Unsolved
This post is more than 5 years old
6 Posts
0
27374
Stacked 62xx's, Fibre and VLAN's
Hello
I have been banging my head against a brick wall for days now, and I cant seem to find the information I need, I wonder if there is a kind soul out there??
Here is my problem. We have 3 "nodes" on our site, and we are going to be installing a fourth in the near future, these nodes are connected by a 10G fibre link. In each node we have some 62xx's stacked in the following manner:
Node 1 has 4 6248's stacked
Node 2 has 2 6248's stacked
Node 3 has 2 6224's stacked
Node 4 will have 2 6224's not stacked
As I said the all nodes are connected via fibre.
The stacks are running a default configuration with a single IP address for each, nothing else has changed from the default.
The problem is, when we put in node 4 it will be predominately for another company that is renting some warehouse and office space from us at the other end of the yard (around 400m away). We do not wish for their traffic to see ours and vice versa. Their fibre internet connection will be coming into node 1 and needs piping up to node 4. So, we have decided that as this is what VLAN's were created for, we should VLAN up! And thats where my trouble starts. I have no prior working knowledge of VLAN's, and after 2 weeks of trial and error and reading various posts/comments and handbooks, I know the terminology and i thought I had a handle on it, but it seems I dont.
I have a spare 6248 running firmware version 2.0.0.12 (same firmware as all the others) and I have been researching/practising on that. Now, I can create a couple of basic VLAN's (with no IP's assigned), assign ports to use the VLAN, and everything works untagged. The problem is as I see it, to pass VLAN traffic from one switch to another you need to have the VLAN running tagged yes? But as soon as I designate the ports to be tagged everything stops passing traffic and sits there.
So, I have many questions, but mainly "What the heck am I doing wrong?" is the biggy, followed by
How do I translate that to a stack?
Is "trunking" a fibre connection as easy as it sounds?
Can I go home now and lie down somewhere dark with no computers.....?
DELL-Willy M
802 Posts
0
January 25th, 2012 15:00
You need to look at trunking (Trunk — The LAG belongs to more than one VLAN, and all ports are tagged (except for an optional
single native VLAN) the connection where you have multiple vlans running between your nodes. This will allow the tagged traffic to reach the desired location. You can even specify what VLANs are allowed thru the trunk. You would do this on the interface level or the Port channel if you have a LAG connection set up.
Sample:
console# configure
console(config)# interface xxxxx
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add xxx
console(config-if)# end
There is another option where you can use a VLAN and isolate the traffic to a specific subnet if the traffic from the other office is set up on a different subnet.
Let us know if you have any further questions.
akapanther71
6 Posts
0
January 30th, 2012 01:00
Hi
Thanks for the reply, have just got around to this again today.
My problem is, that I can not even get 2 laptops on the same VLAN talking to each other on the same switch as tagged-only. If I run untagged, then that's OK, but as I need to expand this over the network I described, untagged is not an option.
Every time I change the switch port mode to tagged-only, everything stops. I must admit I have not tried 2 switched talking over a trunk yet, as I have yet to make 2 laptops talk to each other on the same switch.
DELL-Willy M
802 Posts
0
January 30th, 2012 09:00
Just to make sure you would create the VLAN like this:
console# configure
console(config)# vlan database
console(config-vlan)# vlan XXX
console(config-vlan)# exit
console(config)# interface vlan XXX
console(config-if)# name XXXXXX
console(config-if)# end
On each port or range where you have the laptops connected you will need to provide access to the specific VLAN you have created.
