Unsolved

This post is more than 5 years old

23 Posts

62243

December 18th, 2012 10:00

Cisco WLC

I am trying to connect a Cisco 2500 WLC to a 6224 Power Connect and I cannot ping the WLC from within the Power Connect CLI.  The WLC requires a trunk connection to the switch and I have tried configuring access, general, and trunk with no luck, Both the switch and WLC are on the same subnet.  I'm rather new to Dell switches, so can someone be of any help?  I can provide config shots if needed.

23 Posts

December 18th, 2012 13:00

PowerConnect 6224#show run

!Current Configuration:

!System Description "Powerconnect 6224, 3.2.0.7, VxWorks 6.5"

!System Software Version 3.2.0.7

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 5-6,100,200,300

vlan routing 5 1

vlan routing 6 2

exit

sntp unicast client enable

clock timezone -5 minutes 0

stack

member 1 1

exit

ip address 192.168.31.20 255.255.255.0

ip default-gateway 192.168.31.1

ip domain-name DellPowerConnect6224

ip name-server 192.168.31.190

ip name-server 192.168.31.22

ip name-server 192.168.1.2

bootpdhcprelay maxhopcount 6

router rip

auto-summary

default-information originate

exit

interface vlan 5

name "External WLAN"

routing

ip address 10.1.1.100 255.255.255.0

exit

interface vlan 6

name "Internal WLAN"

routing

ip address 10.1.2.100 255.255.255.0

exit

aaa authentication login "defaultList" line

aaa authentication login "networkList" line

aaa authentication enable "enableList" line

aaa authentication enable "networkList" line

exit

!

spanning-tree portfast

switchport mode general

switchport general acceptable-frame-type tagged-only

switchport general allowed vlan add 100

exit

!

interface ethernet 1/g22

spanning-tree portfast

switchport mode general

switchport general pvid 5

switchport general allowed vlan add 5-6

exit

!

interface ethernet 1/g23

spanning-tree portfast

switchport mode general

exit

!

interface ethernet 1/g24

spanning-tree portfast

exit

interface port-channel 22

switchport access vlan 6

Here is a truncated version of the running-config (w/sensitive and unneeeded parts deleted). Port 23 is the port connecting to the Cisco WLC, and port 22 is a test port.

What we are trying to do:  we have a new WLC and we are trying to configure 2 VLANs (5 & 6) for client access to the WLAN. These 2 VLANs are in the 10.1.1.x (VLAN 5) and 10.1.2.x (VLAN 6) subnets. According to Cisco, we need to ensure that wired clients can access these 2 subnets, and if so, then so can wireless clients.

The issue:  when I ping the WLC (192.168.31.4) from the 6224 switch (192.168.31.20), it fails. I'm not sure where my settings on the switch are incorrect.

Let me know if you need more info and I will gladly supply - thanks in advance for your help.

23 Posts

December 21st, 2012 09:00

Thanks so much for the info. Your recommended settings have been applied, but I am still running into some roadblocks. Cannot access the internet on VLAN 5 with a wired client connected to port 1/g22. Set as static IP in this range (10.1.1.101-10.1.1.200) - client shows connected, but no outside access. Here's the interface detail for 1/g23 and the iproute - see anything I still need to do?

PowerConnect 6224#show interfaces detail ethernet 1/g23

Port   Type                            Duplex  Speed    Neg   Admin  Link

                                                             State  State

-----  ------------------------------  ------  -------  ----  -----  -----

1/g23  Gigabit - Level                 Full    1000     Auto  Up     Up

Port  Description

----  --------------------------------------------------------------------------

1/g23

Flow Control:Enabled

Port: 1/g23

VLAN Membership mode:General Mode

Operating parameters:

PVID: 1

Ingress Filtering: Enabled

Acceptable Frame Type: Admit All

Default Priority: 0

GVRP status:Disabled

Protected:Disabled

--More-- or (q)uit

Port 1/g23 is member in:

VLAN    Name                              Egress rule   Type

----    --------------------------------- -----------   --------

1       Default                           Untagged      Default

5       External WLAN                     Untagged      Static

6       Internal WLAN                     Untagged      Static

Static configuration:

