VLAN routing problem

Question

I have a stack of 6248s.  They are in production.  They were configured when I got them with a very basic config.  I can include it.  Essentially the IP of the switch was in the Default vlan. I need to break the ports into a number of vlans and use the switch to route.  I need to do this without breaking anything. So far I have created the VLANs and moved everyone from the default vlan by the process of turning all the ports to general mode and adding the new vlan to each port. interface ethernet 1/g2switchport mode generalswitchport general allowed vlan add 192exit! When I first did this it had a tendency to broadcast lots of traffic and I couldn't ping between hosts so I added an association:  vlan routing 2 1vlan routing 10 2vlan routing 20 3vlan routing 30 4vlan routing 200 5vlan routing 192 6vlan association subnet 192.168.2.0 255.255.255.0 192vlan association subnet 192.168.10.0 255.255.255.0 192exit With all ports configured like this everything works. The problem is that when I change a port to this: interface ethernet 1/g40switchport access vlan 192exit! Then the PC can see everything on the subnet but can't access anything else. I will add the configs as a reply. Edited: I would like to convert most ports to access mode.  For the current working VLAN which is VLAN 192 the switchs don't need to do any routing.  For the other VLANs the switchs will route.  Even now if I remove the 'routing' command from VLAN 192 a machine on a port set to access mode seems to lose all connectivity.

k---h · Accepted Answer

Most or all of the ports are connected to a desktop or server. Because this was a live system with a lot of users I was trying to migrate them to a (non-default) vlan without disruption. I realised after reading a post on this forum that the vlan associations was definitely not what I wanted. associations as I understand it now lets the switch put a machine in a vlan based on its IP.

I came in after hours and moved all ports to access mode and vlan 192 which is my first step. The problem was that I had to do it all at once to maintain connectivity. Even then I forgot to move the LAG as well. Once I did that as well the subnet works correctly.

If I want multicast routing without unicast routing is that possible?

k---h · Answer

Config with VLANs: my-switch#show run !Current Configuration: !System Description 'PowerConnect 6248, 3.3.1.10, VxWorks 6.5' !System Software Version 3.3.1.10 !Cut-through mode is configured as disabled ! configure vlan database vlan 2,10,20,30,192,200,250 ip igmp snooping 1 vlan routing 2 1 vlan routing 10 2 vlan routing 20 3 vlan routing 30 4 vlan routing 200 5 vlan routing 192 6 vlan association subnet 10.23.2.0 255.255.255.0 2 vlan association subnet 10.23.10.0 255.255.255.0 10 vlan association subnet 10.23.20.0 255.255.255.0 20 vlan association subnet 10.23.30.0 255.255.255.0 30 vlan association subnet 10.23.200.0 255.255.255.0 200 vlan association subnet 10.23.250.0 255.255.255.0 250 vlan association subnet 192.168.2.0 255.255.255.0 192 vlan association subnet 192.168.10.0 255.255.255.0 192 exit hostname 'my-switch' sntp unicast client enable sntp server 192.168.2.173 clock timezone 11 minutes 0 stack member 1 2 member 2 2 exit switch 1 priority 1 switch 2 priority 2 ip address 10.23.251.2 255.255.255.0 ip default-gateway 10.23.251.1 ip domain-name mycompany.com logging facility local0 logging 192.168.2.67 level warning exit ip routing interface vlan 2 name 'firewall' routing ip address 10.23.2.2 255.255.255.0 exit interface vlan 10 name 'server' routing ip address 10.23.10.1 255.255.255.0 exit interface vlan 20 name 'developer' routing ip address 10.23.20.1 255.255.255.0 exit interface vlan 30 name 'business' routing ip address 10.23.30.1 255.255.255.0 exit interface vlan 192 name 'old-vlan' routing ip address 192.168.2.246 255.255.255.0 exit interface vlan 200 name 'test' routing ip address 10.23.200.1 255.255.255.0 exit interface vlan 250 name 'sysadmin' exit username 'admin' password xxxxx level 15 encrypted line ssh password xxxxx encrypted exit ip ssh server bridge multicast filtering management access-list 'SSH' permit vlan 1 service ssh priority 1 permit vlan 10 service ssh priority 2 permit vlan 20 service ssh priority 3 permit vlan 30 service ssh priority 4 permit vlan 1 service http priority 5 permit vlan 10 service http priority 6 permit vlan 20 service http priority 7 permit vlan 30 service http priority 8 permit vlan 192 service ssh priority 10 permit vlan 192 service http priority 11 exit ip igmp snooping ipv6 mld snooping ip igmp snooping querier ip multicast ip igmp ip pimdm ! interface ethernet 1/g1 switchport mode general switchport general allowed vlan add 192 exit ! interface ethernet 1/g2 switchport mode general switchport general allowed vlan add 192 exit ! interface ethernet 1/g3 switchport mode general switchport general allowed vlan add 192 exit ! !..... interface ethernet 1/g40 switchport access vlan 192 exit ! interface ethernet 1/g44 channel-group 1 mode auto switchport mode general switchport general allowed vlan add 192 exit ! interface ethernet 1/g48 spanning-tree portfast switchport mode general switchport general allowed vlan add 192 exit ! interface ethernet 1/xg1 ip igmp snooping exit ! interface ethernet 1/xg2 ip igmp snooping exit ! interface ethernet 2/g4 ip igmp snooping switchport mode general switchport general allowed vlan add 192 exit ! interface ethernet 2/g44 channel-group 1 mode auto switchport mode general switchport general allowed vlan add 192 exit ! interface port-channel 1 description 'to_server' switchport mode general switchport general allowed vlan add 192 exit my-switch#

k---h · Answer

Initial config: my-switch#show run !Current Configuration: !System Description 'PowerConnect 6248, 3.3.1.10, VxWorks 6.5' !System Software Version 3.3.1.10 !Cut-through mode is configured as disabled ! configure hostname 'my-switch' sntp unicast client enable sntp server 192.168.2.173 clock timezone 11 minutes 0 stack member 1 2 member 2 2 exit switch 1 priority 1 switch 2 priority 2 ip address 10.23.251.2 255.255.255.0 ip default-gateway 10.23.251.1 ip domain-name mycompany.com logging facility local0 logging 192.168.2.67 level warning exit ip routing username 'admin' password xxxxx level 15 encrypted line ssh password xxxxx encrypted exit ip ssh server bridge multicast filtering ip igmp snooping ipv6 mld snooping ip igmp snooping querier ip multicast ip igmp ip pimdm ! interface ethernet 1/g44 channel-group 1 mode auto exit ! interface ethernet 1/xg1 ip igmp snooping exit ! interface ethernet 1/xg2 ip igmp snooping exit ! interface ethernet 2/g4 ip igmp snooping exit ! interface ethernet 2/g44 channel-group 1 mode auto exit ! interface port-channel 1 description 'to_server' exit my-switch#

Networking General

Was this post helpful?