6 Posts
0
1678
June 6th, 2020 17:00
VLAN routing on 6200 stack
Hello,
I have a stack with 2 Powerconnect 6248, 1 6224, and 1 6224F switches. The problem I am having is that I am not able to route traffic to the gateway device. The configuration
USTMASWCORE#show running-config
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.18.1, VxWorks 6.5"
!System Software Version 3.3.18.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 48-52
vlan routing 48 1
vlan routing 49 2
vlan routing 50 3
vlan routing 51 4
vlan routing 52 5
exit
hostname "USTMASWCORE"
stack
member 1 2
member 2 2
member 3 3
exit
ip address none
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.0.254
interface vlan 48
name "VLAN_48"
routing
ip address 192.168.0.1 255.255.255.0
exit
interface vlan 49
name "VLAN_49"
routing
ip address 192.168.49.1 255.255.255.0
exit
interface vlan 50
name "VLAN_50"
routing
ip address 192.168.50.1 255.255.255.0
exit
interface vlan 51
name "VLAN_51"
routing
ip address 192.168.51.1 255.255.255.128
exit
interface vlan 52
name "VLAN_52"
routing
ip address 192.168.51.129 255.255.255.128
exit
!
interface ethernet 1/g1
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g2
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g3
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g4
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g5
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g6
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g7
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g8
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g9
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g10
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g11
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g12
description "Server_VLAN"
switchport access vlan 49
exit
!
interface ethernet 1/g13
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g14
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g15
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g16
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g17
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g18
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g19
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g20
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g21
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g22
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g23
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g24
description "WORKSTATION_VLAN"
switchport access vlan 50
exit
!
interface ethernet 1/g25
description "PUBLIC_WIFI"
switchport access vlan 51
exit
!
interface ethernet 1/g26
description "PROTECTED_WIFI"
switchport access vlan 52
exit
!
interface ethernet 1/g27
description "PUBLIC_WIFI"
switchport access vlan 51
exit
!
interface ethernet 1/g28
description "PROTECTED_WIFI"
switchport access vlan 52
exit
!
interface ethernet 1/g29
description "PUBLIC_WIFI"
switchport access vlan 51
exit
!
interface ethernet 1/g30
description "PROTECTED_WIFI"
switchport access vlan 52
exit
!
interface ethernet 1/g45
switchport mode general
exit
!
interface ethernet 1/g48
description "UPLINK_FIREWALL"
switchport mode trunk
switchport trunk allowed vlan add 48-52
exit
exit
USTMASWCORE#
The gateway/firewall is a pfSense router at version 2.4.4-RELEASE-P3. I have done the following tests:
Ping devices across vlans: success
Ping vlan IP addresses from different vlans: success
Ping gateway IP address (192.168.0.254): fail
This configuration is not that much different from the config on my Netgear smart switches. The only difference is that, with the smart switches, I have to do routing on my live pfSense gateway. I am trying to remove the smart switches and upgrade them with the 6200 stack.
I've looked looked at the configuration and I can't see where the problem might be. Before moving into more involved configuration settings, I want to get the basic VLAN routing working. I would really appreciate any assistance anyone can offer.
Thank you in advance for taking the time to look at this.
0 events found
DELL-Josh Cr
Moderator
•
9.6K Posts
•
35 Points
0
June 9th, 2020 09:00
Ok, you could try setting the port to access mode instead of trunk mode and only pass the VLAN that the firewall is on since it doesn’t need to know about the other VLANs.
DELL-Josh Cr
Moderator
•
9.6K Posts
•
35 Points
0
June 8th, 2020 10:00
Hi,
Is the port on the PFsense device set to allow vlan tagging?
MartinMune
6 Posts
0
June 8th, 2020 14:00
Josh,
That is a great question. I would say no but I've done searching all day long on how to create an interface in pfSense that accepts tagged traffic. Found one article but I think it is overly complicated.
The article is can be found here.
Have you seen any issues with the configuration as posted?
Thank you for your response!
DELL-Josh Cr
Moderator
•
9.6K Posts
•
35 Points
0
June 8th, 2020 14:00
The configuration looks correct on the switch side.
MartinMune
6 Posts
0
June 8th, 2020 17:00
Josh,
Thanks for confirming the configuration of my Powerconnect stack. Every example I've seen on different documents on VLAN's between xyz switches and pfSense uses the latter as the glue that holds all VLANs together. This is nice if you don't have a L3 switch. However the 6200 series is a full L3 switch so all routing should happen on the switch/stack.
On your first answer you asked if the "Is the port on the PFsense device set to allow vlan tagging?" I have three different books on pfSense and none specify how to get a port set to receive tagged traffic either on the GUI or the command line. I thought that pfSense interfaces are blind to the kind of traffic that's coming in.
Thanks!
DELL-Josh Cr
Moderator
•
9.6K Posts
•
35 Points
0
June 8th, 2020 17:00
This isn’t it? https://dell.to/2UmK5ie I have only used PFSense on single subnet deployments.
MartinMune
6 Posts
0
June 8th, 2020 18:00
Josh,
The idea is to use the PowerConnect stack L3 routing capabilities and have the pfSense router just do firewall duty. The setting you pointed at assumes you want to do all routing on the pfSense router. Am I correct? All I need to do is have the LAN interface from the pfSense router connected to one of the trunk ports and assign an IP address to it so it can talk to the stack.
Thanks!