Dell PowerConnect 5448 to 6248 config changes

Hi cjac00,

I need to check something about this. I will come back to you asap.

Need to wait for my network config specialist

Cheers
Stefan

Hi again.

Referring to the PowerConnect 6248 CLI Guide in "general mode" should just one VLAN be untagged.

So, the command should be something like:

switchport general allowed vlan add 78-80,92,100-101,179,279 tagged

Here you can check out the guide: https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/powerconnect-6248_reference%20guide2_en-us.pdf

On the other end, it could also be the config on the Mikrotik.

Let me know if it works.

Cheers
Stefan

yeah, I caught that 'tagged' bit right after I sent the first post.  I corrected it, but no luck there.

Here's the complete config from the 6248:

switch01#show running-config
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.5.5, VxWorks 6.5"
!System Software Version 3.3.5.5
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 78-80,92,100-101,179,279
vlan routing 179 1
exit
hostname "switch01"
stack
member 1 2
exit
ip address dhcp
interface vlan 179
routing
ip address 100.64.79.210 255.255.255.0
exit
!
interface ethernet 1/xg1

channel-group 7 mode auto
exit
!
interface ethernet 1/xg2
channel-group 7 mode auto
exit
!
interface port-channel 7
switchport mode general
switchport general allowed vlan add 78-80,92,100-101,179,279 tagged
exit
exit

switch01#ping 100.64.79.108
Pinging 100.64.79.108 with 0 bytes of data:

----100.64.79.108 PING statistics----
4 packets transmitted, 0 packets received, 100% packet loss
round-trip (msec) min/avg/max = <10/<10/<10

and I have published the 5448 config here:

http://web.c9h.org/~cjac/for-dell/5448-20201120T1351.cfg

switch1# ping 100.64.79.108
Pinging 100.64.79.108 with 18 bytes of data:

18 bytes from 100.64.79.108: icmp_seq=1. time=0 ms
18 bytes from 100.64.79.108: icmp_seq=2. time=0 ms
18 bytes from 100.64.79.108: icmp_seq=3. time=0 ms
18 bytes from 100.64.79.108: icmp_seq=4. time=0 ms

----100.64.79.108 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

The mikrotik has a simple config which I will include inline below.  You can see that the two switches have similar configs on this side.

/interface bonding
add mode=802.3ad name=switch01 slaves=sfp-sfpplus3,sfp-sfpplus4
add mode=802.3ad name=switch1 slaves=sfp-sfpplus7,sfp-sfpplus8

/interface bridge port
...
add bridge=bridge interface=switch1
add bridge=bridge interface=switch01

[admin@MikroTik] > export compact
# nov/20/2020 13:55:57 by RouterOS 6.47.1
# software id = VBPI-BHFQ
#
# model = CRS309-1G-8S+
# serial number = CB7A0C21F823
/interface bridge
add admin-mac=48:8F:5A:6A:AE:DD auto-mac=no comment=defconf name=bridge
add name=testbr0
/interface vlan
add interface=bridge name=bridge.int vlan-id=179
add interface=bridge name=bridge.loc vlan-id=79
/interface bonding
add mode=802.3ad name=switch01 slaves=sfp-sfpplus3,sfp-sfpplus4
add mode=802.3ad name=switch1 slaves=sfp-sfpplus7,sfp-sfpplus8
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus5
add bridge=bridge comment=defconf interface=sfp-sfpplus6
add bridge=bridge interface=switch1
add bridge=bridge interface=switch01
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=172.16.79.108/24 network=172.16.79.0
add address=100.64.79.108/24 interface=bridge.int network=100.64.79.0
add address=172.16.79.108/24 interface=bridge.loc network=172.16.79.0
/ip dns
set servers=100.64.79.5,100.64.79.12,100.64.79.66
/ip route
add distance=1 gateway=100.64.79.1
/system clock
set time-zone-name=America/Los_Angeles
/system ntp client
set enabled=yes primary-ntp=100.64.79.123 secondary-ntp=100.64.79.122
/system routerboard settings
set boot-os=router-os

Are only the CX4 ports connected to the network?

Ok, that is the right expansion module. Which transceivers are you using?

the cx-4 ports are the only ones attached to any other switches.  port 1/g2 is directly attached to an end system via a USB ethernet dongle for testing.

