ExtremeSwitching (EXOS)

 View Only
Expand all | Collapse all

Inter-VLAN Routing not working correctly

Eric Burke

Eric Burke07-17-2018 21:57

IT-SA

IT-SA07-17-2018 21:57

  • 1.  Inter-VLAN Routing not working correctly

    Posted 07-17-2018 19:43
      |   view attached
    Hello!

    I just took over a System Administrator role for a company and trying to figure out what happened to one of their VLANs.
    I am new to the Extreme Network devices. They currently have 3 stacked X450-e as their main switch stack/router.
    The previous SA setup a new VLAN (VLAN11) to free up some IPs on the main subnet.
    Some PCs started dropping from the network last week and we ended up figuring out that the VLAN had been removed from the switch configuration.
    I readded it and tried to set everything up as it should be but its not working and I am starting to bang my head against the wall and need some other eyes on this to tell me where the issue might be.

    I've gone through all the help guides on here and cannot get a PC to ping another PC on VLAN11 from VLAN1. I cannot even get VLAN11 to pass DHCP to the PC. Static set IP doesn't work either.
    DHCP server IP is 192.168.0.17

    Here is my current switch config:

    Attachment(s)

    txt
    switch-config.txt   29 KB 1 version


  • 2.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 20:20
    What's routing between VLAN's? I see all of your VLAN's, but I don't see anything routing between them. Do you have a firewall or some other device in place?


  • 3.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:04
    The switch that I uploaded should be the device doing routing.


  • 4.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:04
    Sorry about that - misread the configs (those ipforwarding commands hide in the middle of a bunch of stuff). Let me re-read 🙂...


  • 5.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:20
    Stupid question - the devices are untagged in V11, correct? Here's the list of items you show there: 1:41, 2:21, 2:30, 3:7. Try dumping a "show port vlan" and make sure that the devices needing to be routed are untagged. At first glance, it looks okay. Issue a "show ipconfig" and "show iproute" and make sure nothing jumps out there. You can also dump the arp cache on a PC (set IP manually first) and make sure the MAC of the DFGW is actually the extreme. Same on the DHCP server.


  • 6.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:20
    Yeah, those are the ports I have been playing with trying to get it working.
    The ports are untagged.


  • 7.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:20
    show iproute

    Ori Destination Gateway Mtr Flags VLAN Duration
    #s Default Route 192.168.0.2 1 UG---S-um--f- Default 5d:22h:16m:30s
    d 10.90.0.0/29 10.90.0.1 1 -------um---- replication 5d:22h:16m:43s
    #d 192.168.0.0/24 192.168.0.1 1 U------um--f- Default 5d:22h:16m:43s
    #d 192.168.11.0/24 192.168.11.1 1 U------um--f- VLAN11 5d:6h:1m:47s
    #d 192.168.100.0/24 192.168.100.1 1 U------um--f- VOICE 5d:22h:16m:43s
    Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
    (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
    (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
    (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
    (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
    (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
    (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
    (*) Preferred unicast route (@) Preferred multicast route
    (#) Preferred unicast and multicast route
    Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic
    (f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP
    (l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing
    (p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP
    (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
    MPLS Label: (S) Bottom of Label Stack
    Mask distribution:
    1 default routes 3 routes at length 24
    1 routes at length 29
    Route Origin distribution:
    4 routes from Direct 1 routes from Static
    Total number of routes = 5
    Total number of compressed routes = 0


  • 8.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:30
    Did you enable IP forwarding on the VLAN? Do a 'show VLAN vlan11' and check


  • 9.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:30
    VLAN Interface with name VLAN11 created by user
    Admin State: Enabled Tagging: 802.1Q Tag 11
    Description: None
    Virtual router: VR-Default
    IPv4 Forwarding: Enabled
    Primary IP : 192.168.11.1/24
    IPv6 Forwarding: Disabled
    IPv6: None
    STPD: None
    Protocol: Match all unfiltered protocols
    Loopback: Disabled
    NetLogin: Disabled
    QosProfile: None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile: None configured
    Ports: 4. (Number of active ports=3)
    Untag: *1:41, 2:21, *2:30, *3:7
    Flags: (*) Active, (!) Disabled, (g) Load Sharing port
    (b) Port blocked on the vlan, (m) Mac-Based port
    (a) Egress traffic allowed for NetLogin
    (u) Egress traffic unallowed for NetLogin
    (t) Translate VLAN tag for Private-VLAN
    (s) Private-VLAN System Port, (L) Loopback port
    (e) Private-VLAN End Point Port
    (x) VMAN Tag Translated port
    (G) Multi-switch LAG Group port


  • 10.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    I should mention that ports 1:41 and 2:30 are currently working. I thought I had it figured out last week but all the other ports I try to enable as VLAN11 seems to fail to pull DHCP IP.
    I can ping them from a VLAN1 PC too.


