ExtremeSwitching (Other)

Expand all | Collapse all

Communication between 2 Vlans

  • 1.  Communication between 2 Vlans

    Posted 05-20-2015 14:22
    I am trying to get our wireless network communicating with a specific Vlan. So our wireless network is setup with a vlan as well. I have ipforwarding enabled for both vlans. What am I missing?

    Just a little more information: If I am connected to the network via wired connection, I can ping a device on our 114 vlan. If I am connected to the network via wireless (118 vlan), then I cannot ping that same device.



  • 2.  RE: Communication between 2 Vlans

    Posted 05-20-2015 14:26
    Hello Beth,

    Could you give us a little more detail on the products you are working with?

    Thanks,

    Doug


  • 3.  RE: Communication between 2 Vlans

    Posted 05-20-2015 14:39
    Our Core switch is stacked Summit X460G2 and the edge switches are Summit X440's.



  • 4.  RE: Communication between 2 Vlans

    Posted 05-20-2015 15:07
    Our wireless controllers are Cisco 5508's


  • 5.  RE: Communication between 2 Vlans

    Posted 05-20-2015 17:46
    Beth,

    I would look at what information you have for subnet/routing at both the wireless controllers and on the wireless clients (DHCP config?).

    Can you plug your laptop/device into a wired port on vlan 118, manually configure an ip/subnet/gateway that matches what the wireless clients should have and ping your VLAN 114 device?


  • 6.  RE: Communication between 2 Vlans

    Posted 05-21-2015 15:31
    Our wireless is configured for DHCP on both controllers and clients. On the Extreme side we do not have any ports that are configured just for the 118 Vlan.

    It is strange because if on what we call our Finishing side, which has its own edge switch, we cannot ping the 114 vlan from wireless. However, if we are standing in certain areas on our Extrusion side, there are some areas that the wireless communication to the 114 vlan works and areas that don't.

    When our main core was yet Cisco, everything worked as it should, even after we swapped out all Cisco edge switches with the edge Extreme. Now that we moved our main core over to Extreme, it does not. I am assuming it is configuration on the Extreme core but not sure what is missing.

    I do not believe that it is configuration with the access points or the controllers.

    Thoughts?

    Thanks, Beth



  • 7.  RE: Communication between 2 Vlans

    Posted 05-25-2015 02:42
    Can you post the results of show vlan and show iproute from the core and the edge switches? You can sanitize the IPs as long as it's easy to tell the different subnets apart still and the logic stays accurate.


  • 8.  RE: Communication between 2 Vlans

    Posted 05-26-2015 09:03
    Here is the core:

    telnet session telnet0 on /dev/ptyb0

    login: admin
    password:

    ExtremeXOS
    Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
    This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
    ==============================================================================

    Press the


  • 9.  RE: Communication between 2 Vlans

    Posted 05-26-2015 09:06
    Here is our Finishing switch that we cannot ping the 114 vlan from the wireless vlan 118:

    telnet session telnet0 on /dev/ptyb0

    login: admin
    password:

    ExtremeXOS
    Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
    This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
    ==============================================================================

    Press the


  • 10.  RE: Communication between 2 Vlans

    Posted 05-26-2015 09:09
    This edge switch has sporatic connections from the wireless to the 114 vlan:

    telnet session telnet0 on /dev/ptyb0

    login: admin
    password:

    ExtremeXOS
    Copyright (C) 1996-2013 Extreme Networks. All rights reserved.
    Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135; 7,448,045; 7,447,777; 7,453,874; 7,463,628; 7,483,370; 7,499,679; 7,502,374; 7,539,750; 7,522,516; 7,546,480; 7,552,275; 7,554,978; 7,558,273; 7,568,107; 7,577,996; 7,581,024; 7,580,409; 7,580,350; 7,584,262; 7,599,292; 7,602,721; 7,606,249; 7,606,240; 7,606,263; 7,613,209; 7,619,971; 7,646,773; 7,646,770; 7,649,879; 7,657,619; 7,657,635; 7,660,259; 7,660,894; 7,668,969; 7,672,228; 7,675,915; 7,689,678; 7,693,158; 7,710,993; 7,719,968; 7,724,734; 7,724,669; 7,733,899; 7,752,338; 7,773,507; 7,783,733; 7,792,058; 7,813,348; 7,814,204; 7,817,549; 7,817,633; 7,822,038; 7,822,032; 7,821,931; 7,823,199; 7,822,033; 7,835,348; 7,843,927; 7,856,019; 7,860,006; 7,889,750; 7,889,658; 7,894,451; 7,903,666; 7,908,431; 7,912,091; 7,936,764; 7,936,687; 7,944,942; 7,983,192; 7,990,850; 8,000,344; 8,055,800; 8,059,658; 8,072,887; 8,085,779; 8,107,383; 8,117,336; 8,117,657; 8,135,007; 8,139,583; 8,159,936; 8,160,074; 8,161,270; 8,174,980; 8,204,070; 8,208,418; 8,233,474; 8,255,996; 8,274,974; 8,279,874; 8,295,188.
    ==============================================================================

    Press the


  • 11.  RE: Communication between 2 Vlans

    Posted 05-26-2015 12:32
    Well, my initial thought was maybe there's an issue with routing traffic back to the wireless clients.

