Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

k---h

4 Posts

13173

July 31st, 2012 23:00

VLAN routing problem

I have a stack of 6248s.  They are in production.  They were configured when I got them with a very basic config.  I can include it.  Essentially the IP of the switch was in the Default vlan.

I need to break the ports into a number of vlans and use the switch to route.  I need to do this without breaking anything.

So far I have created the VLANs and moved everyone from the default vlan by the process of turning all the ports to general mode and adding the new vlan to each port.

interface ethernet 1/g2
switchport mode general
switchport general allowed vlan add 192
exit
!

When I first did this it had a tendency to broadcast lots of traffic and I couldn't ping between hosts so I added an association: 

vlan routing 2 1
vlan routing 10 2
vlan routing 20 3
vlan routing 30 4
vlan routing 200 5
vlan routing 192 6
vlan association subnet 192.168.2.0 255.255.255.0 192
vlan association subnet 192.168.10.0 255.255.255.0 192
exit

With all ports configured like this everything works.

The problem is that when I change a port to this:

interface ethernet 1/g40
switchport access vlan 192
exit
!

Then the PC can see everything on the subnet but can't access anything else.

I will add the configs as a reply.

Edited: I would like to convert most ports to access mode.  For the current working VLAN which is VLAN 192 the switchs don't need to do any routing.  For the other VLANs the switchs will route. 

Even now if I remove the "routing" command from VLAN 192 a machine on a port set to access mode seems to lose all connectivity.

k---h

4 Posts

August 1st, 2012 17:00

Most or all of the ports are connected to a desktop or server.  Because this was a live system with a lot of users I was trying to migrate them to a (non-default) vlan without disruption.  I realised after reading a post on this forum that  the vlan associations was definitely not what I wanted.  associations as I understand it now lets the switch put a machine in a vlan based on its IP.  

I came in after hours and moved all ports to access mode and vlan 192 which is my first step.  The problem was that I had to do it all at once to maintain connectivity.  Even then I forgot to move the LAG as well.  Once I did that as well the subnet works correctly.

If I want multicast routing without unicast routing is that possible?

k---h

4 Posts

July 31st, 2012 23:00

Config with VLANs:

my-switch#show run
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 2,10,20,30,192,200,250
ip igmp snooping 1
vlan routing 2 1
vlan routing 10 2
vlan routing 20 3
vlan routing 30 4
vlan routing 200 5
vlan routing 192 6
vlan association subnet 10.23.2.0 255.255.255.0 2
vlan association subnet 10.23.10.0 255.255.255.0 10
vlan association subnet 10.23.20.0 255.255.255.0 20
vlan association subnet 10.23.30.0 255.255.255.0 30
vlan association subnet 10.23.200.0 255.255.255.0 200
vlan association subnet 10.23.250.0 255.255.255.0 250
vlan association subnet 192.168.2.0 255.255.255.0 192
vlan association subnet 192.168.10.0 255.255.255.0 192
exit
hostname "my-switch"
sntp unicast client enable
sntp server 192.168.2.173
clock timezone 11 minutes 0
stack
member 1 2
member 2 2
exit
switch 1 priority 1
switch 2 priority 2
ip address 10.23.251.2 255.255.255.0
ip default-gateway 10.23.251.1
ip domain-name mycompany.com
logging facility local0
logging 192.168.2.67
level warning
exit
ip routing
interface vlan 2
name "firewall"
routing
ip address 10.23.2.2 255.255.255.0
exit
interface vlan 10
name "server"
routing
ip address 10.23.10.1 255.255.255.0
exit
interface vlan 20
name "developer"
routing
ip address 10.23.20.1 255.255.255.0
exit
interface vlan 30
name "business"
routing
ip address 10.23.30.1 255.255.255.0
exit
interface vlan 192
name "old-vlan"
routing
ip address 192.168.2.246 255.255.255.0
exit
interface vlan 200
name "test"
routing
ip address 10.23.200.1 255.255.255.0
exit
interface vlan 250
name "sysadmin"
exit
username "admin" password xxxxx level 15 encrypted
line ssh
password xxxxx encrypted
exit
ip ssh server
bridge multicast filtering
management access-list "SSH"
permit vlan 1 service ssh priority 1
permit vlan 10 service ssh priority 2
permit vlan 20 service ssh priority 3
permit vlan 30 service ssh priority 4
permit vlan 1 service http priority 5
permit vlan 10 service http priority 6
permit vlan 20 service http priority 7
permit vlan 30 service http priority 8
permit vlan 192 service ssh priority 10
permit vlan 192 service http priority 11
exit
ip igmp snooping
ipv6 mld snooping
ip igmp snooping querier
ip multicast
ip igmp
ip pimdm
!
interface ethernet 1/g1
switchport mode general
switchport general allowed vlan add 192
exit
!
interface ethernet 1/g2
switchport mode general
switchport general allowed vlan add 192
exit
!
interface ethernet 1/g3
switchport mode general
switchport general allowed vlan add 192
exit
!
!.....

interface ethernet 1/g40
switchport access vlan 192
exit
!
interface ethernet 1/g44
channel-group 1 mode auto
switchport mode general
switchport general allowed vlan add 192
exit
!
interface ethernet 1/g48
spanning-tree portfast
switchport mode general
switchport general allowed vlan add 192
exit
!
interface ethernet 1/xg1
ip igmp snooping
exit
!
interface ethernet 1/xg2
ip igmp snooping
exit
!
interface ethernet 2/g4
ip igmp snooping
switchport mode general
switchport general allowed vlan add 192
exit
!
interface ethernet 2/g44
channel-group 1 mode auto
switchport mode general
switchport general allowed vlan add 192
exit
!
interface port-channel 1
description 'to_server'
switchport mode general
switchport general allowed vlan add 192
exit
my-switch#

k---h

4 Posts

July 31st, 2012 23:00

Initial config:

my-switch#show run
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
hostname "my-switch"
sntp unicast client enable
sntp server 192.168.2.173
clock timezone 11 minutes 0
stack
member 1 2
member 2 2
exit
switch 1 priority 1
switch 2 priority 2
ip address 10.23.251.2 255.255.255.0
ip default-gateway 10.23.251.1
ip domain-name mycompany.com
logging facility local0
logging 192.168.2.67
level warning
exit
ip routing
username "admin" password xxxxx level 15 encrypted
line ssh
password xxxxx encrypted
exit
ip ssh server
bridge multicast filtering
ip igmp snooping
ipv6 mld snooping
ip igmp snooping querier
ip multicast
ip igmp
ip pimdm
!
interface ethernet 1/g44
channel-group 1 mode auto
exit
!
interface ethernet 1/xg1
ip igmp snooping
exit
!
interface ethernet 1/xg2
ip igmp snooping
exit
!
interface ethernet 2/g4
ip igmp snooping
exit
!
interface ethernet 2/g44
channel-group 1 mode auto
exit
!
interface port-channel 1
description 'to_server'
exit
my-switch#

Was this post helpful?

View All

0 events found

No Events found!

Top