Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

jamiemwanza

1 Rookie

 • 

42 Posts

43130

May 4th, 2012 08:00

Powerconnect 6224 Vlans and ACL's

I have created three Vlans on stacked three power connects 6224. I have enabled routing on the iSCSI traffic Vlan and the VMTraffic Vlan. The management traffic is not routing. I am able to ping the Vlans but i am unable to see the machines on the Vlans. I had started creating acl's so that i can see the Vmtraffic vlan and the iSCSI vlan but all that failed.  What am i doing wrong? i have copied my configs below?

stack#show running-config
!Current Configuration:
!System Description "Powerconnect 6224, 3.2.1.3, VxWorks 6.5"
!System Software Version 3.2.1.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,100,200
vlan routing 100 1
vlan routing 200 2
exit
hostname "stack"
stack
member 1 1
member 2 1
member 3 1
exit
ip address 192.168.102.1 255.255.255.0
ip default-gateway 192.168.102.1
ip address vlan 10
access-list vmtraffic permit ip 192.168.103.0 0.0.0.255 192.168.104.0 0.0.0.255


access-list management permit ip 192.168.102.0 0.0.0.255 192.168.103.0 0.0.0.255

access-list management permit ip 192.168.102.0 0.0.0.255 192.168.104.0 0.0.0.255

ip routing
interface vlan 10
name "management"
ip access-group management in 1
exit
interface vlan 100
name "vmtraffic"
routing
ip address 192.168.103.1 255.255.255.0
ip access-group vmtraffic in 1
exit
interface vlan 200
name "iSCSI"
routing
ip address 192.168.104.1 255.255.255.0
exit
username "admin" password 4d647d12d74ae6cb37227e7b80fcd5e6 level 15 encrypted
!
interface ethernet 1/g1


channel-group 1 mode auto
switchport access vlan 10
exit
!
interface ethernet 1/g2
switchport access vlan 10
exit
!
interface ethernet 1/g3
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 1/g4
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 1/g5


spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 1/g6
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 1/g7
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 1/g8
spanning-tree portfast
mtu 9216
switchport access vlan 200


exit
!
interface ethernet 1/g11
switchport access vlan 100
exit
!
interface ethernet 1/g12
switchport access vlan 100
exit
!
interface ethernet 1/g13
switchport access vlan 100
exit
!
interface ethernet 1/g14
switchport access vlan 100
exit
!
interface ethernet 1/g15
switchport access vlan 100
exit


!
interface ethernet 1/g16
switchport access vlan 100
exit
!
interface ethernet 1/g17
switchport access vlan 100
exit
!
interface ethernet 1/g18
switchport access vlan 100
exit
!
interface ethernet 1/g19
switchport access vlan 100
exit
!
interface ethernet 1/g20
switchport access vlan 100
exit
!


interface ethernet 1/g21
switchport access vlan 100
exit
!
interface ethernet 1/g22
switchport access vlan 100
exit
!
interface ethernet 2/g2
switchport access vlan 10
exit
!
interface ethernet 2/g3
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 2/g4
spanning-tree portfast
mtu 9216


switchport access vlan 200
exit
!
interface ethernet 2/g5
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 2/g6
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 2/g7
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!


interface ethernet 2/g8
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 2/g11
switchport access vlan 100
exit
!
interface ethernet 2/g12
switchport access vlan 100
exit
!
interface ethernet 2/g13
switchport access vlan 100
exit
!
interface ethernet 2/g14
switchport access vlan 100
exit


!
interface ethernet 2/g15
switchport access vlan 100
exit
!
interface ethernet 2/g16
switchport access vlan 100
exit
!
interface ethernet 2/g17
switchport access vlan 100
exit
!
interface ethernet 2/g18
switchport access vlan 100
exit
!
interface ethernet 2/g19
switchport access vlan 100
exit
!


interface ethernet 2/g20
switchport access vlan 100
exit
!
interface ethernet 2/g21
switchport access vlan 100
exit
!
interface ethernet 2/g22
switchport access vlan 100
exit
!
interface ethernet 3/g2
switchport access vlan 10
exit
!
interface ethernet 3/g3
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit


!
interface ethernet 3/g4
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 3/g5
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 3/g6
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 3/g7
spanning-tree portfast


mtu 9216
switchport access vlan 200
exit
!
interface ethernet 3/g8
spanning-tree portfast
mtu 9216
switchport access vlan 200
exit
!
interface ethernet 3/g11
switchport access vlan 100
exit
!
interface ethernet 3/g12
switchport access vlan 100
exit
!
interface ethernet 3/g13
switchport access vlan 100
exit


!
interface ethernet 3/g14
switchport access vlan 100
exit
!
interface ethernet 3/g15
switchport access vlan 100
exit
!
interface ethernet 3/g16
switchport access vlan 100
exit
!
interface ethernet 3/g17
switchport access vlan 100
exit
!
interface ethernet 3/g18
switchport access vlan 100
exit
!


interface ethernet 3/g19
switchport access vlan 100
exit
!
interface ethernet 3/g20
switchport access vlan 100
exit
!
interface ethernet 3/g21
switchport access vlan 100
exit
!
interface ethernet 3/g22
switchport access vlan 100
exit
!
interface port-channel 1
switchport access vlan 10
exit
exit

stack#

Anonymous

5 Practitioner

 • 

274.2K Posts

May 4th, 2012 12:00

One of the first things to do to help ensure things are running as smooth as they can be, is to update the switch firmware on the stack.

www.dell.com/.../DriverFileFormats

The config shows you have routing enabled on the switch and the VLANs. You really should not need the ACL unless you only want certain VLANs to communicate with each other. I would get rid of the ACLs, double check that all clients connecting to the access ports have proper default gateways set. So anything plugged into VLAN 100 will have a default gateway of 192.168.103.1 and anything on VLAN 200 with have default gateway of 192.168.104.1. Then ensure that each client can ping the default gateway in it's respected VLAN, and then try to access clients/resources on other VLANs.

Here is some good info on VLAN routing and general setup.

www.dell.com/.../app_note_38.pdf

www.dell.com/.../app_note_4.pdf

On your VM traffic any connection that connects to a virtual switch on a VM host, may need to have its setting changed from access mode to Trunk or General mode. Listed is some good information on this.

damiankarlson.com/.../configuring-est-vst-vlan-tagging-with-dell-powerconnect-vmware-vsphere

www.vmware.com/.../esx_vlan.pdf

kb.vmware.com/.../search.do

If you get everything working without ACL, and you then want to add in some ACL, I would look over some of these documents.

www.dell.com/.../app_note_3.pdf

www.dell.com/.../app_note_10.pdf

www.dell.com/.../pwcnt_IP_ACLs.pdf

Hope this information helps, and keep us updated.

Thanks.

View More

View All

No Events found!

Top