    Now I'm just going to ramble ideas and we'll see what happens.
    Are there any LAG groups in the path wireless clients are taking? Perhaps there's an issue with traffic getting lost in the LAG? (This is usually diagnosable by looking at source/destination details and seeing that traffic works when the hash is even vs odd or visa versa and is usually caused by configuration mismatches between sides of the link)
    Are all of the APs in the same mode (tunnel vs bridge)? Perhaps there's an issue there.
    Do all of the APs in the extrusion switch have the same port configuration (VLANs, tagged/untagged)?
    Are the wireless clients able to ping anything successfully? Their own gateway, switch and wifi controller management interfaces, etc?
    Are they receiving an IP from DHCP that matches the scope you expect?

    I know you said this all worked with a Cisco core, but Cisco also seems to support a lot of "auto configuration" when communicating with other Cisco products that the Extreme core likely doesn't support.


  • 12.  RE: Communication between 2 Vlans

    Posted 05-26-2015 20:42
    Is the VLAN tagged on all the uplink ports all the way back to the router? Like Doug says, Cisco uses VTP by default, which essentially configures everything for you as long as you designate the uplink as a trunk port. (Cisco VLAN naming standards are weird). The XOS switches will require manual VLAN tagging on all the uplink ports that connect back to the routing segment.


  • 13.  RE: Communication between 2 Vlans

    Posted 05-27-2015 10:39
    It appears that the AP's are bridged back to the WLC and all the uplink ports are setup as tagged.

    One item I did see in the iproute, is that Vlan300, which is what the AP's and WLC are on, is not listed in the iproute. Could this be the issue?



  • 14.  RE: Communication between 2 Vlans

    Posted 05-27-2015 10:41
    Also, Vlan300 is not listed in the IPForwarding on the Core as well.

    On the Cisco, the WLC, AP's were all configured to the Vlan300 on the core switch.



  • 15.  RE: Communication between 2 Vlans

    Posted 05-27-2015 11:36
    Hi,

    Our APs usually have a traffic vlan (tagged) and the management vlan (untagged) unless you do not need to access those APs from another VLAN it should not be necessary to have VLAN 300 in ipforwarding mode. The WLC should be able to contact all APs within the VLAN.

    To come to a point, if you ping your AP's Mgmt Address in VLAN 300 from anyother VLAN this will not work. If you ping a device in the traffic vlan (which is 118 from what I understand) then this should work.

    I would advise to check on your uplink ports configuration (tagged/untagged). E.g. to VLAN 118 no Ports are attached on two of your sh vlan prints and the VLAN is therfore in disabled state.

    Regards



  • 16.  RE: Communication between 2 Vlans

    Posted 05-27-2015 17:09
    Unless all your APs plug directly into your core, none of your APs are on vlan300 right now. (sh vlan on both edge switches only show v300 assigned to 2 ports with only 1 active)



  • 17.  RE: Communication between 2 Vlans

    Posted 05-27-2015 17:30
    I think it may be time for methodical documentation. This generally leads to finding the issue.
    Start at your core, go through every port and verify they have the vlans needed and are in the correct tagged/untagged binding, verify all LAG groups are configured as you expect them to be.
    Go to the WLC, verify that it is plugged into the port(s) you expect it to be in, verify any LAG configuration, verify tagged/untagged expectations of vlans.
    Go to the edge switches, verify that they are connected to the core in the ports you expect them to be in, lag configuration, verify AP ports are configured as you expect them to be and that the APs are receiving the IP you expect them to have.
    If you have edp enabled (and I recommend it) you can use "show edp ports all detail" to verify what port and vlans the other side of a EN to EN link has.

    We use Aruba for wlan here, but the idea should be similar.
    All end-user vlans and the management vlan are tagged into the WLC. We use 2x10GBps LACP groups for our WLCs, so LACP must be configured on both sides of the link.
    Our APs connect to the edge switches on untagged ports in the local VLAN for that building/floor and DHCP is used to tell the APs where to connect. It sounds like you're expecting to be using Layer2 discovery where all APs should be in the same VLAN as the management/primary interface of the WLCs.
    The end-user traffic is then tunneled back to the WLC, which does its magic and spits the traffic out onto the end-user VLANs into the core for routing.