  • 11.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    You can do a "show port


  • 12.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Port: 1:41
    Virtual-router: VR-Default
    Type: UTP
    Random Early drop: Unsupported
    Admin state: Enabled with auto-speed sensing auto-duplex
    Link State: Active, 1Gbps, full-duplex
    Link Ups: 24 Last: Tue Jul 17 19:02:11 2018
    Link Downs: 23 Last: Tue Jul 17 19:02:07 2018
    VLAN cfg:
    Name: VOICE, 802.1Q Tag = 10, MAC-limit = No-limit, Virtual router: VR-Default
    Name: VLAN11, Internal Tag = 11, MAC-limit = No-limit, Virtual router: VR-Default
    STP cfg:
    Protocol:
    Name: VLAN11 Protocol: ANY Match all protocols.
    Trunking: Load sharing is not enabled.
    EDP: Enabled
    ELSM: Disabled
    Ethernet OAM: Disabled
    Learning: Enabled
    Unicast Flooding: Enabled
    Multicast Flooding: Enabled
    Broadcast Flooding: Enabled
    Jumbo: Disabled
    Flow Control: Rx-Pause: Enabled Tx-Pause: Disabled
    Priority Flow Control: Disabled
    Reflective Relay: Disabled
    Link up/down SNMP trap filter setting: Enabled
    Egress Port Rate: No-limit
    Broadcast Rate: No-limit
    Multicast Rate: No-limit
    Unknown Dest Mac Rate: No-limit
    QoS Profile: None configured
    Ingress Rate Shaping : Unsupported
    Ingress IPTOS Examination: Disabled
    Ingress 802.1p Examination: Enabled
    Ingress 802.1p Inner Exam: Disabled
    Egress IPTOS Replacement: Disabled
    Egress 802.1p Replacement: Disabled
    NetLogin: Disabled
    NetLogin port mode: Port based VLANs
    Smart redundancy: Enabled
    Software redundant port: Disabled
    IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
    IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
    IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    auto-polarity: Enabled
    Shared packet buffer: default
    VMAN CEP egress filtering: Disabled
    PTP Configured: Disabled
    Time-Stamping Mode: None

    show port 2:13 info detail
    Port: 2:13
    Virtual-router: VR-Default
    Type: UTP
    Random Early drop: Unsupported
    Admin state: Enabled with auto-speed sensing auto-duplex
    Link State: Active, 1Gbps, full-duplex
    Link Ups: 25 Last: Tue Jul 17 19:12:34 2018
    Link Downs: 24 Last: Tue Jul 17 19:12:31 2018
    VLAN cfg:
    Name: Default, 802.1Q Tag = 1, MAC-limit = No-limit, Virtual router: VR-Default
    Name: VOICE, 802.1Q Tag = 10, MAC-limit = No-limit, Virtual router: VR-Default
    STP cfg:
    Protocol:
    Trunking: Load sharing is not enabled.
    EDP: Enabled
    ELSM: Disabled
    Ethernet OAM: Disabled
    Learning: Enabled
    Unicast Flooding: Enabled
    Multicast Flooding: Enabled
    Broadcast Flooding: Enabled
    Jumbo: Disabled
    Flow Control: Rx-Pause: Enabled Tx-Pause: Disabled
    Priority Flow Control: Disabled
    Reflective Relay: Disabled
    Link up/down SNMP trap filter setting: Enabled
    Egress Port Rate: No-limit
    Broadcast Rate: No-limit
    Multicast Rate: No-limit
    Unknown Dest Mac Rate: No-limit
    QoS Profile: None configured
    Ingress Rate Shaping : Unsupported
    Ingress IPTOS Examination: Disabled
    Ingress 802.1p Examination: Enabled
    Ingress 802.1p Inner Exam: Disabled
    Egress IPTOS Replacement: Disabled
    Egress 802.1p Replacement: Disabled
    NetLogin: Disabled
    NetLogin port mode: Port based VLANs
    Smart redundancy: Enabled
    Software redundant port: Disabled
    IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
    IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
    IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    auto-polarity: Enabled
    Shared packet buffer: default
    VMAN CEP egress filtering: Disabled
    PTP Configured: Disabled
    Time-Stamping Mode: None


  • 13.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Whoops, wrong port.


  • 14.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    So, you have a mismatch there. The untagged ports are the ones listed with "internal tag". The second port you list is a trunk port with only "tagged" vlans. It sounds like that's not what you're looking for.


  • 15.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Yeah, that port was previously one of the ones I was working on. Working on getting updated config.

