Mailing List Archive

Hi,

If you want to route on an Extreme device you need to enable ipforwarding on the switch for the vlan’s that you want to enable that for.

Command:
enable ipforwarding <vlan name>

If you want to route only on the router, you need to give the router interfaces on each vlan, with it’s own IP address in each vlan.

Hope that helps,
Erik Bais

From: extreme-nsp-bounces@puck.nether.net [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of root net
Sent: donderdag 21 maart 2013 12:40
To: Extreme NSP
Subject: [e-nsp] Layer 2/3 VLAN Issue between two switches

Hello All,

I am faced with a issue.

I have for this scenario, one router, two switches and one server.

router on a stick <-tagged-> switch 1 <-tagged-> switch 2 -> (untagged) server (dual nic/port)

Vlans
2 = staff
3 = mgmt
4 = servers

switch 1 = bd6808 7.8e.4-1 MSM64ix2
switch 2 = summit 400-48T 7.8e.4-1

switch 1 and switch 2 are connected over copper.
router and switch 2 are connected over copper.

If I plug the server directly into switch 1 the server can ping gateway on router and switch 1 but not any device in same vlan on switch 2, just switch 1 and router.
If I plug the server into switch 2 the server cannot ping anything but other servers on that vlan only on switch 2.

Not sure what's wrong haven't had much sleep so it could be something simple I'm missing.

I can see the mac address of switch 2 if I try to ping but can't get a successful ping. I can also see the other switch if I enable edp on the port.

sh iparp on switch 2 when try to ping 192.168.100.2

192.168.100.2 (incomplete) 0 NO servers[0004]


BD6808:9 # sh iparp (switch 1)
Destination Mac Age Static VLAN [VID] Port
192.168.100.1 00:0F:34:57:A7:00 5 NO servers[0004] 2:25 (to router)
192.168.100.3 00:04:96:18:49:C0 1 NO servers[0004] 6:3 (to switch 2)


router

interface fa0/0
no ip add
!
!
!
interface fa0/0.4
encap dot1q 4
ip add 192.168.100.1 255.255.255.0


switch 1

IGMP snooping is enabled for all vlans BTW

# Config information for VLAN servers.
configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 28
configure vlan "servers" protocol "ANY"
configure vlan "servers" qosprofile "QP1"
configure vlan "servers" qosprofile ingress none
configure vlan "servers" ipaddress 192.168.100.2 255.255.255.0
configure vlan "servers" add port 2:25 tagged (port to router)
configure vlan "servers" add port 6:3 tagged (port to switch 2)

# -- IP Interface[1] = "servers"
enable icmp unreachable vlan "servers"
enable icmp redirects vlan "servers"
enable icmp port-unreachables vlan "servers"
enable icmp time-exceeded vlan "servers"
enable icmp parameter-problem vlan "servers"
disable icmp timestamp vlan "servers"
disable icmp address-mask vlan "servers"
enable subvlan-proxy-arp "servers"
configure ip-mtu 1500 vlan "servers"

# IP ARP Configuration

configure iparp timeout 20
configure iparp max-entries 4096
configure iparp max-pending-entries 256
enable iparp checking
enable iparp refresh
#

switch 2

IGMP snooping is enabled for all vlans

# Config information for VLAN servers.
configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 7
configure vlan "servers" protocol "ANY"
configure vlan "servers" qosprofile "QP1"
configure vlan "servers" ipaddress 192.168.100.3 255.255.255.0 (only configured to see if could ping)
configure vlan "servers" add port 15 untagged (to server)
configure vlan "servers" add port 31 untagged (to server)
configure vlan "servers" add port 9 tagged (going to switch 1)

# -- IP Interface[4] = "servers"
enable icmp unreachable vlan "servers"
enable icmp redirects vlan "servers"
enable icmp port-unreachables vlan "servers"
enable icmp time-exceeded vlan "servers"
enable icmp parameter-problem vlan "servers"
disable icmp timestamp vlan "servers"
disable icmp address-mask vlan "servers"
configure ip-mtu 1500 vlan "servers"

# IP ARP Configuration

configure iparp timeout 20
configure iparp max-entries 4096
configure iparp max-pending-entries 256
enable iparp checking
enable iparp refresh
#



Any help is much appreciated!

