Networking General

Last reply by 06-07-2018 Unsolved
Start a Discussion
2 Bronze
2 Bronze
4164

VLAN connectivity issues on Dell N1524 Switches

Hello,

I am wondering if someone could possibly offer some help. 

I have recently just installed two new Dell N1524 switches in a stacking configuration for a "top of rack" deployment.

These switches contain 5 VLANs and there are ports configured to go to a pfsense firewall to carry out the routing between these various VLANs (Router on a stick). Each VLAN has its own gateway provided by the firewall.

VLAN 1: Workstations and Server Network

VLAN 20: VDI Network

VLAN 40: Guest Network 

VLAN 60: DMZ Network

VLAN 80: Management Network

Each switch also has a 10Gb SFP+ port in use which act as trunk ports to connect to an existing Dell PowerConnect 5548 stack. 

The first issue I am experiencing is strange. All VLANs have connectivity to and from each other apart from VLAN 60. I can reach the gateway of VLAN 60 residing on the firewall from the other VLANs but cannot reach anything else on this VLAN, devices in this VLAN also cannot reach the gateway or anything else, there has been no changes to any firewall rules for this VLAN.

The port on the N1524 switches going to the firewall for this VLAN is configured as General mode and is Tagged for VLAN 60 – this was the same configuration on our previous set of Dell PowerConnect switches and it worked fine but not on the N1524 unless I am missing something?

The second issue is that PowerConnect 5548 stack is unaware of the VLANs on the N1524 Stack and therefore I cannot configure ports on the 5548 with these VLANs. The N1524 stack and PowerConnect 5548 stack are connected via 10Gb SFTP+ links and these are configured as trunk ports using the configuration below.

 N1524 Stack:

Interface te1/0/3

Switchport mode trunk

Switchport trunk allowed vlan all

Interface te2/0/3

Switchport mode trunk

Switchport trunk allowed vlan all

 

PowerConnect 5548 Stack:

Interface te1/0/1

Switchport mode trunk

Switchport trunk allowed vlan all

Interface te2/0/1

Switchport mode trunk

Switchport trunk allowed vlan all

Do I need to specify a VLAN range instead of using the “allowed all” command?

 

Many thanks.

 

Replies (5)
Anonymous
Not applicable
4140

I would probably start by checking each stack to be sure that the desired VLANs have been created and are in an up status.

You can use the following command to check VLAN status: # show vlan

Please feel free to post up the output.

Here is a KB article on how to create VLANs, in case you need it: https://dell.to/2ukibDI

 

4121

Hi Daniel,

Thanks for that.

I have performed a show vlan on the N1524 Switches and can verify that all the VLANs are there but there is no info on whether they are in the up state or not? I know Cisco switches display this with the same command, is there another syntax required for Dell?

One thing I have noticed is that VLANs 1, 20, 40 and 80 all have IP routing active on them apart from VLAN 60, could this be the reason why there is no traffic is going to and from this VLAN? I've never had to enable IP routing on the switch side before as the firewall always handled this.

I'm just thinking that with IP routing enabled the switch is then aware of the VLAN interface being in the "Up" state?

Performing a show vlan on the PowerConnect 5548 Stack doesn't list any other VLANs apart from VLAN 1 so it would appear the VLANs on the N1524 stack are not being automatically created on the PowerConnect 5548 stack.

I can post the configuration soon when I get a chance to sit back down at both switches to compare. Unfortunately I have had to revert back to the previous PowerConnect switches for now as external users need to come in through the DMZ to access internal resources.

 Thanks.

Anonymous
Not applicable
4110

If the firewall is performing the routing between VLANs, then the switches do not need IP addresses on the VLANs, except one to manage. But if the switch has IP Addresses assigned to the VLANs and has routing enabled, then there is a good chance the switch is routing between the VLANs and not the firewall. You can certainly test adding IP/routing to VLAN 60.

Are you trying to use GVRP to populate VLANs from the N-series to the 5500? If so, I suggest manually creating the VLANs on the 5500 switch. Then once everything is working, then troubleshoot implementation of GVRP.

If you are not using GVRP, then the VLANs will not be populated automatically from one switch to the other. You will need to manually create the VLANs on the 5500 switch.

4048

That's what I thought, I've removed the IP addresses on some of the VLANs apart from VLAN 80 as this has an IP address for managing the switch via SSH and Web GUI. 

After a bit more troubleshooting it appears if I set the port going to the firewall DMZ interface as a trunk port rather than General then this works and traffic from devices inside VLAN 60 are able to route properly, not sure why General mode didn't as this was what was configured previously on the older switches - potentially related to different OS/firmware. 

As for populating VLANs from the N1524 stack to the 5548 stack I'm not using GVRP for this, previously with Cisco switches doing this exact configuration would populate the VLAN database of other connected switches with the VLAN IDs present on the source switch therefore GVRP wasn't entirely necessary.

I understand that with Dell switches this might be treated differently or is not possible so it does look as though manually creating the same VLANs on the 5548 stack is the easier option unless I go down the GVRP route which can be difficult to troubleshoot at times. 

I'll keep you updated for when I put the N1524 Stack back into production with the configuration discussed above. 

 

Thanks. 

 

4035

I would recommend skipping the GVRP configuration when using a PowerConnect 5500 series switch. GVRP doesn't work on trunk links with these switches. You would have to use general mode meaning that when you add a new VLAN to the N1524 stack, you have to manually allow that same VLAN on the general mode ports on the 5500 Series switch anyway.

The reason it worked on your Cisco switches is that VTP is enabled by default, automatically propagating all created VLANs to other VTP enabled switches in the network.

Latest Solutions
Top Contributor