Something similar to this:
console# configure
console(config)# vlan database
console(config-vlan)# vlan XXX
console(config-vlan)# end
console# configure
console(config)# interface ethernet XXX
console(config-if)# switchport mode access
console(config-if)# switchport access vlan xxx
console(config-if)# end
console# show vlan
Vlan Name Ports Type Authorization
---- ----------------- --------------------------- ------------ -------------
1 1 XXXX other Required
xxx VLAN XXXXXXX xxx permanent Required
akapanther71
6 Posts
0
January 31st, 2012 00:00
Here is what I am doing:
console>enable
console#configure
console(config)#vlan database
console(config-vlan)#vlan 10
console(config-vlan)#vlan 20
console(config-vlan)#exit
console#configure
console(config)#interface vlan 10
console(config-if-vlan10)#ip address 192.168.4.1 255.255.255.0
console(config-if)# name Test10
console(config-if-vlan10)#exit
console#configure
console(config)#interface vlan 20
console(config-if-vlan20)#ip address 192.168.5.1 255.255.255.0
console(config-if)# name Test20
console(config-if-vlan20)#exit
console#configure
console(config)#interface ethernet 1/g5
console(config-if-1/g2)#switchport mode general
console(config-if-1/g2)#switchport general allowed vlan add 10
console(config-if-1/g2)#switchport general acceptable-frame-type tagged-only
console(config-if-1/g2)#switchport general pvid 10
console(config-if-1/g2)#exit
console#configure
console(config)#interface ethernet 1/g9
console(config-if-1/g3)#switchport mode general
console(config-if-1/g3)#switchport general allowed vlan add 10
console(config-if-1/g2)#switchport general acceptable-frame-type tagged-only
console(config-if-1/g3)#switchport general pvid 10
console(config-if-1/g3)#exit
console(config)# interface 1/g1
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add 1
console(config-if)# switchport trunk allowed vlan add 10
console(config-if)# switchport trunk allowed vlan add 20
console(config-if)# end
At the end of which, I change the tagged/untagged portion in the GUI interface.
The 2 laptops on the same switch, on the same VLAN, on the same IP range then can not see each other.
I am sure its something I am doing/not doing, like a tick in the box "make it work" or something stupid.
Many thanks for your help so far though :-)
DELL-Willy M
802 Posts
1
February 1st, 2012 18:00
Have you tried this from the CLI User guide?
support.dell.com/.../cli_en.pdf
vlan routing
Use the vlan routing command to enable routing on a VLAN. Use the “no”
form of this command to disable routing on a VLAN.
Syntax
vlan routing vlanid [index]
• vlanid— Valid VLAN ID (Range 1–4093).
• index — Internal interface ID. This optional parameter is listed in the
configuration file for all VLAN routing interfaces. When a nonstop
forwarding failover occurs, this information enables the system to correlate
checkpointed state information with the proper interfaces and their
configuration.
Default Configuration
Routing is not enabled on any VLANs by default.
Command Mode
VLAN Database mode
User Guidelines
The user is not required to use this command. Routing can still be enabled
using the routing command in VLAN Interface Configuration mode.
Examples
console(config-vlan)# vlan routing 10 1
akapanther71
6 Posts
0
February 2nd, 2012 02:00
Hi
I have reset the switch, and re-done the config but I am still having the same problem. Here are my config commands in the order I do them:
console>enable
console#configure
console(config)#vlan database
console(config-vlan)#vlan 10
console(config-vlan)#vlan 20
console(config-vlan)#vlan routing 10
console(config-vlan)#vlan routing 20
console(config-vlan)#exit
console(config)#interface vlan 10
console(config-if-vlan10)#ip address 192.168.4.1 255.255.255.0
console(config-if-vlan10)#name Test10
console(config-if-vlan10)#routing
console(config-if-vlan10)#exit
console(config)#interface vlan 20
console(config-if-vlan20)#ip address 192.168.5.1 255.255.255.0
console(config-if-vlan20)#name Test20
console(config-if-vlan20)#routing
console(config-if-vlan20)#exit
console(config)#interface ethernet 1/g5
console(config-if-1/g5)#switchport mode general