PVID: 1

Ingress Filtering: Enabled

Acceptable Frame Type: Admit All

Port 1/g23 is statically configured to:

VLAN    Name                              Egress rule

----    --------------------------------- -----------

5       External WLAN                     Untagged

6       Internal WLAN                     Untagged

Forbidden VLANS:

VLAN    Name

----    ---------------------------------

--More-- or (q)uit

Port 1/g23   Enabled

State: Forwarding                                Role: Designated

Port id: 128.23                                  Port Cost: 20000

Port Fast:  No (Configured: no )                 Root Protection: No

Designated bridge Priority: 32768                Address: 80:00:5C:26:0A:CD:17:7

1

Designated port id: 128.23                       Designated path cost: 20000

CST Regional Root: 80:00:5C:26:0A:CD:17:71       CST Port Cost: 0

BPDU: sent 169830, received 1

PowerConnect 6224#show ip route

 

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static

       B - BGP Derived, IA - OSPF Inter Area

       E1 - OSPF External Type 1, E2 - OSPF External Type 2

       N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

 

C      10.1.1.0/24 [0/1] directly connected,   vlan 5

C      10.1.2.0/24 [0/1] directly connected,   vlan 6

 

PowerConnect 6224#

23 Posts

December 21st, 2012 10:00

VLANs 5 & 6 are the only VLANs configured on the switch.

Just one client - we are following Cisco's suggestion that if a wired client can connect with either VLAN 5 or 6, then so will wireless clients. Our test wireless client can initially connect to VLAN 5 (10.1.1.x), but drops the connection with errors after about 2 minutes.

Yes, DNS is set up and is shown in the ip name-server entires shown in the first config posted. Perhaps this is incorrect?

Client cannot ping the internet gateway. The client does not automatically grab an IP in the 10.1.1.x subnet, and I had to assign statically.

23 Posts

December 21st, 2012 11:00

The wired client in VLAN 5 cannot ping anything (VLAN 5, next hop, DC, neighboring switches, etc...). VLAN 6 exists in name-only at this point. We want to get VLAN 5 up and going and then mirror settings for this in VLAN 6.

I wondered about static routing, especially since the VLAN 5 client will not automatically pick up an address in that subnet (10.1.1.x). I had to configure static IP on that machine to see if it would connect to anything.

23 Posts

December 21st, 2012 12:00

Yes, I am now able to ping VLAN 5 (10.1.1.100).

b/t/w, thanks for sticking with me through this...your help is invaluable.

23 Posts

December 21st, 2012 12:00

unfortunately, this ping (to 192.168.31.20 - the 6224) times out.

23 Posts

December 21st, 2012 12:00

yes to all.

23 Posts

December 26th, 2012 07:00

I currently don't have access to the client on VLAN 5 (blizzard, working from home), but I can ping VLAN 6 from the switch.

23 Posts

December 26th, 2012 08:00

I have remote access to the switch, but not the client in VLAN 5. GIven that, let me know if there's anything we can do on that end until I get back into the office

23 Posts

December 26th, 2012 10:00

Here is the latest config:

PowerConnect 6224#show run

!Current Configuration:

!System Description "Powerconnect 6224, 3.2.0.7, VxWorks 6.5"

!System Software Version 3.2.0.7

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 5-6,100,200,300

vlan routing 5 1

vlan routing 6 2

exit

hostname "PowerConnect 6224"

sntp unicast client enable

clock timezone -5 minutes 0

stack

member 1 1

exit

ip address 192.168.31.20 255.255.255.0

ip default-gateway 192.168.31.1

ip domain-name DellPowerConnect6224

ip name-server 192.168.31.190

ip name-server 192.168.31.22

ip name-server 192.168.1.2

ip routing

bootpdhcprelay maxhopcount 6

router rip

auto-summary

default-information originate

exit

interface vlan 5

name "External WLAN"

routing

ip address 10.1.1.100 255.255.255.0

exit

interface vlan 6

name "Internal WLAN"

routing

ip address 10.1.2.100 255.255.255.0

exit

aaa authentication login "networkList" line

aaa authentication enable "enableList" line

aaa authentication enable "networkList" line

line console

interface ethernet 1/g22

switchport access vlan 5

exit

!