cjac@ogion:~$ sudo ethtool enx24f5a2f1ce45
Settings for enx24f5a2f1ce45:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full 
                                100baseT/Half 100baseT/Full 
                                1000baseT/Half 1000baseT/Full 
        Supported pause frame use: No
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full 
                                100baseT/Half 100baseT/Full 
                                1000baseT/Full 
        Advertised pause frame use: Symmetric Receive-only
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Link partner advertised link modes:  10baseT/Half 10baseT/Full 
                                             100baseT/Half 100baseT/Full 
                                             1000baseT/Full 
        Link partner advertised pause frame use: Symmetric
        Link partner advertised auto-negotiation: Yes
        Link partner advertised FEC modes: Not reported
        Speed: 1000Mb/s
        Duplex: Full
        Port: MII
        PHYAD: 32
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00007fff (32767)
                               drv probe link timer ifdown ifup rx_err tx_err tx_queued intr tx_done rx_status pktdata hw wol
        Link detected: yes
cjac@ogion:~$ sudo lldpctl enx24f5a2f1ce45
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    enx24f5a2f1ce45, via: LLDP, RID: 2, Time: 0 day, 00:30:32
  Chassis:     
    ChassisID:    mac 00:25:64:2a:c5:5f
  Port:        
    PortID:       ifname 1/0/2
    TTL:          120
-------------------------------------------------------------------------------

SFP-10GSR-85

10G SFP+ 850nm 300m

S/N: F1930039331

FS SR

Hi Josh,

Thanks for your prompt attention.

I don't know what the model name / id of the dual 10GE sfp+ module is, but maybe this will help?

switch01#show tech-support

 ***************** Show Version ******************

Switch: 1

System Description............................. PowerConnect 6248, 3.3.5.5
                                                VxWorks 6.5
Machine Type................................... PowerConnect 6248
Machine Model.................................. PCT6248
Serial Number.................................. CN0GP931282989AO0218A10
FRU Number.....................................
Part Number.................................... BCM56314
Maintenance Level.............................. A
Manufacturer................................... 0xbc00
Burned In MAC Address.......................... 0025.642A.C55F
Software Version............................... 3.3.5.5
Operating System............................... VxWorks 6.5
Network Processing Device...................... BCM56314_A0
Additional Packages............................ FASTPATH QOS
                                                FASTPATH Multicast
                                                FASTPATH Stacking
                                                FASTPATH Routing


 ***************** Show SysInfo ******************

System Location................................
System Contact.................................
System Object ID............................... 1.3.6.1.4.1.674.10895.3011
System Up Time................................. 1 days 22 hrs 10 mins 24 secs
10/100 Ethernet/802.3 interface(s)............. 2
Gig Ethernet/802.3 interface(s)................ 1
10Gig Ethernet/802.3 interface(s).............. 1
Virtual Ethernet/802.3 interface(s)............ 2

There is a lot more.  I will post it for your review.

http://web.c9h.org/~cjac/for-dell/tech-support.txt

on review, it's U691D

However, note that I also have a linux machine attached directly to port 1/0/g2 and it is also not forwarding frames aside from LLDP.  Nothing on the switchport even when in access mode.

The Mikrotik detects the 6248 via LLDP, as does a linux machine I attached to 1/g2:

cjac@ogion:~$ sudo lldpctl enx24f5a2f1ce45
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: enx24f5a2f1ce45, via: LLDP, RID: 2, Time: 0 day, 00:00:23
Chassis:
ChassisID: mac 00:25:64:2a:c5:5f
Port:
PortID: ifname 1/0/2
TTL: 120
-------------------------------------------------------------------------------

I then put the switchport into access vlan 80:

switch01#conf
switch01(config)#interface ethernet 1/g2
switch01(config-if-1/g2)#switchport mode access
switch01(config-if-1/g2)#switchport access vlan 80
Warning: The use of large numbers of VLANs or interfaces may cause significant
delays in applying the configuration.
switch01(config-if-1/g2)#end

and then added an IP for vlan 80 to the switch config.

switch01#conf
switch01(config)#interface vlan 80
switch01(config-if-vlan80)#ip address 172.16.80.210 255.255.255.0
switch01(config-if-vlan80)#end

as well as an address to the interface on the linux side:

cjac@ogion:~$ sudo ip addr add 172.16.80.64/24 dev enx24f5a2f1ce45

but despite the LLDP apparently functioning and the route to that IP through that interface, I see no IP connectivity on this access mode switch either.

cjac@ogion:~$ ping -c4 -t4 172.16.80.210
PING 172.16.80.210 (172.16.80.210) 56(84) bytes of data.
From 172.16.80.64 icmp_seq=1 Destination Host Unreachable
From 172.16.80.64 icmp_seq=2 Destination Host Unreachable
From 172.16.80.64 icmp_seq=3 Destination Host Unreachable
From 172.16.80.64 icmp_seq=4 Destination Host Unreachable

--- 172.16.80.210 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 78ms
pipe 4
cjac@ogion:~$ sudo lldpctl enx24f5a2f1ce45
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: enx24f5a2f1ce45, via: LLDP, RID: 2, Time: 0 day, 00:08:48
Chassis:
ChassisID: mac 00:25:64:2a:c5:5f
Port:
PortID: ifname 1/0/2
TTL: 120
-------------------------------------------------------------------------------
cjac@ogion:~$ ip route get 172.16.80.210
172.16.80.210 dev enx24f5a2f1ce45 src 172.16.80.64 uid 1001
cache

