powerconnect 6248 inter-vlan routing ?

Thanks alot for the information.

I have three VLAN's (150,200,250) configured on our 6248, but I'm unable to route between the VLAN's without routing through our Cisco ASA. I looked at the routing statements and from what I can see you are routing all traffic through 10.0.0.1 with the exception of 192.168.182.0/24 via 10.0.0.181 and 10.240.4.0/24 via 10.0.0.226. Given that your VLAN's aren't in the 192.168.182.0/24 or 10.240.4.0/24 subnets I'm assuming your VLAN's are routed through 10.0.0.1. I assume 10.0.0.1 is the IP of the switch?

10.0.0.1 is our primary internet router.  All VLAN traffic stays within our layer 3 switch stack which is 10.0.0.225.  Do you have routing enabled on your VLAN interfaces?  If you notice on my config, each VLAN interface has "routing".  Once a switch is associated with a VLAN then it knows about that network once an IP address is associated with that VLAN interface.  Then no traffic should leave your VLAN router (switch) and go to your ASA.

Now the sample I uploaded was a very simple sample.  We actually do VLAN tagging as well.

Here's our config:

configure

vlan database

vlan 150,200,250

exit

stack

member 1 2

exit

ip address 172.16.1.2 255.255.255.0

ip default-gateway 172.16.1.1

ip domain-name acme.com

ip name-server 172.16.1.241

no logging on

interface vlan 150

name "Vlan150"

routing

ip address  172.16.150.2  255.255.255.0

exit

interface vlan 200

name "Vlan200"

routing

ip address  172.16.200.2  255.255.255.0

exit

interface vlan 250

name "Vlan250"

routing

ip address  172.16.250.2  255.255.255.0

exit

ip routing

ip route 172.16.1.0 255.255.255.0 172.16.1.1

ip route 172.16.200.0 255.255.255.0 172.16.200.1

ip route 172.16.250.0 255.255.255.0 172.16.250.1

ip route 172.16.150.0 255.255.255.0 172.16.150.1

ip route 172.16.100.0 255.255.255.0 172.16.1.1

bootpdhcprelay enable

bootpdhcprelay serverip 172.16.1.244

!

interface ethernet 1/g41

channel-group 2 mode auto

switchport mode general

no switchport general acceptable-frame-type tagged-only

switchport general ingress-filtering disable

switchport general allowed vlan add 150 tagged

switchport general allowed vlan add 200 tagged

switchport general allowed vlan add 250 tagged

switchport general allowed vlan add 1 tagged

exit

!

interface ethernet 1/g42

channel-group 2 mode auto

lacp port-priority 2

switchport mode general

no switchport general acceptable-frame-type tagged-only

switchport general ingress-filtering disable

switchport general allowed vlan add 150 tagged

switchport general allowed vlan add 200 tagged

switchport general allowed vlan add 250 tagged

switchport general allowed vlan add 1 tagged

exit

!

All routable traffic should go through 172.16.1.1, but I want the VLAN traffic to be routed on the Dell 6248. I have a machine on 172.16.150.99/24 and it can't reach hosts on 172.16.200.0/24 or 172.16.250.0/24. Would simply updating the routing statement to the following resolve the issue?

ip routing

ip route 0.0.0.0 0.0.0.0 172.16.1.1

Ok, take out these statements.  They aren't needed because the switch is already on these networks with their VLAN interface IP address assignments.  And you default gateway tells the switch where to go for everything else. (172.16.1.1)

ip route 172.16.1.0 255.255.255.0 172.16.1.1

ip route 172.16.200.0 255.255.255.0 172.16.200.1

ip route 172.16.250.0 255.255.255.0 172.16.250.1

ip route 172.16.150.0 255.255.255.0 172.16.150.1

ip route 172.16.100.0 255.255.255.0 172.16.1.1

I think you need to enable VLAN routing...

