6024F dropping packets

Question

Network Environment: I have a Dell 6024F with six Dell 3448s connected to it as edge switches.  The 3448 switches are connected to the 6024F via fiber ports which are trunked to carry all VLAN traffic.  I have a Cisco WLAN controller connected to copper port 19 on the 6024F.  Port 19 is an untagged member of VLAN 102.  I have a Cisco access point connected to port 1 of a 3448.  Port 1 is an untagged member of VLAN 102.   Problem Description: While I can ping from the access point to the controller and from the controller to the access point, the 6024F is dropping the UDP packets containing the LWAPP JOIN_REQUEST.  I have packet captures showing the JOIN_REQUEST submitted by the access point, but those specific packets never make it to the WLAN controller.  If I put the WLAN controller and the access point on the same 3448, they are able to successfully establish communications.  If I put the WLAN controller and the access point on the 6024F, they are *NOT* able to establish communications due to the JOIN_REQUEST packets being dropped.   Help in determining and correcting the cause of the problem would be greatly appreciated.   Thanks! -Eric

cerbera_a84f2d · Answer

Could you post the config files of the 3448 and 6024F in question?

Tortilla Bob · Answer

PowerConnect 3448

tenant-ne2# show run
no spanning-tree
interface ethernet g1
description "Fiber uplink to Dell 6024F"
exit
interface ethernet g1
switchport mode trunk
exit
vlan database
vlan 101-105
exit
interface ethernet g1
switchport trunk allowed vlan add 101
exit
interface range ethernet e(1-48),g4
switchport access vlan 102
exit
interface ethernet g1
switchport trunk allowed vlan add 102
exit
interface ethernet g1
switchport trunk allowed vlan add 103
exit
interface ethernet g1
switchport trunk allowed vlan add 104
exit
interface ethernet g1
switchport trunk allowed vlan add 105
exit
interface vlan 101
name "National Access Group"
exit
interface vlan 102
name Public
exit
interface vlan 103
name GlobalTec
exit
interface vlan 104
name "Horse and Rider"
exit
interface vlan 105
name "Rush Works"
exit
interface vlan 1
ip address 192.168.15.7 255.255.255.0
exit
interface vlan 101
ip address 172.31.101.7 255.255.255.0
exit
interface vlan 102
ip address 172.31.102.7 255.255.255.0
exit
interface vlan 103
ip address 172.31.103.7 255.255.255.0
exit
interface vlan 104
ip address 172.31.104.7 255.255.255.0
exit
ip default-gateway 192.168.15.1
hostname tenant-ne2
line ssh
exec-timeout 60
exit
ip ssh server
snmp-server location IDF_NE2
snmp-server contact IT_Department
snmp-server community ********** rw view DefaultSuper
interface vlan 1
sntp client enable
exit
clock timezone -6
clock summer-time recurring usa zone utc
clock source sntp
sntp client poll timer 43200
sntp unicast client enable
sntp unicast client poll
sntp server 172.18.1.2 poll

Tortilla Bob · Answer

cerbera wrote:

Could you post the config files of the 3448 and 6024F in question?

Done! They are fairly simple configs. I can't see anything in either config that could cause the UDP packets in question to be dropped. Especially since the packets are staying within the same VLAN (102).

