This post is more than 5 years old
7 Posts
0
24371
January 23rd, 2013 20:00
6224 setup confusion
I am trying to setup a 6224. I have reset to factory defaults so many times to start over now and I am very frustrated. This is my first time setting up a Layer 3 switch. My running config can be started over easy enough if someone could possibly help me here.
I have a CentOS box as an IPTables router that is starting to fail and understood that it would be better for me to go to a Layer 3 switch (6224 was recommended) since I can't afford a standalone router appliance. I was able to pick up a new 6224 at an unbelievable price.
(The WAN IP addresses below have been changed for this example)
My upstream provider says my router must be at IP address 22.104.86.50/30 (gateway 22.104.86.49). I have a Class C 22.100.100.0/24 that my servers will need and also want to run a LAN using 10.0.0.0/8
I wanted g1-g12 as the WAN ports that my class C would plug into (using 22.100.100.1/24 as the gateway on the 6224)
I wanted g13-g23(or g24 if I don't need one specifically for my 22.104.86.50/30 address) as my LAN addresses
LAN addresses, of course, do NOT need WAN access since they are only for internal use between servers.
I had my VLAN 1 set up with the 22.104.86.50/30, VLAN 10 with 22.100.100.0/24 and VLAN 20 with 10.0.0.0/8. I "had" VLAN 1 assigned to g24 and plugged in my WAN cable there. I can access the GUI from a remote IP this way.
I had VLAN 10 setup with 22.100.100.1 as the IP address and can access the GUI if I plug into ports g1-g12 at that address.
I had VLAN 20 setup with 10.0.0.1/8 and can access the GUI if I plug into ports g13-g23 at that address. Yes, I am manually configuring my laptop address to be in those VLAN's with those IP's as the gateway.
The problem is with this setup, VLAN 10 can't get out to the internet. VLAN 20 can't either, but I don't want it to be able to.
Any an all help would be greatly appreciated as I have been working on this for 10 hours now with no luck in getting it to reach the internet. I have googled so many times I should take out stock in it.
Thank you in advance,
Steve
DELL-Willy M
802 Posts
0
January 24th, 2013 09:00
I would like to use the above diagram as a reference in order to describe how you would set up connection to your upstream internet connection.
Basically you need to set up a VLAN in between the 6224 PowerConnect and your upstream provider. In this scenario Switch 1 would be the 6224 and switch 2 is the upstream provider.
On the 6224 you will need to create a VLAN 100 (or whatever ID # you choose). Then set the ip address on that VLAN to 22.104.86.50/30. Then go into the physical interface or LAG. It needs to be a single connection or LAG (multiple physical connections working as one virtual port-channel). The interface would be set up as switchport mode access for VLAN 100.
Example:
console> enable
console# config
console(config)# ip routing (enables routing globally)
console(config)# vlan database
console(config-vlan)# vlan 100
console(config-vlan)# exit
console(config)# interface vlan 100
console(config-if)# ip address 22.104.86.50 255.255.255.252
console(config-if)# routing (enables routing for the specific VLAN)
console(config-if)# exit
console(config)# interface ethernet 1/g1
console(config-if-1/g10)#switchport mode access
console (config-if-1/g10)#switchport access vlan 100
Then you would look at creating VLANs for your other LANs in a similar manner. Setting the VLAN and the ip address for the VLAN. Then setting all the physical ports in access mode for that VLAN. Then whatever PC end devices that are plugging into that VLAN access port would have an ip address in that network range and a gateway of the ip address you set for the VLAN itself.
I hope this helps, let us know if you have further questions
DELL-Willy M
802 Posts
0
January 24th, 2013 12:00
I would like to take a look at your routing table. please
console# show ip route
Also, I would suggest getting rid of the ip default-gateway 192.168.2.1 it is not absolutely necessary and it should not be the same address as the switch itself. According to a "Note" on page 359 of the CLI User Guide:
http://support.dell.com/support/edocs/network/PC62xx/en/CLI/PDF/cli_en.zip
"For management traffic forwarding decisions, a default-route configured on the switch (CLI, Web, SNMP, or learned via routing protocol such as OSPF), takes precedence over the ip default-gateway setting."
Since you have a default route defined. ip route 0.0.0.0 0.0.0.0 192.168.1.254
Are you able to ping the gateway of VLAN 10 from the PC end device? Then are you able to ping VLAN 100 address 192.168.1.134 from the same end device?
DELL-Willy M
802 Posts
1
January 24th, 2013 14:00
It's possible that your 192.168.1.254 router is not aware of the networks that you have created on the 6224 switch. You will need to look at the 192.168.1.254 router and verify if it has a way to add the networks in a static route or a routing protocol.
