ExtremeSwitching (Other)

Expand all | Collapse all

missing packages in one vlan

Alexey shavernev

Alexey shavernev10-24-2018 09:20

Alexey shavernev

Alexey shavernev10-24-2018 09:20

  • 1.  missing packages in one vlan

    Posted 10-24-2018 04:32

    There is a VLAN connecting firewall 1 through a stack of firewall 2, that is, 2 ports are involved and that's all. And in it there is a loss of packets. Interestingly, the problem disappears after the reboot of the stack, but partly if the percentage of losses was initially about 25 percent, after the reboot of 8-10 percent. I can immediately say that I changed the slot, I changed the VLAN. But the problem remains, and it arises suddenly. Does anyone have any ideas? Firmware 22.5.1.7. A stack of 5 slots, 4 of which are x440G2-24t-10g4 and x620-16x switches. VLAN on 4 and first stack. Please help !!!


  • 2.  RE: missing packages in one vlan

    Posted 10-24-2018 09:20
    Hello Alexey,

    Have you checked following outputs:

    debug hal show congestion show ports congestion no-refresh

    Best Regards,
    Nikolay



  • 3.  RE: missing packages in one vlan

    Posted 10-25-2018 10:49
    Perhaps start with a simple test (if you're able to do this). Bring up only the master member of the stack and connect the two firewalls locally within the same switch. Does the problem occur? If not, bring the stack fully online but keep the firewalls as-is. Any change? This could be something as simple as a bad cable or mismatched duplex setting. Also, how long are you running your ping test?


  • 4.  RE: missing packages in one vlan

    Posted 10-29-2018 10:45
    do a "sh port no" and provide a screenshot and tell us on which ports you've connected which device.


  • 5.  RE: missing packages in one vlan

    Posted 10-28-2018 14:57
    ok friends, so my exreme do not working in VLAN when his connected to firewall1 and firewall2. packets do not disappear, but the pings disappear the number of bytes that one port processed and the number of bytes that the other port processed is not even close. Erik, I did everything you said and even more, I returned the switch to the factory settings and registered only 1 of this VLAN for connection. I used different extreme switches such as 440-24p, 440-g2-10ge 24t, 440-g2-10ge 48t. Versions of the firmware used different from the latest to the firmware six months ago. But imagine, I tried to implement it through the 8-port D-Link 1018-ge and I did it. Maybe there is some nuance. I note that in VLAN 1 pings do not disappear and the entire network including printersvlan, guestwifi and others work. Please help solve the problem


  • 6.  RE: missing packages in one vlan

    Posted 10-28-2018 17:04
    It would help a lot if you provide more precise information.... e.g.
    - network diagram
    - port number of the connnections
    - IPs
    - VLAN name/number
    - ping what / from which source to which destination

    What I'd see right now is a wall of text without any information in it.

    I'm not an XOS expert but if you really used a factory switch with only one VLAN (default !?) the first thing that comes to mint if you see such a high packet loss is speed/duplex missmatch.

    So connect the 2 FWs again and check the speed/duplex on the port. Not only the configuration but the status after you connect the 2 FWs to see the speed/duplex value that was negotatiated.


  • 7.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56
    really used a factory switch with only 2 VLANS. FIRST VLAN DEFAULT AND SECOND VLAN TRANSTELEKOM TAG 1000. which port does not matter, I tried through any ports. I pinged from Default VLAN from different computer. Network diagram below.



    Please help!!!


  • 8.  RE: missing packages in one vlan

    Posted 10-24-2018 09:20
    Nikolay drop packet 0 on this ports in this vlan.


  • 9.  RE: missing packages in one vlan

    Posted 10-24-2018 09:20
    and packet not drop to firewall 1, but if i ping firewall 2 , loss = 20 %


  • 10.  RE: missing packages in one vlan

    Posted 10-24-2018 09:20
    may be i have bag in fiarewalls?


  • 11.  RE: missing packages in one vlan

    Posted 10-24-2018 09:20
    what do you think? Help me please.


  • 12.  RE: missing packages in one vlan

    Posted 10-25-2018 10:49
    this is config.
    X440G2-24t-10G4.1 # show config

    #

    # Module devmgr configuration.

    #

    configure snmp sysContact "support@extremenetworks.com" target="_blank" rel="nofollow noreferrer noopener">support@extremenetworks.com, +1 888 257 3000"

    configure sys-recovery-level switch reset



    #

    # Module vlan configuration.

    #

    configure vlan default delete ports all

    configure vr VR-Default delete ports 1-28

    configure vr VR-Default add ports 1-28

    configure vlan default delete ports 4,6

    create vlan "Bosch"

    configure vlan Bosch tag 15

    create vlan "GuestWiFi1111"

    configure vlan GuestWiFi1111 tag 1111

    create vlan "networkdevicevlan"

    configure vlan networkdevicevlan tag 50

    create vlan "printersvlan"

    configure vlan printersvlan tag 10

    create vlan "proverka"

    configure vlan proverka tag 1515

    create vlan "securevlan"

    configure vlan securevlan tag 70

    create vlan "serversvlan"

    configure vlan serversvlan tag 30

    create vlan "transtele2"

    configure vlan transtele2 tag 1000

    create vlan "usersvlan"

    configure vlan usersvlan tag 100

    create vlan "videovlan"

    configure vlan videovlan tag 60

    create vlan "voipvlan"