-Eric

Tortilla Bob · Answer

dell-6024f# show run

Router Configuration
-----------------------------

no spanning-tree
interface range ethernet g(1-6)
switchport mode trunk
exit
vlan database
vlan 101-105
exit
interface range ethernet g(1-6)
switchport trunk allowed vlan add 101
exit
interface range ethernet g(19-20)
switchport access vlan 102
exit
interface range ethernet g(1-6)
switchport trunk allowed vlan add 102
exit
interface range ethernet g(1-6)
switchport trunk allowed vlan add 103
exit
interface range ethernet g(1-6)
switchport trunk allowed vlan add 104
exit
interface range ethernet g(1-6)
switchport trunk allowed vlan add 105
exit
interface vlan 101
name "National Access Group"
exit
interface vlan 102
name Public
exit
interface vlan 103
name GlobalTec
exit
interface vlan 104
name "Horse and Rider"
exit
interface vlan 105
name "Rush Works"
exit
interface vlan 1
ip address 192.168.15.2 255.255.255.0
exit
interface vlan 101
ip address 172.31.101.1 255.255.255.0
exit
interface vlan 102
ip address 172.31.102.1 255.255.255.0
exit
interface vlan 103
ip address 172.31.103.1 255.255.255.0
exit
interface vlan 104
ip address 172.31.104.1 255.255.255.0
exit
interface vlan 105
ip address 172.31.105.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.15.1
ip dhcp relay address 192.168.15.127
ip dhcp relay enable
ip access-list "101"
permit-udp any any 192.168.15.127 0.0.0.0 68
deny any 172.31.101.0 0.0.0.255 192.168.15.0 0.0.0.255
deny any 172.31.101.0 0.0.0.255 172.31.102.0 0.0.0.255
deny any 172.31.101.0 0.0.0.255 172.31.103.0 0.0.0.255
deny any 172.31.101.0 0.0.0.255 172.31.104.0 0.0.0.255
deny any 172.31.101.0 0.0.0.255 172.31.105.0 0.0.0.255
permit any any any
exit
ip access-list "102"
permit-udp any any 192.168.15.127 0.0.0.0 68
deny any 172.31.102.0 0.0.0.255 192.168.15.0 0.0.0.255
deny any 172.31.102.0 0.0.0.255 172.31.101.0 0.0.0.255
deny any 172.31.102.0 0.0.0.255 172.31.103.0 0.0.0.255
deny any 172.31.102.0 0.0.0.255 172.31.104.0 0.0.0.255
deny any 172.31.102.0 0.0.0.255 172.31.105.0 0.0.0.255
permit any any any
exit
ip access-list "103"
permit-udp any any 192.168.15.127 0.0.0.0 68
deny any 172.31.103.0 0.0.0.255 192.168.15.0 0.0.0.255
deny any 172.31.103.0 0.0.0.255 172.31.101.0 0.0.0.255
deny any 172.31.103.0 0.0.0.255 172.31.102.0 0.0.0.255
deny any 172.31.103.0 0.0.0.255 172.31.104.0 0.0.0.255
deny any 172.31.103.0 0.0.0.255 172.31.105.0 0.0.0.255
permit any any any
exit
ip access-list "104"
permit-udp any any 192.168.15.127 0.0.0.0 68
deny any 172.31.104.0 0.0.0.255 192.168.15.0 0.0.0.255
deny any 172.31.104.0 0.0.0.255 172.31.101.0 0.0.0.255
deny any 172.31.104.0 0.0.0.255 172.31.102.0 0.0.0.255
deny any 172.31.104.0 0.0.0.255 172.31.103.0 0.0.0.255
deny any 172.31.104.0 0.0.0.255 172.31.105.0 0.0.0.255
permit any any any
exit
ip access-list "105"
permit-udp any any 192.168.15.127 0.0.0.0 68
deny any 172.31.105.0 0.0.0.255 192.168.15.0 0.0.0.255
deny any 172.31.105.0 0.0.0.255 172.31.101.0 0.0.0.255
deny any 172.31.105.0 0.0.0.255 172.31.102.0 0.0.0.255
deny any 172.31.105.0 0.0.0.255 172.31.103.0 0.0.0.255
deny any 172.31.105.0 0.0.0.255 172.31.104.0 0.0.0.255
permit any any any
exit
interface vlan 101
service-acl input "101"
exit
interface vlan 102
service-acl input "102"
exit
interface vlan 103
service-acl input "103"
exit
interface vlan 104
service-acl input "104"
exit
interface vlan 105
service-acl input "105"
exit
hostname dell-6024f
line ssh
exec-timeout 60
exit
ip ssh server
ip https server
clock timezone -6
clock summer-time recurring usa zone utc
clock source sntp
sntp client poll timer 43200
sntp unicast client enable
sntp unicast client poll
sntp server 172.18.1.2 poll
interface vlan 1
sntp client enable
exit

Tortilla Bob · Answer

I have also confirmed that this switch is running the latest firmware.  Anybody from Dell have any insight?  I'll be happy to provide any further information as is deemed necessary.

cerbera_a84f2d · Answer

Eric   I agree - I can't see why this is an issue from the configs.   One suggestion for problem finding - could you connect an access point to a port on the 6024, configured as a straight access port in VLAN 102?   Then see if you have the same problem...if you do, then its in the 6024, if not, then it the interswitch trunking or the 3400.

Tortilla Bob · Answer

cerbera wrote:

One suggestion for problem finding - could you connect an access point to a port on the 6024, configured as a straight access port in VLAN 102?

Then see if you have the same problem...if you do, then its in the 6024, if not, then it the interswitch trunking or the 3400.

Unfortunately, I already tried that and received the same results. Both an access point and the controller were connected to the 6024F in ports assigned as access for VLAN 102. The UDP LWAPP_JOIN packets never made it to the WLAN controller. I'm starting to think this may be some sort of bug in the firmware for the 6024F.

-Eric

Tortilla Bob · Answer

This is definitely some sort of firmware bug in access-list processing.   As an experiment, I created a new VLAN (vlan 106) and moved all of the wireless gear into it.  With no ACL applied to VLAN 106 everything worked.  As soon as I applied the ACL 106 to the VLAN and rebooted all the devices on that VLAN, my wireless access points were not able to join with the WLAN controller.  The access-list consisted of just one statement (for experiment purposes): 'permit any any any'.   ip access-list '106' permit any any any   interface vlan 106 service-acl input '106'   If I remove the access-list from the interface, the wireless access points are still not able to communicate with the controller after a reboot of both the controller and the access points.  The only way to get things to start working again is to create a new VLAN.  Deleting and re-creating an existing VLAN does not solve the problem.  (It might do so after a reboot, but I cannot reboot this switch during the day as there is live traffic on it in other VLANs.)   If any of the Dell techs could weigh in on this issue, I would appreciate it.   -Eric

Networking General

6024F dropping packets

Was this post helpful?