Default VLAN disfunctional, DHCP not working on untagged ports

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
I am sure that I have something configured wrong. This is my first Extreme switch. It is connected via a fiber connection to a trunked Cisco port (port 50 on my Extreme side).

For hosts with static IP addresses, everything works fine. But for my DHCP hosts, they are pulling VLAN 1 IP addresses regardless of the VLAN they are on. This is the native VLAN in my Cisco environment, and my Default vr on my Extreme switch. That is, 10.0.44.0/22. I thought that maybe I needed to do something like an "ip-helper" in the Cisco realm. Hence the bootprelay stuff in my config ... which does not appear to be working!

Also, I can no longer ssh to my switch (it used to work before I rebooted it?). And I cannot seem to ping out from the switch itself, so I am having to do all my changes through a console connection.

Help!  :-)

And now, my configuration ...

#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-54
configure vr VR-Default add ports 1-54
configure vlan default delete ports 1-48
create vlan "EduTrailerData"
configure vlan EduTrailerData tag 470
create vlan "EMC"
configure vlan EMC tag 200
create vlan "Imaging"
configure vlan Imaging tag 5
create vlan "MainHosp1fl"
configure vlan MainHosp1fl tag 10
configure ports 49 auto off speed 10000 duplex full
configure ports 50 auto off speed 10000 duplex full
configure ports 51 auto off speed 10000 duplex full
configure ports 52 auto off speed 10000 duplex full
configure ports 53 auto off speed 10000 duplex full
configure ports 54 auto off speed 10000 duplex full
configure vlan Default add ports 49-54 untagged
configure vlan EduTrailerData add ports 50 tagged
configure vlan EduTrailerData add ports 1-2, 4-9, 11-14, 17-48 untagged
configure vlan EMC add ports 10 untagged
configure vlan Imaging add ports 3 untagged
configure vlan MainHosp1fl add ports 50 tagged
configure vlan MainHosp1fl add ports 15-16 untagged
configure vlan Default ipaddress 10.0.45.3 255.255.252.0
enable ipforwarding vlan Default

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add default 10.0.45.1


#
# Module mcmgr configuration.
#

#
# Module aaa configuration.
#
configure account admin encrypted "**SNIP**"

#
# Module acl configuration.
#




#
# Module bfd configuration.
#

#
# Module ces configuration.
#


#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#
#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#
enable ssh2

#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#
configure bootprelay add 10.60.60.10 vr VR-Default
configure bootprelay add 10.60.60.11 vr VR-Default
enable bootprelay ipv4 vlan EduTrailerData


#
# Module ntp configuration.
#

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#
configure snmpv3 add group "v1v2cNotifyGroup" user "v1v2cNotifyUser1" sec-model snmpv2c
configure snmpv3 add community "SNIP" name "SNIP" user "v1v2c_rw"
configure snmpv3 add community "v1v2cNotifyComm1" name "SNIP" user "v1v2cNotifyUser1"
configure snmpv3 add target-addr "v1v2cNotifyTAddr1" param "v1v2cNotifyParam1" ipaddress 10.60.60.150 transport-port 162 tag-list "defaultNotify"
0 transport-port 162 tag-list "defaultNotify"
configure snmpv3 add target-params "v1v2cNotifyParam1" user "v1v2cNotifyUser1" mp-model snmpv2c sec-model snmpv2c sec-level noauth

#
# Module stp configuration.
#
configure mstp region 000496989e7f
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default

#
# Module synce configuration.
#

#
# Module techSupport configuration.
#
debug tech-support configure max-collectors 2
configure tech-support collector 12.38.14.200 tcp-port 800 ssl off

#
# Module telnetd configuration.
#
disable telnet

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#
enable web http

#
# Module vmt configuration.
#

#
# Module vsm configuration.
#


Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Steve,

Welcome aboard!

Looking at the config, for the EXOS switch to do a bootprelay(similar to IP-HELPER), we need to have IP address on both the client VLAN and the DHCP server VLAN. This is because, this feature works based on the ipforwarding feature. 

So, once you have the IP address for the Client VLAN, we need to enable the bootprelay in both the client VLAN and the server VLAN. 

Following articles would really help you get started: 

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Bootprelay 

https://gtacknowledge.extremenetworks.com/articles/Solution/Clients-unable-to-get-IP-addresses-with-BOOTP-Relay-configured-on-the-client-VLAN

Hope this helps! 
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Just another example that something is wrong with my Default VLAN (VLAN 1 to the Cisco realm). Here I am trying to ping the gateway for VLAN 1, using the Default VLAN interface.
X460G2-48t-10G4.30 # ping vr "VR-Default" 10.0.45.1Ping(ICMP) 10.0.45.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
--- 10.0.45.1 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Steve,

Can you please ensure that this VLAN is active? Packet transmit error means that the switch does not know how to reach 10.0.45.1. If it is in the same subnet as the switch VLAN IP, it is possible only when none of the ports in that VLAN is active. 
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
That makes sense. I put one of the ports into VLAN 1 and plugged a device into it. My Default IP still doesn't work though!

What should be happening with my Default vlan? My port 50 is a "trunk port" to my Cisco switch. Shouldn't the Default vlan traffic be *untagged* because it's the native vlan on the cisco side? And then I should tag all other vlans on port 50, correct?

I don't suppose you have a working example config for a Cisco trunk connected Extreme switch?
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Steve,

Your understanding is correct, the default VLAN should be untagged on the port connecting to CISCO with a native VLAN and all the other vlans tagged. 

Please share the output of show vlan default to check if the ports are active in it. 

