Unsolved
This post is more than 5 years old
4 Posts
0
29800
Powerconnect 62xx VLAN Routing woes
Hi guys,
I'm having alot of difficulty trying to configure what I thought would be a very basic VLAN exercise, I'm in dire straits and could use some sage advice.
Basically I'm installing a new voip phone system and I'm attempting to segregate traffic (and broadcasts) between the two.
Everything is connected into a switch stack of one 6224 and one 6248. I've been trying to test this using a test VLAN and the VOIP VLAN before I touch my productive network which is sitting untouched on the default management VLAN 1.
My firewall is a cisco ASA 5510 which is managed by my ISP, so I've been testing with an ADSL router which I manage which sits on 10.16.0.251 and configured a static route for the vlans in there (although not sure if correct!).
My setup is as follows:
Data (Workstations/Servers): 10.16.0.x/24 (VLAN 1)
VOIP: 10.16.100.x/24 (VLAN 100)
Firewall: 10.16.0.254 (VLAN 1)
Test VLAN interface: 10.16.5.1 (VLAN 5)
VOIP VLAN interface: 10.16.100.2 (VLAN 100)
Interface 1/g15 and 2/g46 are two ports which I've connected laptops to for testing purposes. If anyone could please cast their eye over the below and offer any advice or pointers on what I'm doing wrong, it'd be very very much appreciated, thanks!
console#show running-config
!Current Configuration:
!System Description "Dell 48 Port Gigabit Ethernet, 2.0.0.12, VxWorks5.5.1"
!System Software Version 2.0.0.12
!
configure
vlan database
vlan 5, 100
exit
stack
member 1 1
member 2 2
exit
ip address 10.16.0.27 255.255.255.0
ip default-gateway 10.16.0.254
logging file debug
logging buffered debug
ip routing
ip route 0.0.0.0 0.0.0.0 10.16.0.251
interface vlan 5
name "datatest"
routing
ip address 10.16.5.1 255.255.255.0
exit
interface vlan 100
name "voice"
routing
ip address 10.16.100.2 255.255.255.0
exit
username "admin" password bbcb6cae332cdd76783252b4e7e5d0c8 level 15 encrypted
spanning-tree mst configuration
name "00-1E-C9-9A-58-6D"
exit
!
interface ethernet 1/g15
switchport mode general
switchport general pvid 5
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100
exit
!
interface ethernet 2/g46
switchport mode general
switchport general pvid 100
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 5
exit
snmp-server user admin READ_noAuthNoPriv
exit
DELL-Willy M
802 Posts
1
July 11th, 2013 11:00
Here is a good White Paper on setting up Voice VLAN for the 6200 switch models.
www.dell.com/.../pwcnt_voice_VLAN_support.pdf
Here is a sample config for Voice VLAN:
****VLAN 5 is configure for voice****
****VLAN 100 is configure for data. ****
****CoS (802.1p) of 4 is use for the the voice****
Console(config)# voice vlan
Console(config)# interface ethernet 1/g20-1/g24
Console(config-if)# switchport mode general
Console(config-if)# switchport general allowed vlan add 5 tagged
Console(config-if)# switchport general allowed vlan add 100 untagged
Console(config-if)# switchport general pvid 100
Console(config-if)# switchport general allowed vlan remove 1
Console(config-if)# voice vlan 5
Console(config-if)# voice vlan dot1p 4
Console(config-if)# voice vlan data priority untrust
Console(config-if)# end
****VLAN 5 is configure for voice****
****VLAN 100 is configure for data. ****
****Trust DSCP the voice****
Console(config)# voice vlan
Console(config)# interface ethernet 1/g20-1/g24
Console(config-if)# switchport mode general
Console(config-if)# switchport general allowed vlan add 5 tagged
Console(config-if)# switchport general allowed vlan add 100 untagged
Console(config-if)# switchport general pvid 100
Console(config-if)# switchport general allowed vlan remove 1
Console(config-if)# voice vlan 5
Console(config-if)# classofservice trust ip-dscp
Console(config-if)# voice vlan data priority trust
Console(config-if)# end
thatdarnguy
4 Posts
0
July 12th, 2013 02:00
Hi, as I understood it I shouldn't need to use the voice vlan service on the switch, I have a separate PoE switch dedicated to the voip system which will have a single port connected to the 62xx stack, so all I'm trying to provide is VLAN 100 for that port which routes any traffic on that port through to 10.16.0.254, does that make any sense? :)
DELL-Willy M
802 Posts
1
July 12th, 2013 08:00
Are you wanting to route Layer 3 packets between the PowerConnect and the Cisco?
If not you would just need to allow the untagged or tagged VLANs in a general mode switchport to allow the Layer 2 packets to move across the connection between the switches.
One thing you need to keep in mind is the PVID needs to be the same on that port for both sides of the connection. If you have PVID 100 set on the connecting port to the Cisco then you need to set the PVID native VLAN on the cisco to 100 as well. If not the low level switch management traffic will not communicate properly.
sketchy00
203 Posts
0
July 14th, 2013 21:00
A few tips for you.
1. You might also be served well by avoiding the default VLAN 1. It was often intended as a control plane, and has some very specific limitations (can't route, etc.) Make up whatever new VLANs #'s and names you want to use, then enable routing. I even like to make my Management VLAN something different than VLAN1.
2. In the simplest of arrangements, especially when troubleshooting, you might want to set the test ports as "access" ports. These are untagged traffic only, and there is significantly less opportunity to overlook something. "General" ports are the most flexible as they will handle both tagged and untagged traffic, but if a guy had a nickel for every time somebody forgot to set the PVID to the untagged VLAN that will be riding over that port, they'd be rich.
3. Approach interconnectivity with other switches in the same way. Start out with a single access port on each side. Then try to set up a LAG to aggregate multiple connections together. If all of that works, but you have a need to send multiple VLANs (trunk) traffic across those wires, start over, with "general" ports, and then LAG and trunk them.
Good luck.
thatdarnguy
4 Posts
0
July 15th, 2013 03:00
Thanks for the replies guys, much appreciated.
I'm a little worried about moving all of my productive network across to a new VLAN without really improving my knowledge of VLANs first. I have 3 6024 switches around the building, the main one I'm running my configuration on is the stacked 6024+6048 in my comms cabinet, a further 6024 is in my server cabinet and the other is in a different part of the building just serving some workstations.
I had really hoped that anything that was in the 10.16.0.x subnet would be able to just sit on the default VLAN1 and communicate with IPs in other VLANs/subnets, for example if I put my firewall (10.16.0.254) in VLAN 254, nothing in VLAN1 would be able to communicate with it as it won't route?
thatdarnguy
4 Posts
0
July 15th, 2013 05:00
Another quick question, in our workshop engineers use cheap gigabit switches to break out from a single wall port (patched into the powerconnects) to test various bits of kit. Will these still be usable if we bump our data VLAN onto say VLAN2?
DELL-Willy M
802 Posts
1
July 15th, 2013 10:00
In order for the breakout lab switches to reach all the different VLANs in your environment you would need a trunk connection marking all the needed VLANs to cross from the breakout switch to the wall port.
The hard part will be configuring (tracking) the other end of the cable that is connected to the wall port. That port on the switch for that cable would need to be a trunk as well. If not you would be limited to connecting to whatever single VLAN is set in access for the wall port/switch port on the other end.