22 Posts
0
2740
[7048P] Configuration between PC and internet box with VLAN
Hello,
I come to ask for your help because I am stuck on a case of my network connection to the internet via a box.
I have a PowerConnect 7048P switch, having all the IT elements connected and cut by VLANs.
VLAN 2 corresponds to the VLANs of the internet boxes,
VLAN 6 corresponds to PCs.
By activating the inter VLAN routing, all my hardware can ping between them except for the Internet box.
Could someone tell me where my setup is not correct.
PowerConnect 7048P#show running-config !Current Configuration: !System Description "PowerConnect 7048P, 5.1.14.1, VxWorks 6.6" !System Software Version 5.1.14.1 !System Operational Mode "Normal" ! configure no boot host dhcp no boot host auto-reboot gvrp enable vlan 2-7 exit vlan 2 name "Internet" vlan association subnet 172.16.250.248 255.255.255.248 vlan association mac 307C.B2FF.4489 exit vlan 6 name "Workstations" vlan association subnet 172.16.0.240 255.255.255.240 vlan association mac C81F.66AA.D9D1 --More-- or (q)uit vlan association mac C81F.66AB.0B45 exit ip telnet server disable hostname "PowerConnect 7048P" slot 1/0 6 ! PowerConnect 7048P slot 1/2 11 ! SFP+ Card stack member 1 6 ! PCT7048P exit interface out-of-band ip address 192.168.1.250 255.255.255.0 192.168.1.1 exit ip domain-name "SARLTSF.FR" ip name-server "172.16.250.254" no logging on no logging console logging web-session --More-- or (q)uit logging buffered warnings lacp system-priority 2 no boot auto-copy-sw allow-downgrade ip routing ip route 0.0.0.0 0.0.0.0 172.16.250.254 arp 172.16.210.249 84A9.3E52.31CD router rip redistribute connected exit interface vlan 1 1 exit interface vlan 2 4 ip address 172.16.250.249 255.255.255.248 bandwidth 10000 ip rip exit interface vlan 6 3 ip address 172.16.0.241 255.255.255.240 ip rip exit username "admin" password 2f158c7505d83299779230e9e4ff568a privilege 15 encrypted line console exec-timeout 2 exit line telnet exec-timeout 2 exit line ssh enable authentication enableList exit --More-- or (q)uit ip ssh server ip ssh protocol 2 no spanning-tree mac address-table static 307C.B2FF.4489 vlan 2 interface Gi1/0/2 mac address-table static 001E.C94F.1AC2 vlan 6 interface Gi1/0/31 mac address-table static C81F.66AA.D9D1 vlan 6 interface Gi1/0/25 mac address-table static C81F.66AB.0B45 vlan 6 interface Gi1/0/26 ip vrrp ip verify binding 30:7C:B2:FF:44:89 vlan 2 172.16.250.254 interface Gi1/0/2 ip verify binding C8:1F:66:AASmiley Very Happy9Smiley Very Happy1 vlan 6 172.16.0.243 interface Gi1/0/25 ip verify binding C8:1F:66:AB:0B:45 vlan 6 172.16.0.244 interface Gi1/0/26 ! interface Gi1/0/1 ip verify source port-security switchport general pvid 2 switchport general allowed vlan add 2 tagged switchport general allowed vlan remove 1 switchport access vlan 2 switchport trunk native vlan 2 power inline high-power power inline priority critical green-mode energy-detect green-mode eee exit ! interface Gi1/0/2 --More-- or (q)uit ip verify source port-security description "Internet Livebox Pro v3" spanning-tree mst 0 cost 20000 spanning-tree cost 20000 switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan remove 1 switchport access vlan 2 switchport trunk native vlan 2 green-mode energy-detect green-mode eee exit ! interface Gi1/0/25 ip verify source port-security description "OptiPlex 9080 AIO" gvrp enable switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 switchport trunk native vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/26 ip verify source port-security description "OptiPlex 9080 AIO" switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 --More-- or (q)uit green-mode energy-detect green-mode eee exit ! interface Gi1/0/27 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/28 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit --More-- or (q)uit ! interface Gi1/0/29 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/30 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/31 gvrp enable --More-- or (q)uit switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 switchport trunk native vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/32 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/33 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged --More-- or (q)uit switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/34 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! interface Gi1/0/35 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect --More-- or (q)uit green-mode eee exit ! interface Gi1/0/36 ip verify source port-security switchport general pvid 6 switchport general allowed vlan add 6 tagged switchport general allowed vlan remove 1 switchport access vlan 6 green-mode energy-detect green-mode eee exit ! snmp-server engineid local 800002a203d067e5e0f472 line console no exec-banner no login-banner no motd-banner exit line telnet no exec-banner no login-banner no motd-banner exit exit
Best regards,
Romain VERICEL
rvericel
22 Posts
0
June 4th, 2019 06:00
Hello everybody,
Finally the solution has been done with buying a firewall and putting it between the switch and the internet box.