For the time being, try disabling the spanning tree on the cisco side to be sure that there is no blocking on the cisco side. 

When you plugged in a PC, were you able to reach the default VLAN IP of Extreme Switch? 
(Edited)
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
show vlan default to check if the ports are active in it
I wouldn't want my vlan 470 hosts to be active in the Default VLAN would I? I have been removing everything from the Default VLAN.

I am away from the switch at the moment, but I will get connected later at the console and show you the output of that command.
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
For the SSH issue, can you please collect the following output?

show management. Need to ensure that the key is valid. 
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
SSH access                       : Enabled (Key valid, tcp port 22 vr all)
                                 : Access Profile : not set

I think my ssh is set up okay. It *used* to work fine. In fact everything had been working okay until I had to shutdown and move the switch. That's when this DHCP and VLAN 1 issue sprouted up. Makes me think that I had made a change that was not committed until the reboot took place.

Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
The key looks valid. Are you able to ping the Switch IP from your PC. 
If it is reachable, can you enable telnet for troubleshooting and check if telnet works fine? This could help us isolate the issue only to SSH access. 
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
I started over with an empty config this morning. And everything seemed to be going well until I started adding ports to my VLAN 470.

Poking around on the Cisco side, I caught these messages in the logs ...

*Sep 18 06:51:03.160 EDT: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet4/25, changed state to up
*Sep 18 06:55:28.872 EDT: %SPANTREE-SP-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet10/14 VLAN470.
*Sep 18 06:55:28.872 EDT: %SPANTREE-SP-2-BLOCK_PVID_PEER: Blocking GigabitEthernet10/14 on VLAN0001. Inconsistent peer vlan.
*Sep 18 06:55:28.872 EDT: %SPANTREE-SP-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet10/14 on VLAN0470. Inconsistent local vlan.

It doesn't appear that I still have this same issue now, as the Cisco side has done a timeout recovery on the port and the error has not reappeared. This may have been while I was still adding and removing ports to VLANs.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
I was able to get this up and running this past week. I was actually facing two issues that was keeping my configuration from working.

#1 - It seemed like just when I was about done configuring the extreme switch, my entire network would hit the wall. I figured this had to have something to do with my default VLAN and it seemed like I had a loop somewhere. Turns out that when I hastily removed my dying Cisco switch and connected the Extreme switch, I had patched in a copper connection that was setup as a trunk port. This was in addition to the fiber connection that I was using as a trunk port. Oops! The copper connection was a precursor to the fiber run and should have never been reconnected.

#2 - I don't think that my Cisco side was setup properly. I had a hard time finding a good example of what my Cisco port should look like that was connected to my Extreme switch. You know, the whole "trunk port" versus "tagged port" thing.

Here is what my Cisco side port currently looks like:
interface GigabitEthernet10/14
description EDUCATION TRAILER EXTREME NETWORKS SWITCH
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,470,475
switchport mode trunk
no ip address
spanning-tree bpdufilter enable
spanning-tree link-type point-to-point
!
Note that I thought I would need "allowed VLAN 1" in addition to the others, but that proved to be a mistake.

Also, related but unrelated --- once I had taken care of these two problems, DHCP worked just like it was supposed to with setting up VLAN's 10 and 270 as untagged, but then tagged on port 50 (my fiber uplink port). And then I also fooled around with using a voice VLAN. With my Cisco switch, I can add a "voice vlan" to a port in the config, and my Cisco phone will automatically jump on it. With the Extreme switch, I needed to add port 475 as TAGGED on an untagged 470 port. And then, I needed to go onto the Cisco phone and set the Admin VLAN port setting to 475.

Here is my final Extreme config for the curious ...

#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-54
configure vr VR-Default add ports 1-54
configure vlan default delete ports 1-46, 48
create vlan "MainHosp1FL"
configure vlan MainHosp1FL tag 10
create vlan "TrailerData"
configure vlan TrailerData tag 470
create vlan "TrailerVoice"
configure vlan TrailerVoice tag 475
configure ports 49 auto off speed 10000 duplex full
configure ports 50 auto off speed 10000 duplex full
configure ports 51 auto off speed 10000 duplex full
configure ports 52 auto off speed 10000 duplex full
configure ports 53 auto off speed 10000 duplex full
configure ports 54 auto off speed 10000 duplex full
configure vlan Default add ports 47, 49-54 untagged
configure vlan MainHosp1FL add ports 50 tagged
configure vlan MainHosp1FL add ports 15 untagged
configure vlan TrailerData add ports 50 tagged
configure vlan TrailerData add ports 1-14, 16-46, 48 untagged
configure vlan TrailerVoice add ports 1-14, 16-46, 48, 50 tagged
configure vlan Default ipaddress 10.0.45.3 255.255.252.0

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add default 10.0.45.1

#
# Module mcmgr configuration.
#

#
# Module aaa configuration.
#
configure account admin encrypted "SNIP"
#
# Module acl configuration.
#




#
# Module bfd configuration.
#

#
# Module ces configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#

#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#

#
# Module ntp configuration.
#

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#
SNIP
#
# Module stp configuration.
#
configure mstp region 000496989e7f
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default

#
# Module synce configuration.
#

#
# Module techSupport configuration.
#
debug tech-support configure max-collectors 2

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#

#
# Module vmt configuration.
#

#
# Module vsm configuration.
#
Photo of Drew C.

Drew C., Community Manager

  • 37,350 Points 20k badge 2x thumb
Glad you were able to get it going.  Thanks for coming back to confirm and to share your config!