console(config-if-1/g5)#switchport general allowed vlan add 10 tagged
console(config-if-1/g5)#switchport general acceptable-frame-type tagged-only
console(config-if-1/g5)#switchport general pvid 10
console(config-if-1/g5)#exit
console(config)#interface ethernet 1/g9
console(config-if-1/g9)#switchport mode general
console(config-if-1/g9)#switchport general allowed vlan add 10 tagged
console(config-if-1/g9)#switchport general acceptable-frame-type tagged-only
console(config-if-1/g9)#switchport general pvid 10
console(config-if-1/g9)#exit
console(config)#interface ethernet 1/g1
console(config-if-1/g1)# switchport mode trunk
console(config-if-1/g1)# switchport trunk allowed vlan add 1
console(config-if-1/g1)# switchport trunk allowed vlan add 10
console(config-if-1/g1)# switchport trunk allowed vlan add 20
console(config-if-1/g1)# end
And here is the running config:
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,20
vlan routing 10 1
vlan routing 20 2
exit
stack
member 1 1
exit
ip address 172.16.1.250 255.255.0.0
ip default-gateway 172.16.0.1
interface vlan 10
name "Test10"
routing
ip address 192.168.4.1 255.255.255.0
exit
interface vlan 20
name "Test20"
routing
ip address 192.168.5.1 255.255.255.0
exit
username "admin" password 6084bf5ef16adad7a9760e897ad896df level 15 encrypted
!
interface ethernet 1/g5
switchport mode general
switchport general pvid 10
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 10 tagged
exit
!
interface ethernet 1/g9
switchport mode general
switchport general pvid 10
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 10 tagged
exit
!
interface ethernet 1/g17
switchport mode trunk
switchport trunk allowed vlan add 1,10,20
exit
exit
console#
Now, to me it looks fine, but the laptop on port 5 with an IP of 192.168.4.248 can not ping the laptop on port 9 with an IP of 192.168.4.247, and I they should, after all they are on the same VLAN on the same switch.
Any ideas are gratefully received :-)
DELL-Willy M
802 Posts
1
February 2nd, 2012 15:00
Verify that you have the gateway set up on the client PCs of 192.168.4.1 for VLAN 10. If you do not have the gateway set up it will not complete the ping successfully.
Also, I would look at setting the interfaces to switchport mode access for vlan 10 along with the spanning-tree portfast.
Take a look at this Post from our Forum with an example of a working config.
en.community.dell.com/.../20014680.aspx
akapanther71
6 Posts
0
February 6th, 2012 00:00
Hi
All the ports are set to Port Fast, and I can't really set the port mode to access as I need to roll this out across all the switches when I can get it working.
Also, the default gateway on the laptops are set to the switch IP, and still no joy. I am thinking it must be something to do with routing? I have looked at the example you sent and to be honest, the routing side does not make much sense to me.
To reiterate, we will have 2 networks that should not be able to see each other running through the same switches. As a result, I didn't think I would need to route the traffic from one VLAN to the other?
All your help is greatly appreciated.
DELL-Willy M
802 Posts
1
February 6th, 2012 13:00
If your client PC's are in VLAN 10 then they would need the default gateway of VLAN 10 192.168.4.1 and an IP of 192.168.4.xxx
Then they should be able to ping the 192.168.4.1 and the other PC IP address on the same subnet.
You can also use an ACL list to isolate traffic on the network.
akapanther71
6 Posts
0
February 7th, 2012 02:00
That is my problem, laptop1 has an IP of 192.168.4.248 (255.255.255.0) and laptop2 is 192.168.4.247 (255.255.255.0). Both have a gateway of 192.168.4.1 and they can not talk or even ping each other with the configuration as I described earlier. The switch is IP 172.16.1.250 (255.255.0.0) and the VLAN is 192.168.4.1 (255.255.255.0).
From a factory reset where we wipe the config, apart from setting the main IP to the above, I type in exactly what I have posted, nothing more, nothing less. From my limited experience with VLAN's this should work I think, but it doesn't. So, I must be missing out a small but fundamental step?
Many thanks for your help