This post is more than 5 years old
22 Posts
0
19648
Routing Question
Hi,
I have a Powerconnect 6224 & need some help with routing configuration.
Basically 1 port on the switch (port 17) comes from our Data Center provider that has say 15 public ip addresses.
What I need is for those ip addresses to be divided to 3 nics. In other words Port 18 needs to have 1-5 public ip addresses, port 19 needs to have 6-10 public ip addresses & port 20 needs to have 11-15 public ip addresses.
Obviously I would put those IP addresses on the relevant nics but need to sort out the routing inside the switch.
The data centre can only provide me with 1 link (port).
Is it possible to have 1 vlan then 3 other vlans inside the origonal vlan?
Does Windows Hyper V Virtual network vlans link to vlans on the switch so they operate on the 1 network?
Im new to layer 3 switches & would appreciate any assistane on setting this up.
Thanks in advance
Todd
bh1633
909 Posts
1
June 1st, 2010 08:00
66 in decimal = 42 in hexadecimal (42h)
240 in decimal = F0 in hexidecimal (F0h)
to mask is a way of saying to AND the 2 numbers. Or in other words, the 1's in the mask tell you which bits to pay attention to and the 0's tell you which bits to ignore.
42h AND F0h = 40h = 64 decimal.
So, what you are seeing is correct. You need to use a mask of 255.255.255.255 to set a vlan association for a specific IP address.
bh1633
909 Posts
0
May 25th, 2010 10:00
For the 6224 config look at the config below. This assumes that the data center provider is sending you tagged traffic and that the servers are configured to accept tagged traffic. The 6224 is not routing in this config, it is just doing tagged switching.
I do not really understand the rest of your post, but if you need to to double tagged vlans, the switch is capable.
Post more information about your network if you have more questions.
configure
vlan database
vlan 101-115
exit
stack
member 1 2
exit
ip address 192.168.2.62 255.255.255.0
username "admin" password dec68e4501ce09a74284cb1bd03164a2 level 15 encrypted
!
interface ethernet 1/g17
switchport mode trunk
switchport trunk allowed vlan add 101-115
exit
!
interface ethernet 1/g18
switchport mode trunk
switchport trunk allowed vlan add 101-105
exit
!
interface ethernet 1/g19
switchport mode trunk
exit
!
interface ethernet 1/g20
switchport mode trunk
switchport trunk allowed vlan add 111-115
exit
exit
tango2406
22 Posts
0
May 26th, 2010 09:00
Thanks for your response.
IS it possible to have a VLAn inside a VLAN?
In other words I have a VLAN that seperates the inbound public ip addresses from the rest of the switch. Then it seems I need to create a seperate VLAN for the outbound 3 ports then put the ip addresses on to the VLAN.
Hope this makes sense
bh1633
909 Posts
0
May 26th, 2010 13:00
I still do not understand your question, but here is an example of Q-in-Q or double vlan tagging that you may be able to apply to your netowrk. In this example, tagged traffic ingressing the switch on port 1/g1 is switched as if it is in vlan 800. If this traffic egresses port 1/g24, it will be double tagged with vlan 800 in outer tag and the original vlans in the inner tags. The same description is true for port 1/g2 and vlan 900.
if this does not answer your question, then please provide an example of how traffic is ingressing your switch and what you would like to do with it. Be very explicit please.
configure
vlan database
vlan 800,900
exit
stack
member 1 2
exit
ip address 192.168.2.1 255.255.255.0
no spanning-tree
!
interface ethernet 1/g1
switchport mode general
switchport general pvid 800
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 800
exit
!
interface ethernet 1/g2
switchport mode general
switchport general pvid 900
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 900
exit
!
interface ethernet 1/g24
switchport mode general
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 800,900 tagged
mode dvlan-tunnel
exit
exit
tango2406
22 Posts
0
May 26th, 2010 15:00
thanks again for your interest,
I really appreciate it.
just to recap, 4 ports in a vlan, this needs to be seperate to other networks on the switch.
Port 17 comes from datacentre thats has 15 inbound public ip addresses.port 18 needs to have 5 of these ip's, port 19 needs to have next 5 & port to needs to have final 5.
All ips are on the same subnet.