interface ethernet 1/g23

switchport mode general

switchport general allowed vlan add 5-6

exit

!

interface port-channel 22

switchport access vlan 6

exit

exit

PowerConnect 6224#

23 Posts

December 27th, 2012 08:00

Setting has been applied, and here's the current config on port 1/g23:

PowerConnect 6224#show interfaces detail ethernet 1/g23

Port   Type                            Duplex  Speed    Neg   Admin  Link

                                                             State  State

-----  ------------------------------  ------  -------  ----  -----  -----

1/g23  Gigabit - Level                 Full    1000     Auto  Up     Up

Port  Description

----  --------------------------------------------------------------------------

1/g23

Flow Control:Enabled

Port: 1/g23

VLAN Membership mode:General Mode

Operating parameters:

PVID: 1

Ingress Filtering: Enabled

Acceptable Frame Type: Admit All

Default Priority: 0

GVRP status:Disabled

Protected:Disabled

--More-- or (q)uit

Port 1/g23 is member in:

VLAN    Name                              Egress rule   Type

----    --------------------------------- -----------   --------

1       Default                           Untagged      Default

5       External WLAN                     Tagged        Static

6       Internal WLAN                     Tagged        Static

Static configuration:

PVID: 1

Ingress Filtering: Enabled

Acceptable Frame Type: Admit All

Port 1/g23 is statically configured to:

VLAN    Name                              Egress rule

----    --------------------------------- -----------

5       External WLAN                     Tagged

6       Internal WLAN                     Tagged

Forbidden VLANS:

VLAN    Name

----    ---------------------------------

--More-- or (q)uit

Port 1/g23   Enabled

State: Forwarding                                Role: Designated

Port id: 128.23                                  Port Cost: 20000

Port Fast:  No (Configured: no )                 Root Protection: No

Designated bridge Priority: 32768                Address: 80:00:5C:26:0A:CD:17:7

1

Designated port id: 128.23                       Designated path cost: 20000

CST Regional Root: 80:00:5C:26:0A:CD:17:71       CST Port Cost: 0

BPDU: sent 428921, received 1

PowerConnect 6224#

From the client currently configured in VLAN 5, I can reach VLAN 5 (10.1.1.100) and VLAN 6 (10.1.2.100). The next hop is the default gateway (192.168.31.1), and I'm receiving 'destination net unreachable' replies.

23 Posts

December 27th, 2012 09:00

A couple of questions (not a lot of experience in this particular area):

Is the ip route configured globally or on a particular interface? I want to ensure that other devices connected to the switch are not affected.

I should also clarify (sorry) that the next hop (192.168.31.1) is an interface on our firewall. Does that change anything, or do we need to configure a static route within the firewall as well? Or, do we also need to add access to VLANs 5 & 6 within the firewall?

23 Posts

December 27th, 2012 10:00

The topology you show is correct. The wireless device would be the WLC.

On the ip route command, do you see any negative effect on other devices connected to this switch if we apply globally?

Since the 6224 is doing the routing (for VLANs 5 & 6), I'd like to avoid tampering with the firewall config if at all possible, especially since this unit is being replaced as soon as we resolve this issue and whatever we do is likely to change on the new f/w.

23 Posts

December 27th, 2012 10:00

Sounds good, but I'm running into an issue:  when I enter the IP address command as shown (using .31.7 since .31.2 is already in use), it's showing 'incomplete command'. When I try to append the subnet mask (255.255.255.0), I receive this:  

"Subnet conflict between specified IP address and current configuration. All routing interfaces, service ports, and network ports must be configured on different subnets."

What am I missing?

23 Posts

December 27th, 2012 12:00

To remove the 'ip address' and 'ip default-gateway' entries, what command is used? (sorry, I've done this on CIsco, but not Dell).

No Events found!

Top