    configure vlan voipvlan tag 20

    configure ports 6 display-string VPNtransteWachguard

    configure ports 24 display-string MagportToServerSW

    configure ports 27 auto off speed 10000 duplex full

    configure ports 28 auto off speed 10000 duplex full

    configure vlan Default add ports 1-3,5,7-28 untagged

    configure vlan GuestWiFi1111 add ports 24 tagged

    configure vlan networkdevicevlan add ports 23-24 tagged

    configure vlan printersvlan add ports 23-24 tagged

    configure vlan printersvlan add ports 4 untagged

    configure vlan securevlan add ports 23-24 tagged

    configure vlan serversvlan add ports 23-24 tagged

    configure vlan transtele2 add ports 24 tagged

    configure vlan transtele2 add ports 6 untagged

    configure vlan usersvlan add ports 24 tagged

    configure vlan videovlan add ports 23-24 tagged

    configure vlan voipvlan add ports 23-24 tagged

    configure vlan Default ipaddress 10.1.5.31 255.255.248.0

    enable ipforwarding vlan Default

    configure vlan Mgmt ipaddress 10.1.5.131 255.255.0.0

    configure vlan Bosch ipaddress 10.5.5.1 255.255.0.0

    enable ipforwarding vlan Bosch

    configure vlan printersvlan ipaddress 10.1.10.4 255.255.254.0

    configure vlan usersvlan ipaddress 10.10.100.4 255.255.254.0

    configure vlan videovlan ipaddress 10.1.60.4 255.255.254.0

    configure vlan serversvlan ipaddress 10.1.30.4 255.255.254.0

    configure vlan securevlan ipaddress 10.1.70.4 255.255.254.0

    configure vlan voipvlan ipaddress 10.1.20.4 255.255.254.0

    configure vlan networkdevicevlan ipaddress 10.1.50.4 255.255.254.0

    configure vlan proverka ipaddress 192.168.0.1 255.255.255.0

    configure ports 6 monitor vlan transtele2

    configure ports 24 monitor vlan transtele2



    #

    # Module mcmgr configuration.

    #



    #

    # Module fdb configuration.

    #



    #

    # Module rtmgr configuration.

    #

    configure iproute add 10.10.100.0 255.255.254.0 10.1.5.254

    configure iproute add 10.1.10.0 255.255.254.0 10.1.5.254

    configure iproute add default 10.1.5.10



    #

    # Module policy configuration.

    #





    #

    # Module aaa configuration.

    #

    create account admin root encrypted "$5$yLNFfM$c9aIF1zLRdEz2S9ZNzWHs0mzdlVtC4.bfGtozxOX8D8"



    #

    # Module acl configuration.

    #









    #

    # Module bfd configuration.

    #



    #

    # Module cfgmgr configuration.

    #



    #

    # Module dosprotect configuration.

    #



    #

    # Module dot1ag configuration.

    #



    #

    # Module eaps configuration.

    #



    #

    # Module edp configuration.

    #



    #

    # Module elrp configuration.

    #

    enable elrp-client



    #

    # Module ems configuration.

    #



    #

    # Module epm configuration.

    #



    #

    # Module erps configuration.

    #



    #

    # Module esrp configuration.

    #



    #

    # Module ethoam configuration.

    #



    #

    # Module etmon configuration.

    #



    #

    # Module exsshd configuration.

    #

    enable ssh2



    #

    # Module hal configuration.

    #



    #

    # Module idMgr configuration.

    #



    #

    # Module ipSecurity configuration.

    #



    #

    # Module ipfix configuration.

    #



    #

    # Module lldp configuration.

    #



    #

    # Module mrp configuration.

    #



    #

    # Module msdp configuration.

    #



    #

    # Module netLogin configuration.

    #



    #

    # Module netTools configuration.

    #



    #

    # Module nodealias configuration.

    #



    #

    # Module ntp configuration.

    #



    #

    # Module poe configuration.

    #



    #

    # Module rip configuration.

    #



    #

    # Module r.png configuration.

    #



    #

    # Module snmpMaster configuration.

    #

    configure snmpv3 engine-id 03:00:04:96:9b:5c:86

    configure snmpv3 add community "private" name "private" user "v1v2c_rw"

    enable snmp access

    enable snmp access snmp-v1v2c

    enable snmp access snmpv3



    #

    # Module stp configuration.

    #

    disable stpd s0



    #

    # Module techSupport configuration.

    #



    #

    # Module telnetd configuration.

    #



    #

    # Module tftpd configuration.

    #



    #

    # Module thttpd configuration.

    #



    #

    # Module twamp configuration.

    #



    #

    # Module vmt configuration.

    #



    #

    # Module vsm configuration.

    #


  • 13.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56
    Alexey - Perhaps we're all misunderstanding your scenario. You're pinging from the workstation on the left (on V1) to both firewalls and showing packet loss when you do so? If that's the case, I only see one firewall with an interface in the same vlan. Can you explain what your overall goal is, along with what firewalls you're using and how you're routing between VLAN's? What does this look like when it's done and working in your opinion?


  • 14.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56

    Friends, between two firewalls tunnel, trusted network 1 and network 2, both networks are in the default Vlan with the same masks just different subnets. Firewall 2 moved to another building. Buildings are connected by a stack whose slots are located in different buildings. Between 10Gbit / s slots. The idea was to connect the tunnel not with a wire, wasting nerves, strength and money to run a cable, and use a simple VLAN with untagged ports for this. I listened to your advice, took a backup extreme and did so you told me I used only one switch, without adding my entire network there. This is described in the diagram, the result was the same. Connecting via RDP is terribly buggy. If I do the same thing through D-link for $ 20. Everything is working.



  • 15.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56
    I can say that it worked through stack before.


  • 16.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56
    what do you think about that situation?


  • 17.  RE: missing packages in one vlan

    Posted 10-29-2018 06:56
    may be problem firewall ?