I tried just putting the seperate ips in the nics that go to the three ports but that didnt work
Thanks
bh1633
909 Posts
0
May 26th, 2010 15:00
The example below will take ingress traffic on port 1/g17 and classify it to a vlan according to its destination IP address. The first five IPs are associated to the vlan that port g18 is a member of, the second five are ossociated to the vlan that port g19 is a member of, etc.. Traffic egressing 1/g17 is untagged.
configure
vlan database
vlan 101-103
vlan association subnet 192.168.1.11 255.255.255.255 101
vlan association subnet 192.168.1.12 255.255.255.255 101
vlan association subnet 192.168.1.13 255.255.255.255 101
vlan association subnet 192.168.1.14 255.255.255.255 101
vlan association subnet 192.168.1.15 255.255.255.255 101
vlan association subnet 192.168.1.21 255.255.255.255 102
vlan association subnet 192.168.1.22 255.255.255.255 102
vlan association subnet 192.168.1.23 255.255.255.255 102
vlan association subnet 192.168.1.24 255.255.255.255 102
vlan association subnet 192.168.1.25 255.255.255.255 102
vlan association subnet 192.168.1.31 255.255.255.255 103
vlan association subnet 192.168.1.32 255.255.255.255 103
vlan association subnet 192.168.1.33 255.255.255.255 103
vlan association subnet 192.168.1.34 255.255.255.255 103
vlan association subnet 192.168.1.35 255.255.255.255 103
exit
stack
member 1 1
exit
ip address 192.168.2.62 255.255.255.0
!
interface ethernet 1/g17
switchport mode general
switchport general allowed vlan add 101-103
exit
!
interface ethernet 1/g18
switchport access vlan 101
exit
!
interface ethernet 1/g19
switchport access vlan 102
exit
!
interface ethernet 1/g20
switchport access vlan 103
exit
exit
tango2406
22 Posts
0
May 26th, 2010 17:00
Thanks
so are you saying I dont need the origonal vlan that seperates the 4 ports from the rest of the switch?
bh1633
909 Posts
0
May 26th, 2010 21:00
I am not sure what you are asking. However, this may answer the question. I was thinking about my suggestion and I neglected to account for ARP packets. So here is a new config that should work better.:
configure
vlan database
vlan 100-103
vlan association subnet 192.168.1.11 255.255.255.255 101
vlan association subnet 192.168.1.12 255.255.255.255 101
vlan association subnet 192.168.1.13 255.255.255.255 101
vlan association subnet 192.168.1.14 255.255.255.255 101
vlan association subnet 192.168.1.15 255.255.255.255 101
vlan association subnet 192.168.1.21 255.255.255.255 102
vlan association subnet 192.168.1.22 255.255.255.255 102
vlan association subnet 192.168.1.23 255.255.255.255 102
vlan association subnet 192.168.1.24 255.255.255.255 102
vlan association subnet 192.168.1.25 255.255.255.255 102
vlan association subnet 192.168.1.31 255.255.255.255 103
vlan association subnet 192.168.1.32 255.255.255.255 103
vlan association subnet 192.168.1.33 255.255.255.255 103
vlan association subnet 192.168.1.34 255.255.255.255 103
vlan association subnet 192.168.1.35 255.255.255.255 103
exit
stack
member 1 2
exit
ip address 192.168.2.62 255.255.255.0
!
interface ethernet 1/g17
switchport mode general
switchport general allowed vlan add 100-103 untagged
switchport general pvid 100
exit
!
interface ethernet 1/g18
switchport mode general
switchport general allowed vlan add 100,101 untagged
switchport general pvid 100
exit
!
interface ethernet 1/g19
switchport mode general
switchport general allowed vlan add 100,102 untagged
switchport general pvid 100
exit
!
interface ethernet 1/g20
switchport mode general
switchport general allowed vlan add 100,103 untagged
switchport general pvid 100
exit
exit
The behaviour of this config is:
port g17: ingress broadcast/multicast/unknown unicast packets egress ports g18 AND g19 AND g20. ingress known unicast packets are associated with the listed vlan and egress port g18 OR g19 OR g20.
port g18: ingress broadcast/multicast/unknown unicast packets egress ports g17 AND g19 AND g20. ingress known unicast packets are switched in vlan 100 and can egress port g17 OR g19 OR g20.
tango2406
22 Posts
0
May 27th, 2010 04:00
thanks again for your responses
tango2406
22 Posts
0
May 28th, 2010 04:00
Hi,
Would there be any reason why the associations dont appear when I run show vlan association subnet??
