This post is more than 5 years old
7 Posts
0
114836
!Updated! - VLAN routing and DHCP help needed.
Hello -- I'm editing this to be more direct in hopes that someone will be able to help and save me a call to tech support.
My scenario is this: I started a new job at the beginning of this year, and we're running out of IP addresses on my Class C /24 network, and would prefer not to have to reconfigure the entire network's subnet mask, and really don't want to change IPs of the servers. My colleague suggested VLANs, but neither of us have set them up before -- guess who gets to get it working. :)
What I've got so far: I have 3 VLANs set up, 1,5, and 10. One is the default, 5 is newly created for management (may be changed to some obscure number - 1337 or something), and 10 is the new OfficeDHCP VLAN.
Servers, Printers, and all other static IP addresses (shop PCs, one department's Macs, scanners, and several machines that have static IPs that we can not change without calling in the service company) will remain on VLAN 1.
The aptly named VLAN 10 will be the new OfficeDHCP vlan.
My test bed is a 6248 (which will be the live switch when this is all working), and a 6024 (which is emulating 5224s in the live environment).
I have devices on both the 6248 and the 6024 on VLAN 10 that are talking no problem.
I can NOT, however, get a device on VLAN 1 to talk a device on VLAN 10, even if both are on the same switch (the 6248).
Below is 'sh running config,' 'sh ip route,' and 'sh ip int' of the 6248:
-------------------------------------
console#show run
!Current Configuration:
!System Description "Powerconnect 6248, 3.2.0.7, VxWorks 6.5"
!System Software Version 3.2.0.7
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5,10
vlan routing 1 1
vlan routing 10 2
exit
stack
member 1 2
exit
ip address 192.168.5.10 255.255.255.0
ip address vlan 5
ip routing
ip route 192.168.10.0 255.255.255.0 192.168.10.1
interface vlan 1
routing
ip address 192.168.0.80 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 5
name "DeviceManagementVLAN"
exit
interface vlan 10
name "OfficeDHCP"
routing
ip address 192.168.10.2 255.255.255.0
exit
username "admin" password 'asdfasdfasdf' level 15 encrypted
no spanning-tree
dhcp l2relay
dhcp l2relay vlan 1,10
!
interface ethernet 1/g1
spanning-tree disable
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 1 tagged
exit
!
interface ethernet 1/g41
switchport access vlan 10
exit
!
interface ethernet 1/g42
dhcp l2relay
description 'Trunk Port for Test VLAN'
switchport mode general
switchport general allowed vlan add 5,10 tagged
switchport general allowed vlan add 1 tagged
exit
!
interface port-channel 1
spanning-tree disable
exit
snmp-server community public rw ipaddress 192.168.5.10
exit
console#
-------------------------------------
console#show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
C 192.168.0.0/24 [0/1] directly connected, vlan 1
C 192.168.10.0/24 [0/1] directly connected, vlan 10
console#
-------------------------------------
console#show ip int
Management Interface:
IP Address..................................... 192.168.5.10
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 0.0.0.0
Burned In MAC Address.......................... 5C26.0A91.C3CF
Network Configuration Protocol Current......... None
Management VLAN ID............................. 5
Routing Interfaces:
Netdir Multi
Interface State IP Address IP Mask Bcast CastFwd
---------- ----- --------------- --------------- -------- --------
vlan 1 Up 192.168.0.80 255.255.255.0 Disable Disable
vlan 10 Up 192.168.10.2 255.255.255.0 Disable Disable
console#
-------------------------------------
Any help will be greatly appreciated -- i'd love to get these noisy switches out of my office! :)
Thanks,
tbare
7 Posts
1
February 3rd, 2011 14:00
I just got done setting VLAN 1 to untagged on port 1 literally 8 minutes before you posted this, and everything started working no problem -- VLANs communicating, DHCP working for both VLANs, etc.
BTW, for anyone else running into this problem later on: on the 62xx series switches, General = Trunk on the 3xxx/5xxx series switches.
Also, do NOT tag VLAN 1 on the General ports...
Thanks for all your help, bh!
bh1633
909 Posts
1
February 3rd, 2011 14:00
Your Fortnet may not like packets tagged in vlan 1. Try setting that port to untagged in vlan 1. Or your Fortnet may not respond to pings for security reasons.
Regarding DHCP: Can you capture packets on your dhcp server and compare the vlan 10 packets to the vlan 1 packets?
tbare
7 Posts
0
February 1st, 2011 07:00
Update:
I've got into my fortigate, and set up an "OfficeDHCP" intervace, marking it as VLAN 1 with IP 192.168.10.1.
I've set up policies allowing all traffic from Internal to OfficeDHCP and vice versa. After doing this, I am able to successfully ping from VLAN 10 to VLAN 1, and from 1 to 10 IF 10 is on the 6024, but not to VLAN 10 on the 6248 (which doesn't make a whole lot of sense to me, being that the 6248 is in front of the 6024...)