Best regards.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 25th, 2019 12:00
Hi,
What are the internet boxes? Are they VLAN aware?
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 25th, 2019 12:00
Remove these two lines, from the port config, if it is in general mode only use general commands and not access or trunk commands. switchport access vlan 2
switchport trunk native vlan 2
rvericel
22 Posts
0
March 25th, 2019 12:00
Hi @DELL-Josh Cr ,
this configuration is in FRANCE, that's why the internet box is Live box PRO v3 (https://assistance.orange.fr/equipement/livebox-et-modems/livebox-pro-v3-sagemcom).
I don't know if the internet box is VLAN compatible but when I try to put the internet box in the same VLAN that computers and when i configure the gateway with the Internet Box IP if each the computer IPv4 configuration, the internet works. But, I can't access to the other vlan (printers, servers, etc.) because i change the gateway.
Best regards,
Romain VERICEL
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 26th, 2019 09:00
Page 295, https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/powerconnect-7024_reference%20guide_en-us.pdf try creating a static mac address entry.
rvericel
22 Posts
0
March 26th, 2019 09:00
Hi,
I have asked to the Internet Box support and they said me that normally this kind of box is aware with VLAN.
Moreover, I have removed this 2 lines you said me before.
But I can't ping the internet Box.
i have seen 2 strange thing :
- On the 'ARP Table configuration' tab, no dynamic line about the internet box.
- On the 'Route Table' tab, I have automatically a line with 0.0.0.0 0.0.0.0 Vlan10 172.16.250.248.
The network 0.0.0.0 is by default on the Vlan1 but I don't use it.
I don't know which kind of test I can do for find the origin of this problem.
Best regards,
Romain VERICEL
rvericel
22 Posts
0
March 26th, 2019 13:00
Hi @DELL-Josh Cr ,
I have added manually on ARP table the MAC address of the internet box but even that nothing change.
It's really weird when I put the Internet Box in the PC' VLAN the internet works but when I put the Internet Box in another VLAN the internet doesn't work.
I show you completely my configuration (running-configuration) of the PowerConnect 7048P :
Best regards,
Romain VERICEL
rvericel
22 Posts
0
March 26th, 2019 14:00
Hi @DELL-Josh Cr ,
Thank in advance for your help.
I have sent you the service tag in the private message.
Best regards,
Romain VERICEL
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 26th, 2019 14:00
Thanks, got it. Are the clients able to ping the vlan 10 IP address?
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 26th, 2019 14:00
Can you private message me the service tag?
rvericel
22 Posts
0
March 27th, 2019 00:00
Hi @DELL-Josh Cr ,
I do nothing about the clients able to ping the vlan 10 IP address because for the others VLAN, I had nothing special to do.
What need I do for the clients able to ping the VLAN 10 IP address? create a ACL?
best regards,
Romain VERICEL
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
March 27th, 2019 09:00
It doesn’t sound like it is routing to VLAN 10 properly, which is why they can’t get to the internet either. Try creating a static route with the ip route command.
rvericel
22 Posts
0
March 28th, 2019 05:00
Hi @DELL-Josh Cr ,
Thank you your reply.
I tried to add static routes but nothing change but I have seen the sFlow agent has the same IP address to the VLAN 10 ip adress. Is it normal?
Best regards,
Romain VERICEL