Thanks
tango2406
22 Posts
0
May 28th, 2010 06:00
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.05.28 22:47:14 =~=~=~=~=~=~=~=~=~=~=~=
console>enable
console#show run
!Current Configuration:
!System Description "Dell 24 Port Gigabit Ethernet, 2.2.0.3, VxWorks5.5.1"
!System Software Version 2.2.0.3
!
configure
vlan database
vlan 4,6,100-103
exit
stack
member 1 1
exit
ip address 192.168.131.20 255.255.255.0
ip default-gateway 192.168.131.30
interface vlan 4
name "Internal iscsci traffic SAN"
exit
interface vlan 6
name "Hosted Gateway"
exit
interface vlan 100
name "Inbound Gateway"
--More-- or (q)uit
exit
interface vlan 101
name "Inbound Gateway Hosted"
exit
interface vlan 102
name "Inbound Gateway Production"
exit
interface vlan 103
name "Inbound Gateway Utilise"
exit
username "****" password **************************level 15 encrypted
flowcontrol
!
interface ethernet 1/g2
spanning-tree portfast
mtu 9216
switchport access vlan 4
exit
!
interface ethernet 1/g3
spanning-tree portfast
--More-- or (q)uit
mtu 9216
switchport access vlan 4
exit
!
interface ethernet 1/g4
spanning-tree portfast
mtu 9216
switchport access vlan 4
exit
!
interface ethernet 1/g5
spanning-tree portfast
mtu 9216
switchport access vlan 4
exit
!
interface ethernet 1/g11
switchport access vlan 6
exit
!
interface ethernet 1/g12
--More-- or (q)uit
switchport access vlan 6
exit
!
interface ethernet 1/g13
switchport access vlan 6
exit
!
interface ethernet 1/g14
switchport access vlan 6
exit
!
interface ethernet 1/g17
switchport mode general
switchport general pvid 20
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100-103
exit
!
interface ethernet 1/g18
switchport mode general
switchport general pvid 20
--More-- or (q)uit
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100-101
exit
!
interface ethernet 1/g19
switchport mode general
switchport general pvid 20
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100,102
exit
!
interface ethernet 1/g20
switchport mode general
switchport general pvid 20
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100,103
exit
!
interface ethernet 1/g21
switchport mode general
switchport general pvid 20
--More-- or (q)uit
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100-101
exit
!
interface ethernet 1/g22
switchport mode general
switchport general pvid 20
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100,103
exit
!
interface ethernet 1/g23
switchport mode general
switchport general pvid 20
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100,102
exit
exit
console#show vlan association subnet
IP Subnet IP Mask VLAN ID
---------------- ---------------- -------
202.62.148.64 255.255.255.240 101
console#exit
console>exit
^
% Invalid input detected at '^' marker.
console>exit
^
% Invalid input detected at '^' marker.
console>
bh1633
909 Posts
0
May 28th, 2010 06:00
I so not know. Post the output of "show run" and "show vlan association subnet"
bh1633
909 Posts
0
May 28th, 2010 07:00
I do not see any of the vlan associations in your configuration. Enter them again and capture the session and post it.
tango2406
22 Posts
0
May 28th, 2010 07:00
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.05.28 23:28:59 =~=~=~=~=~=~=~=~=~=~=~=
console>enable
console#configure
console(config)#vlan database
console(config-vlan)#
console(config-vlan)#vlan association subnet 202.62.148.66 255.255.255.240 101
console(config-vlan)#vlan association subnet 202.62.148.67 255.255.255.240 101
console(config-vlan)#vlan association subnet 202.62.148.68 255.255.255.240 101
console(config-vlan)#vlan association subnet 202.62.148.69 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.70 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.71 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.72 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.73 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.74 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.75 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.76 255.255.255.240 102
console(config-vlan)#vlan association subnet 202.62.148.77 255.255.255.240 103
console(config-vlan)#vlan association subnet 202.62.148.78 255.255.255.240 103
console(config-vlan)#
console(config-vlan)#exit
console(config)#exit\
^
% Invalid input detected at '^' marker.
console(config)#exit
console#copy running-config startup-config
This operation may take a few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y
Configuration Saved!
console#
console#show vlan association subnet
IP Subnet IP Mask VLAN ID
---------------- ---------------- -------
202.62.148.64 255.255.255.240 103
console#exit
console>exit
^
% Invalid input detected at '^' marker.
console>
bh1633
909 Posts
0
May 28th, 2010 08:00
With a netmask of 255.255.255.240, you made the same entry 12 times. Use a netmask of 255.255.255.255.