I'm going to keep working on this, but if anyone has any other thoughts, please feel free!
Thanks,
bh1633
909 Posts
0
February 1st, 2011 08:00
Can you simplify the problem a little? Can you demonstrate the issue with just the 6248 and a few clients?
You will not be able to ping a routing interface on the 6248 unless there is a port with link up in its vlan.
Also, make sure spanning tree is not getting in your way. These switches run a single spanning tree instance by default, so even if you do not have a logical loop, a physical loop can cause connectivity issues. Post the output of "show spanning-tree".
If the issue only shows itself with the 6024, then also post the 6024 configuration and more information, preferable simplified.
tbare
7 Posts
0
February 1st, 2011 08:00
Additional info:
I can ping the 10.1 ip address on the router from the 6248, but not the 0.1 address.
I'm not sure exactly what this means, but i did add "ip route 192.168.0.0 255.255.255.0 192.168.0.1" to the config to try to resolve this. No avail.
tbare
7 Posts
0
February 1st, 2011 08:00
So, i've taken the 6024 out of the equation -- i've got 1 client on VLAN 1 (port 25), and 2 clients on VLAN 10 (ports 35 and 36).
The client on VLAN 1 is not receiving a DHCP address.
The client plugged into port 35 on VLAN 10 is getting a DHCP address.
The client plugged into port 36 on VLAN 10 is not getting a DHCP address. If I plug the client that did receive a DHCP address into another port that has VLAN 1 access, it does not recieve a DHCP address. Plugging it back into port 35, it picks up it's VLAN 10 IP again, goes back to work.
Here's the 'sh span'
--------------
console#show spanning-tree
Spanning tree :Disabled - BPDU Flooding :Disabled - Portfast BPDU filtering :Dis
abled - mode :rstp
CST Regional Root: 80:00:5C:26:0A:91:C3:CF
Regional Root Path Cost: 0
ROOT ID
Address 80:00:5C:26:0A:91:C3:CF
This Switch is the Root.
Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6
sec
Interfaces
Name State Prio.Nbr Cost Sts Role PortFast Restricted
------ -------- --------- ---------- ---- ----- -------- -------
1/g1 Disabled 128.1 0 FWD Disb No No
1/g2 Enabled 128.2 0 DIS Disb No No
1/g3 Enabled 128.3 0 DIS Disb No No
1/g4 Enabled 128.4 0 DIS Disb No No
bh1633
909 Posts
0
February 2nd, 2011 12:00
Can you post the config you used for your last test?
Explain exactly what is connected to what ports. Any additional information you think is important.
Is is odd that you cannot ping the 0.1 address from the switch.
tbare
7 Posts
0
February 3rd, 2011 06:00
There are 3 PCs connected to ports 25, 35, and 36.
Port 1 is connected directly to our Fortinet 80c, internal.
The Fortinet has the following config:
Internal - 192.168.0.1 / 255.255.255.0
OfficeDHCP (Type: VLAN, Interface: Internal, VLAN ID: 10) - 192.168.10.1 / 255.255.255.0
below is the config of the 6248:
console#show run
!Current Configuration:
!System Description "Powerconnect 6248, 3.2.0.7, VxWorks 6.5"
!System Software Version 3.2.0.7
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5,10
vlan routing 1 1
vlan routing 10 2
exit
stack
member 1 2
exit
ip address 192.168.5.10 255.255.255.0
ip address vlan 5
ip routing
ip route 192.168.10.0 255.255.255.0 192.168.10.1
ip route 192.168.0.0 255.255.255.0 192.168.0.1
interface vlan 1
routing
ip address 192.168.0.80 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 5
name "DeviceManagementVLAN"
exit
interface vlan 10
name "OfficeDHCP"
routing
ip address 192.168.10.2 255.255.255.0
exit
username "admin" password e42bced8b9715d70fef4d974a066fa66 level 15 encrypted
no spanning-tree
dhcp l2relay
dhcp l2relay vlan 1,10
!
interface ethernet 1/g1
description 'Link to router'
switchport mode general
switchport general allowed vlan add 5,10 tagged
switchport general allowed vlan add 1 tagged
exit
!
interface ethernet 1/g35
switchport access vlan 10
exit
!
interface ethernet 1/g36
switchport access vlan 10
exit
!
interface ethernet 1/g42
dhcp l2relay
description 'Trunk Port for Test VLAN'
switchport mode general
switchport general allowed vlan add 5,10 tagged
switchport general allowed vlan add 1 tagged
exit
!
interface port-channel 1
spanning-tree disable
exit
snmp-server community public rw ipaddress 192.168.5.10
exit
console#
tbare
7 Posts
0
February 3rd, 2011 11:00
Any thoughts? I'm assuming at this point that the problem is with the Fortinet, and have have opened a ticket with them to help me get the routing resolved. If I still have a problem, I'll post again.
Thanks,