Eric,

Thank you for your reply.

On Thu, Mar 21, 2013 at 7:29 AM, Erik Bais <erik@bais.name> wrote:

> Hi, ****
>
> ** **
>
> If you want to route on an Extreme device you need to enable ipforwarding
> on the switch for the vlan’s that you want to enable that for. ****
>
> ** **
>
> Command: ****
>
> enable ipforwarding <vlan name>
>

I've tried it with ipforwarding on and it still doesn't do anything. I want
the routing to take place for the time being on the router. I want a simple
layer 2 VLAN. I assigned a IP on the vlan for connectivity testing only.
Does everything else look good to you?

> ****
>
> ** **
>
> If you want to route only on the router, you need to give the router
> interfaces on each vlan, with it’s own IP address in each vlan. ****
>
> ** **
>
> Hope that helps,****
>
> Erik Bais ****
>
> ** **
>
> *From:* extreme-nsp-bounces@puck.nether.net [mailto:
> extreme-nsp-bounces@puck.nether.net] *On Behalf Of *root net
> *Sent:* donderdag 21 maart 2013 12:40
> *To:* Extreme NSP
> *Subject:* [e-nsp] Layer 2/3 VLAN Issue between two switches****
>
> ** **
>
> Hello All,
>
> I am faced with a issue.
>
> I have for this scenario, one router, two switches and one server.
>
> router on a stick <-tagged-> switch 1 <-tagged-> switch 2 -> (untagged)
> server (dual nic/port)
>
> Vlans
> 2 = staff
> 3 = mgmt
> 4 = servers
>
> switch 1 = bd6808 7.8e.4-1 MSM64ix2
> switch 2 = summit 400-48T 7.8e.4-1
>
> switch 1 and switch 2 are connected over copper.
> router and switch 2 are connected over copper.
>
> If I plug the server directly into switch 1 the server can ping gateway on
> router and switch 1 but not any device in same vlan on switch 2, just
> switch 1 and router.
> If I plug the server into switch 2 the server cannot ping anything but
> other servers on that vlan only on switch 2.
>
> Not sure what's wrong haven't had much sleep so it could be something
> simple I'm missing.
>
> I can see the mac address of switch 2 if I try to ping but can't get a
> successful ping. I can also see the other switch if I enable edp on the
> port.
>
> sh iparp on switch 2 when try to ping 192.168.100.2
>
> 192.168.100.2 (incomplete) 0 NO servers[0004]
>
>
> BD6808:9 # sh iparp (switch 1)
> Destination Mac Age Static VLAN [VID] Port
> 192.168.100.1 00:0F:34:57:A7:00 5 NO servers[0004] 2:25 (to
> router)
> 192.168.100.3 00:04:96:18:49:C0 1 NO servers[0004] 6:3 (to switch
> 2)
>
>
> router
>
> interface fa0/0
> no ip add
> !
> !
> !
> interface fa0/0.4
> encap dot1q 4
> ip add 192.168.100.1 255.255.255.0
>
>
> switch 1
>
> IGMP snooping is enabled for all vlans BTW
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 28
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" qosprofile ingress none
> configure vlan "servers" ipaddress 192.168.100.2 255.255.255.0
> configure vlan "servers" add port 2:25 tagged (port to router)
> configure vlan "servers" add port 6:3 tagged (port to switch 2)
>
> # -- IP Interface[1] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> enable subvlan-proxy-arp "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
> switch 2
>
> IGMP snooping is enabled for all vlans
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 7
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" ipaddress 192.168.100.3 255.255.255.0 (only
> configured to see if could ping)
> configure vlan "servers" add port 15 untagged (to server)
> configure vlan "servers" add port 31 untagged (to server)
> configure vlan "servers" add port 9 tagged (going to switch 1)
>
> # -- IP Interface[4] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
>
>
> Any help is much appreciated!****
>

So, I've done some more testing.