I am not certain what the "Required" value under Authorization means in this report.  Maybe that has something to do with the failure to pass anything but LLDP packets on that interface?

switch01#show vlan

VLAN       Name                         Ports          Type      Authorization
-----  ---------------                  -------------  -----     -------------
1      Default                          ch1-48,1/g1,   Default   Required
                                        1/g3-1/g48,
                                        1/xg2-1/xg4
78                                      ch7            Static    Required
79                                      ch7            Static    Required
80                                      ch7,1/g2       Static    Required
92                                      ch7            Static    Required
100                                     ch7            Static    Required
101                                     ch7            Static    Required
179                                     ch7            Static    Required
279                                     ch7            Static    Required

Which expansion module do you have in the switch? Page 16 https://dell.to/2UMlt2s

Mikrotik side:

[admin@MikroTik] > /interface ethernet monitor sfp-sfpplus3
                      name: sfp-sfpplus3
                    status: link-ok
          auto-negotiation: done
                      rate: 10Gbps
               full-duplex: yes
           tx-flow-control: no
           rx-flow-control: no
               advertising: 
  link-partner-advertising: 
        sfp-module-present: yes
               sfp-rx-loss: no
              sfp-tx-fault: no
                  sfp-type: SFP-or-SFP+
        sfp-connector-type: LC
      sfp-link-length-50um: 300m
      sfp-link-length-62um: 150m
           sfp-vendor-name: FS
    sfp-vendor-part-number: SFP-10GSR-85
         sfp-vendor-serial: F1930039331
    sfp-manufacturing-date: 19-10-10
            sfp-wavelength: 850nm
           sfp-temperature: 48C
        sfp-supply-voltage: 3.311V
       sfp-tx-bias-current: 5mA
              sfp-tx-power: -2.919dBm
              sfp-rx-power: -5.181dBm
           eeprom-checksum: good
                    eeprom: 0000: 03 04 07 10 00 00 00 40  00 0c 00 06 67 00 0>
                            0010: 1e 0f 00 00 46 53 20 20  20 20 20 20 20 20 2>
                            0020: 20 20 20 20 00 00 00 00  53 46 50 2d 31 30 4>
                            0030: 52 2d 38 35 20 20 20 20  20 20 20 20 03 52 0>
                            0040: 00 1a 0a 58 46 31 39 33  30 30 33 39 33 33 3>
                            0050: 20 20 20 20 31 39 31 30  31 30 20 20 68 f0 0>
                            0060: 00 00 08 76 40 49 2e f4  6a a6 e6 26 8e e2 f>
                            0070: 14 be 71 00 00 00 00 00  00 00 00 00 73 89 2>
                            0080: 4b 00 fb 00 46 00 00 00  88 b8 78 50 87 f0 7>
                            0090: 23 28 01 f4 1d 4c 03 e8  31 2d 06 31 27 10 0>
                            00a0: 27 10 02 77 1f 07 03 1a  00 00 00 00 00 00 0>
                            00b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 0>
                            00c0: 00 00 00 00 3f 80 00 00  00 00 00 00 01 00 0>
                            00d0: 01 00 00 00 01 00 00 00  01 00 00 00 00 00 0>
                            00e0: 30 0a 81 5e 0b 6d 13 f2  0b d9 00 00 00 00 0>
                            00f0: 00 40 00 00 00 00 00 00  00 00 00 00 00 00 0>

Dell side:

switch01#show fiber-ports optical-transceiver

                                   Output    Input
Port     Temp  Voltage  Current     Power    Power   TX     LOS
          [C]   [Volt]     [mA]     [dBm]    [dBm]   Fault
-------  ----  -------  -------   -------  -------   -----  ---
1/xg1    43.5    3.279      5.6    -3.234   -4.342   No     No

 Temp - Internally measured transceiver temperatures.
 Voltage - Internally measured supply voltage.
 Current - Measured TX bias current.
 Output Power - Measured optical output power relative to 1mW.
 Input Power - Measured optical power received relative to 1mW.
 TX Fault - Transmitter fault.
 LOS - Loss of signal.

Does it show stats for the transceiver? Are both the switch and the router on the same VLAN?

Regarding the question about the "router" being on the same vlan, I assume you are referring to the linux device directly attached to 1/g2, which is in access mode on vlan 80:

It's hard for them to be on the same VLAN as the switchport is in access mode on vlan 80.  The linux machine has not detagged anything from the interface if that is your question, and it treating the interface the same as any other interface attached to a switchport in access mode.

The Mikrotik 10GE switch does not specify what vlans it will listen for and forwards them to all interfaces in the same way as is done for the working 5424 switch's LAG.  The Mikrotik has an IP address on vlan 80 and 179 and replies to pings for each VLAN when those ping requests are sent by the 5448, but not when sent by the 6248.

Do I need the 6248 to explicitly authorize those VLANs to egress frames?