*****

vlan database

vlan 150,200,250

vlan routing 150 1

vlan routing 200 2

vlan routing 250 3

*****

One other thing, the IP address at the beginning of your config is usually a management IP address that you may never access.  For instance for my client's switch I would put something like 10.255.255.254 / 24

I never access that IP address.  I have a VLAN 10 with an IP address 10.0.0.225 / 16 and that is the default gateway for computers in that vlan.

I will post my config so you can see, after I remove any identifying information.

!

configure

vlan database

vlan 10-12,19-22,50

vlan routing 10 1

vlan routing 11 2

vlan routing 12 3

vlan routing 19 4

vlan routing 20 5

vlan routing 21 6

vlan routing 22 7

vlan routing 50 8

exit

snmp-server location "Data Center"

snmp-server contact "Network Administrator"

hostname "DC-STACK"

sntp unicast client enable

sntp server 10.0.0.201

clock summer-time recurring 2 sun Mar 02:00 1 sun Nov 02:00 offset 1 zone "edt"

clock timezone -5 minutes 0 zone "EST"

stack

member 1 5

member 3 5

member 4 5

exit

ip address 10.255.255.254 255.255.255.0  (management IP I don't use, THIS IS VLAN 1, default VLAN)

ip domain-name domain.local

ip name-server 10.0.0.201

ip name-server 10.0.0.202

logging console info

logging file warning

logging 10.0.6.3

exit

access-list PublicWireless permit udp 10.19.0.0 0.0.255.255 10.0.0.202 0.0.255.255 eq 67

access-list PublicWireless permit udp 10.19.0.0 0.0.255.255 10.0.0.203 0.0.255.255 eq 67

access-list PublicWireless deny ip 10.19.0.0 0.0.255.255 10.0.0.0 0.255.255.255

access-list PublicWireless permit ip any any

ip routing

ip route 0.0.0.0 0.0.0.0 10.0.0.6   (THIS IS THE INTERNET ROUTER)

ip route 192.168.182.0 255.255.255.0 10.0.0.74   (THIS GOES TO ANOTHER L3 SWITCH)

ip route 10.3.0.0 255.255.0.0 10.0.0.74  (THIS GOES TO ANOTHER L3 SWITCH)

ip route 10.7.0.0 255.255.0.0 10.0.0.74  (THIS GOES TO ANOTHER L3 SWITCH)

ip helper-address 10.0.0.203 dhcp

interface vlan 10

routing

ip address 10.0.0.225 255.255.0.0  (THIS IS THE PRIMARY IP THAT IS THE DEFAULT GATEWAY FOR COMPUTERS IN THIS VLAN)

exit

interface vlan 11

routing

ip address 10.1.0.1 255.255.255.0

exit

interface vlan 12

routing

ip address 10.10.0.1 255.255.0.0

exit

interface vlan 19

name "PublicWIFI"

routing

ip address 10.19.0.1 255.255.0.0

ip access-group PublicWireless in 1

exit

interface vlan 20

routing

ip address 10.20.0.1 255.255.0.0   (THERE IS ANOTHER L3 SWITCH ON ANOTHER FLOOR WITH 10.20.0.2 AND .2 IS THE DEFAULT GATEWAY FOR THOSE COMPUTERS IN THAT VLAN)

exit

interface vlan 21

routing

ip address 10.21.0.1 255.255.0.0   (THE SAME HERE)

exit

interface vlan 22

routing

ip address 10.22.0.1 255.255.0.0   (THE SAME HERE)

exit

interface vlan 50

routing

ip address 10.50.0.1 255.255.0.0   (VOIP VLAN)

exit

spanning-tree priority 4096

sflow 1 destination owner 1 timeout 4294308517

sflow 1 destination 10.0.6.3

classofservice trust ip-dscp

classofservice ip-dscp-mapping 46 6

cos-queue strict 6

!

interface ethernet 1/g1

sflow 1 sampling 1024

sflow 1 polling 30

spanning-tree portfast

switchport access vlan 50

exit

!

interface ethernet 1/g2

sflow 1 sampling 1024

sflow 1 polling 30

spanning-tree portfast

switchport access vlan 10

exit

!

interface ethernet 1/g3

sflow 1 sampling 1024

sflow 1 polling 30

spanning-tree portfast

switchport access vlan 10

exit

!