    Here is the arp errors:

    Dynamic Entries : 160 Static Entries : 0
    Pending Entries : 0
    In Request : 5151717 In Response : 39365
    Out Request : 368235 Out Response : 466309
    Failed Requests : 55332
    Proxy Answered : 0
    Rx Error : 0 Dup IP Addr : 0.0.0.0
    Rejected Count : 344344 Rejected IP : 169.254.101.108
    Rejected Port : 2:41 Rejected I/F : Default
    Max ARP entries : 8192 Max ARP pending entries : 256
    ARP address check: Enabled ARP refresh : Enabled
    Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
    Retransmit Time : 1000 milliseconds
    Reachable Time : 900000 milliseconds (Auto)


  • 16.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Interesting. Port 2:41 saw an IP that did not match the VLAN on that port. It's probably just because your DHCP is not getting out and/or back.


  • 17.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Port: 2:13
    Virtual-router: VR-Default
    Type: UTP
    Random Early drop: Unsupported
    Admin state: Enabled with auto-speed sensing auto-duplex
    Link State: Active, 1Gbps, full-duplex
    Link Ups: 26 Last: Tue Jul 17 19:20:45 2018
    Link Downs: 25 Last: Tue Jul 17 19:20:42 2018
    VLAN cfg:
    Name: Default, 802.1Q Tag = 1, MAC-limit = No-limit, Virtual router: VR-Default
    Name: VOICE, 802.1Q Tag = 10, MAC-limit = No-limit, Virtual router: VR-Default
    Name: VLAN11, Internal Tag = 11, MAC-limit = No-limit, Virtual router: VR-Default
    STP cfg:
    Protocol:
    Name: VLAN11 Protocol: ANY Match all protocols.
    Trunking: Load sharing is not enabled.
    EDP: Enabled
    ELSM: Disabled
    Ethernet OAM: Disabled
    Learning: Enabled
    Unicast Flooding: Enabled
    Multicast Flooding: Enabled
    Broadcast Flooding: Enabled
    Jumbo: Disabled
    Flow Control: Rx-Pause: Enabled Tx-Pause: Disabled
    Priority Flow Control: Disabled
    Reflective Relay: Disabled
    Link up/down SNMP trap filter setting: Enabled
    Egress Port Rate: No-limit
    Broadcast Rate: No-limit
    Multicast Rate: No-limit
    Unknown Dest Mac Rate: No-limit
    QoS Profile: None configured
    Ingress Rate Shaping : Unsupported
    Ingress IPTOS Examination: Disabled
    Ingress 802.1p Examination: Enabled
    Ingress 802.1p Inner Exam: Disabled
    Egress IPTOS Replacement: Disabled
    Egress 802.1p Replacement: Disabled
    NetLogin: Disabled
    NetLogin port mode: Port based VLANs
    Smart redundancy: Enabled
    Software redundant port: Disabled
    IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
    IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
    IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    auto-polarity: Enabled
    Shared packet buffer: default
    VMAN CEP egress filtering: Disabled
    PTP Configured: Disabled
    Time-Stamping Mode: None


  • 18.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Can you try removing everything but V11 from that port? conf def del port 2:13 | conf voice del port 2:13 and retest?


  • 19.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57
    Still nothing.

    Port: 2:13
    Virtual-router: VR-Default
    Type: UTP
    Random Early drop: Unsupported
    Admin state: Enabled with auto-speed sensing auto-duplex
    Link State: Active, 1Gbps, full-duplex
    Link Ups: 28 Last: Tue Jul 17 19:31:06 2018
    Link Downs: 27 Last: Tue Jul 17 19:31:02 2018
    VLAN cfg:
    Name: VLAN11, Internal Tag = 11, MAC-limit = No-limit, Virtual router: VR-Default
    STP cfg:
    Protocol:
    Name: VLAN11 Protocol: ANY Match all protocols.
    Trunking: Load sharing is not enabled.
    EDP: Enabled
    ELSM: Disabled
    Ethernet OAM: Disabled
    Learning: Enabled
    Unicast Flooding: Enabled
    Multicast Flooding: Enabled
    Broadcast Flooding: Enabled
    Jumbo: Disabled
    Flow Control: Rx-Pause: Enabled Tx-Pause: Disabled
    Priority Flow Control: Disabled
    Reflective Relay: Disabled
    Link up/down SNMP trap filter setting: Enabled
    Egress Port Rate: No-limit
    Broadcast Rate: No-limit
    Multicast Rate: No-limit
    Unknown Dest Mac Rate: No-limit
    QoS Profile: None configured
    Ingress Rate Shaping : Unsupported
    Ingress IPTOS Examination: Disabled
    Ingress 802.1p Examination: Enabled
    Ingress 802.1p Inner Exam: Disabled
    Egress IPTOS Replacement: Disabled
    Egress 802.1p Replacement: Disabled
    NetLogin: Disabled
    NetLogin port mode: Port based VLANs
    Smart redundancy: Enabled
    Software redundant port: Disabled
    IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
    IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
    IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    auto-polarity: Enabled
    Shared packet buffer: default
    VMAN CEP egress filtering: Disabled
    PTP Configured: Disabled
    Time-Stamping Mode: None


  • 20.  RE: Inter-VLAN Routing not working correctly

    Posted 07-17-2018 21:57