This is something that you will need to work out with your service provider also. Once you take it to your office and complete the set up. When the traffic is routed out of the 6224 it will have to have a routed path back to the 6224 thru the directly connected devices.
skb1963
7 Posts
0
January 24th, 2013 12:00
This is what I have so far and I still can't get my 22.100.100.252 laptop to connect to the internet. My laptop is setup with 22.100.100.252 /24 22.100.100.1. I am trying to set this up at my house before I move it to the data center. So my local network in the house is 192.168.1.0 /24 192.168.1.254. On the console, I can traceroute ping to outside addresses like 8.8.8.8 so the 6224 does have internet access and it is allowing the service IP to get out to the world.
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.5.5, VxWorks 6.5"
!System Software Version 3.3.5.5
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,100
vlan routing 10 1
vlan routing 100 2
exit
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0
ip default-gateway 192.168.2.1
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.254
interface vlan 10
name "WAN"
routing
ip address 22.100.100.1 255.255.255.0
exit
interface vlan 100
routing
ip address 192.168.1.134 255.255.255.0
exit
!
interface ethernet 1/g1
switchport access vlan 10
exit
!
interface ethernet 1/g23
switchport access vlan 100
exit
exit
skb1963
7 Posts
0
January 24th, 2013 13:00
Just in case it was a problem because I was using public IP's on vlan 10, I setup my vlan 20 as 10.0.0.1 /8 and my laptop as 10.121.100.252 /8 10.0.0.1. That didn't help. From my laptop, I can still ping 10.0.0.1, 192.168.1.134 but nothing else including the 192.168.1.254. Below is the ip route and running-config now.
console#show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S 0.0.0.0/0 [1/0] via 192.168.1.254, vlan 100
C 10.0.0.0/8 [0/1] directly connected, vlan 20
C 192.168.1.0/24 [0/1] directly connected, vlan 100
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.5.5, VxWorks 6.5"
!System Software Version 3.3.5.5
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,20,100
vlan routing 10 1
vlan routing 100 2
vlan routing 20 3
exit
sntp server time.nist.gov
clock timezone -6 minutes 0 zone "CST"
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.254
interface vlan 10
name "WAN"
routing
ip address 22.100.100.1 255.255.255.0
exit
interface vlan 20
name "LAN"
routing
ip address 10.0.0.1 255.0.0.0
exit
interface vlan 100
routing
ip address 192.168.1.134 255.255.255.0
exit
interface ethernet 1/g1
switchport access vlan 10
exit
interface ethernet 1/g13
switchport access vlan 20
exit
interface ethernet 1/g23
switchport access vlan 100
exit
exit
And for some reason, even though the console can get out, the time on it is still incorrect. But at the moment, this isn't a big deal compared to getting the rest of this to work.
console#show clock
07:40:03 CST(UTC-6:00) Apr 22 2005
No time source
skb1963
7 Posts
0
January 24th, 2013 13:00
I got rid of the ip default-gateway 192.168.2.1. Yes, from my laptop I can ping 38.121.100.1 and 192.168.1.134, but can't ping the 192.168.1.254 which is my router. From the 6224 console, I can still ping outside to 8.8.8.8
console#show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S 0.0.0.0/0 [1/0] via 192.168.1.254, vlan 100
C 22.100.100.0/24 [0/1] directly connected, vlan 10
C 192.168.1.0/24 [0/1] directly connected, vlan 100
skb1963
7 Posts
0
January 24th, 2013 15:00
I was wondering if that might be the problem. But I have had other routers, like a wireless router in my house with it's own subnet 192.168.16.0/24 and it doesn't have a problem like that hooking it into the 192.168.1.0/24 router and I can get to the internet from anything connected to it.
Sorry, I am really new to L3 switches.
I guess I could just go ahead and take it to the data center and plug it in and see if it works. Was really hoping of getting it to work here first to make sure before taking down my network there.
skb1963
7 Posts
0
January 24th, 2013 15:00
hmmmm.....Does the 6224 need to have something turned on for broadcasting those addresses?
DELL-Willy M
802 Posts
1
January 24th, 2013 17:00
If you were using a routing protocol like RIP or OSPF, yes you would. Otherwise you would have directly connected networks or a static route set up for the network.
The default route ip route 0.0.0.0 0.0.0.0 192.168.1.254 is designed to send any traffic that is not specifically addressed in the routing table out to the 192.168.1.254 interface.
If you have another end device you might try setting up a second VLAN and try to ping across the VLANS, From VLAN 10 to VLAN 20
When you ping the something external on the internet are you getting a destination host unreachable or is it timing out?
If you are getting a host unreachable it could be related to the fact that the ping is not aware of the path it needs to get back to your 6224 switch.
The reason you are not having any issues with your wireless router is that it only has the one network connected and is not having to direct traffic to several routed networks internally.