I've added an additional switch connected to switch 1. And I've also added
the vlan and from switch 1 to switch 3 it works fine. I can ping just fine.

I've connected switch 3 to switch 2 and tagged the vlan across it and I can
ping just fine from switch 2 to switch 3.

I can now ping from switch 2 to switch 1 but only if switch 3 is in the
mix. I can also ping to the router. I've been over the configs and checked
the fdb and it's almost like the switch 1 is blocking switch 2 from talking
to it.

Not sure what the issue is. I've got learning on.

From switch 1 showing a fdb of the port switch 2 is connected to.

I see

FF:FF:FF:FF:FF:FF servers(0004) 0000000 0000 s m CPU, 2:25(router),
6:3(switch 2), 8:4(switch 3)


From switch 2 showing a fdb of the prot switch 1 is connected to.

08010-206 FF:FF:FF:FF:FF:FF servers(0004) 0000000 0000 s m CPU, 9,
25

port 25 is to switch 3
port 9 is to switch 2


Any help is appreciated.
Thanks

On Thu, Mar 21, 2013 at 6:39 AM, root net <rootnet08@gmail.com> wrote:

> Hello All,
>
> I am faced with a issue.
>
> I have for this scenario, one router, two switches and one server.
>
> router on a stick <-tagged-> switch 1 <-tagged-> switch 2 -> (untagged)
> server (dual nic/port)
>
> Vlans
> 2 = staff
> 3 = mgmt
> 4 = servers
>
> switch 1 = bd6808 7.8e.4-1 MSM64ix2
> switch 2 = summit 400-48T 7.8e.4-1
>
> switch 1 and switch 2 are connected over copper.
> router and switch 2 are connected over copper.
>
> If I plug the server directly into switch 1 the server can ping gateway on
> router and switch 1 but not any device in same vlan on switch 2, just
> switch 1 and router.
> If I plug the server into switch 2 the server cannot ping anything but
> other servers on that vlan only on switch 2.
>
> Not sure what's wrong haven't had much sleep so it could be something
> simple I'm missing.
>
> I can see the mac address of switch 2 if I try to ping but can't get a
> successful ping. I can also see the other switch if I enable edp on the
> port.
>
> sh iparp on switch 2 when try to ping 192.168.100.2
>
> 192.168.100.2 (incomplete) 0 NO servers[0004]
>
>
> BD6808:9 # sh iparp (switch 1)
> Destination Mac Age Static VLAN [VID] Port
> 192.168.100.1 00:0F:34:57:A7:00 5 NO servers[0004] 2:25 (to
> router)
> 192.168.100.3 00:04:96:18:49:C0 1 NO servers[0004] 6:3 (to switch
> 2)
>
>
> router
>
> interface fa0/0
> no ip add
> !
> !
> !
> interface fa0/0.4
> encap dot1q 4
> ip add 192.168.100.1 255.255.255.0
>
>
> switch 1
>
> IGMP snooping is enabled for all vlans BTW
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 28
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" qosprofile ingress none
> configure vlan "servers" ipaddress 192.168.100.2 255.255.255.0
> configure vlan "servers" add port 2:25 tagged (port to router)
> configure vlan "servers" add port 6:3 tagged (port to switch 2)
>
> # -- IP Interface[1] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> enable subvlan-proxy-arp "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
> switch 2
>
> IGMP snooping is enabled for all vlans
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 7
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" ipaddress 192.168.100.3 255.255.255.0 (only
> configured to see if could ping)
> configure vlan "servers" add port 15 untagged (to server)
> configure vlan "servers" add port 31 untagged (to server)
> configure vlan "servers" add port 9 tagged (going to switch 1)
>
> # -- IP Interface[4] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
>
>
> Any help is much appreciated!
>