[e-nsp] Layer 2/3 VLAN Issue between two switches
Erik Bais
erik at bais.name
Thu Mar 21 08:29:15 EDT 2013
Hi,
If you want to route on an Extreme device you need to enable ipforwarding on the switch for the vlan’s that you want to enable that for.
Command:
enable ipforwarding <vlan name>
If you want to route only on the router, you need to give the router interfaces on each vlan, with it’s own IP address in each vlan.
Hope that helps,
Erik Bais
From: extreme-nsp-bounces at puck.nether.net [mailto:extreme-nsp-bounces at puck.nether.net] On Behalf Of root net
Sent: donderdag 21 maart 2013 12:40
To: Extreme NSP
Subject: [e-nsp] Layer 2/3 VLAN Issue between two switches
Hello All,
I am faced with a issue.
I have for this scenario, one router, two switches and one server.
router on a stick <-tagged-> switch 1 <-tagged-> switch 2 -> (untagged) server (dual nic/port)
Vlans
2 = staff
3 = mgmt
4 = servers
switch 1 = bd6808 7.8e.4-1 MSM64ix2
switch 2 = summit 400-48T 7.8e.4-1
switch 1 and switch 2 are connected over copper.
router and switch 2 are connected over copper.
If I plug the server directly into switch 1 the server can ping gateway on router and switch 1 but not any device in same vlan on switch 2, just switch 1 and router.
If I plug the server into switch 2 the server cannot ping anything but other servers on that vlan only on switch 2.
Not sure what's wrong haven't had much sleep so it could be something simple I'm missing.
I can see the mac address of switch 2 if I try to ping but can't get a successful ping. I can also see the other switch if I enable edp on the port.
sh iparp on switch 2 when try to ping 192.168.100.2
192.168.100.2 (incomplete) 0 NO servers[0004]
BD6808:9 # sh iparp (switch 1)
Destination Mac Age Static VLAN [VID] Port
192.168.100.1 00:0F:34:57:A7:00 5 NO servers[0004] 2:25 (to router)
192.168.100.3 00:04:96:18:49:C0 1 NO servers[0004] 6:3 (to switch 2)
router
interface fa0/0
no ip add
!
!
!
interface fa0/0.4
encap dot1q 4
ip add 192.168.100.1 255.255.255.0
switch 1
IGMP snooping is enabled for all vlans BTW
# Config information for VLAN servers.
configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 28
configure vlan "servers" protocol "ANY"
configure vlan "servers" qosprofile "QP1"
configure vlan "servers" qosprofile ingress none
configure vlan "servers" ipaddress 192.168.100.2 255.255.255.0
configure vlan "servers" add port 2:25 tagged (port to router)
configure vlan "servers" add port 6:3 tagged (port to switch 2)
# -- IP Interface[1] = "servers"
enable icmp unreachable vlan "servers"
enable icmp redirects vlan "servers"
enable icmp port-unreachables vlan "servers"
enable icmp time-exceeded vlan "servers"
enable icmp parameter-problem vlan "servers"
disable icmp timestamp vlan "servers"
disable icmp address-mask vlan "servers"
enable subvlan-proxy-arp "servers"
configure ip-mtu 1500 vlan "servers"
# IP ARP Configuration
configure iparp timeout 20
configure iparp max-entries 4096
configure iparp max-pending-entries 256
enable iparp checking
enable iparp refresh
#
switch 2
IGMP snooping is enabled for all vlans
# Config information for VLAN servers.
configure vlan "servers" tag 4 # VLAN-ID=0xc Global Tag 7
configure vlan "servers" protocol "ANY"
configure vlan "servers" qosprofile "QP1"
configure vlan "servers" ipaddress 192.168.100.3 255.255.255.0 (only configured to see if could ping)
configure vlan "servers" add port 15 untagged (to server)
configure vlan "servers" add port 31 untagged (to server)
configure vlan "servers" add port 9 tagged (going to switch 1)
# -- IP Interface[4] = "servers"
enable icmp unreachable vlan "servers"
enable icmp redirects vlan "servers"
enable icmp port-unreachables vlan "servers"
enable icmp time-exceeded vlan "servers"
enable icmp parameter-problem vlan "servers"
disable icmp timestamp vlan "servers"
disable icmp address-mask vlan "servers"
configure ip-mtu 1500 vlan "servers"
# IP ARP Configuration
configure iparp timeout 20
configure iparp max-entries 4096
configure iparp max-pending-entries 256
enable iparp checking
enable iparp refresh
#
Any help is much appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/extreme-nsp/attachments/20130321/15c18e08/attachment.html>
More information about the extreme-nsp
mailing list