 600, this is why VLAN 600 can communicate with the Cisco. We have a static route pointing the VLANs on the PowerConnect to the next hop, which is the Cisco. But we don't know how the Cisco is configured. More than likely what is happening is the PowerConnect is forwarding the packets from the other VLAN via the static route, but then the Cisco does not have anything in place telling it how to direct traffic back to those VLANs.
Will the ISP provide you any info on the Cisco configuration? Are you able to see what model Cisco it is?