!

interface port-channel 20  (LAG USING FIBER PORTS IN STACK TO REMOTE L3 IDFs)

switchport mode general

switchport general pvid 20

switchport general allowed vlan add 20

switchport general allowed vlan add 50 tagged

switchport general allowed vlan remove 1

exit

!

interface port-channel 21

switchport mode general

switchport general pvid 21

switchport general allowed vlan add 21

switchport general allowed vlan add 50 tagged

switchport general allowed vlan remove 1

exit

!

interface port-channel 22

switchport mode general

switchport general pvid 22

switchport general allowed vlan add 22

switchport general allowed vlan add 50 tagged

switchport general allowed vlan remove 1

exit

snmp-server group snmpwrite v1 read DefaultSuper write DefaultSuper

snmp-server group snmpwrite v2 read DefaultSuper write DefaultSuper

snmp-server community snmpread ro

snmp-server community-group snmpwrite snmpwrite

exit

OK this is how we are going to configure the switch.

configure

vlan database

vlan 150,200,250

vlan routing 150 1

vlan routing 200 2

vlan routing 250 3

exit

stack

member 1 2

exit

hostname “dell6248”

ip address 172.16.1.2 255.255.255.0

ip domain-name acme.com

ip name-server 172.16.1.241

ip name-server 172.16.1.227

no logging on

interface vlan 150

name "Vlan150"

routing

ip address  172.16.150.1  255.255.255.0

exit

interface vlan 200

name "Vlan200"

routing

ip address  172.16.200.1  255.255.255.0

exit

interface vlan 250

name "Vlan250"

routing

ip address  172.16.250.1  255.255.255.0

exit

ip routing

ip route 0.0.0.0 0.0.0.0 172.16.1.1

ip helper-address 172.16.1.244

bootpdhcprelay enable

bootpdhcprelay serverip 172.16.1.244

exit

no spanning-tree

Does appear correct?

That looks good so far.  What about your ports and their VLAN assignments?  Remember 172.16.1.x is on VLAN 1 (default VLAN) so you have to make sure you allow VLAN 1 access on your ports as needed?

What would happen if the switch port didn't have access to VLAN1 if the system attached to the port doesn't need access to that VLAN? Would networking fail, or they would simply be isolated to the VLAN they are assigned to? Forgive my ignorance as I'm new to this ...

It shouldn't fail because you have setup routing in your switch.  So as long as the computer system has your switch as it's default gateway, then it should be able to communicate with all.  Your switch should be the default gateway (using their respective IP subnet) for all computers.  For instance, a machine with an IP address 172.16.150.25 will have 172.16.150.1 as it's default gateway, provided they are plugged into a VLAN150 port.

Yes 172.16.1.0/24 is the default VLAN. I believe all the ports are configured for access to VLAN1 with the folllowing on the port config:

switchport general allowed vlan add 1 tagged

Is that what you are referring to?

Yes

OK I can't figure out how to enable vlan routing from the CLI. Do I have to go into router submenu and configure RIP or OSPF? A simple example would be greatly appreciated!

Here is a link to the manual.  Page 499 starts the discussion for routing configuration.

http://support.dell.com/support/edocs/network/PC62xx/en/UCG/ucg_en.zip

Here is a white paper on VLAN routing:

http://www.dell.com/downloads/global/products/pwcnt/en/app_note_38.pdf

In order to enable routing for a specific VLAN you would enter the VLAN interface in this case VLAN 10.

console# config

console(config)# interface vlan 10

console(config-if-vlan10)# routing    (enable routing for VLAN 10)

console(config-if-vlan10)# ip address 172.16.1.1     (set IP address for VLAN to route) (this would be the gateway address of any device connected to the VLAN)

The above information is assuming that you have routing enabled globally on the switch.  Here is the command to enable routing globally for the whole switch raising it to Layer 3.

console(config)# ip routing

Hope this helps,

Keep us updated if you can.