Management VLAN on a C2G124

  • 0
  • 2
  • Question
  • Updated 1 day ago
  • (Edited)
Hi All. I am trying to get my head around the Enterasys way of doing things. I am used to the Cisco way of VLANs & trunking and have successfully set up a trunked network between an H3C switch, a Cisco AIR-AP1262N and a Cisco 887VAM router. The network has 5 VLANs and has full internet access. The AP has a trunk to the 887 via the H3C. I am trying to add the Enterasys C2G124-24 via a trunk link to the H3C as I want to extend the reach of my network. The management VLAN is VLAN10 (10.1.1.0/24). The other 4 VLANs asre for guest access etc. The 887 is effectively a router on a stick. Interface ge.1.1 is to be the trunk link to the H3C.

My config so far is:

<pre>
C2G124(su)->show config 
!
#Router Configuration
router
enable
configure
interface vlan 10
no shutdown
ip address 10.1.1.25 255.255.255.0 
exit
interface vlan 20
no shutdown
ip address 20.1.1.25 255.255.255.0 
exit
interface vlan 30
no shutdown
ip address 30.1.1.25 255.255.255.0 
exit
interface vlan 40
no shutdown
ip address 40.1.1.25 255.255.255.0 
exit
interface vlan 50
no shutdown
ip address 50.1.1.25 255.255.255.0 
exit
interface loopback 0
no shutdown
ip address 2.1.2.4 255.255.255.255 
exit
router rip
!
#ip
!

#ipv6
set ipv6 enable
set ipv6 address 2001:44B8:4121:3B01::/64 eui64
set ipv6 address 2001:44B8:4121:3B01::2124/64
!
#port
set port duplex ge.1.1-24 full
!
set port vlan ge.1.1-24 10 
!
#prompt
set prompt "C2G124"
!
#vlan
set vlan create 10
set vlan create 20
set vlan create 30
set vlan create 40
set vlan create 50
clear vlan egress 1 ge.1.1-24
set vlan egress 10 ge.1.1-24 untagged
set host vlan 10 
!
C2G124(su)->
</pre>

Info on ge.1.1 is:

<pre>
C2G124(su)->show port ge.1.1 
Port  ge.1.1 enabled

C2G124(su)->show port eg 
 Port       Vlan      Egress          Registration 
  Number      Id        Status            Status
  ------------------------------------------------------------
  ge.1.1      10        untagged          static    

C2G124(su)->show port ingress-filter ge.1.1
  Port        State
 ----------  -----------
 ge.1.1      disabled
</pre>

What is it I'm missing here? If I assign an IP address to the switch on a bare bones config before creating any VLANs I can ping the switch and telnet into it. As soon as I start adding VLANs it stops and have to console into it. The routing stuff was a vain attempt to try and get around the issue, to no avail. And I thought the H3C learning curve was steep!

Cheers,

Matt.
Photo of Matt

Matt

  • 144 Points 100 badge 2x thumb

Posted 6 days ago

  • 0
  • 2
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,722 Points 10k badge 2x thumb
Hi Matt,

if you want to use the C2 as a layer 2 switch, with all routing on the Cisco 887, you do not need to have any router configuration on the C2. In fact in that case you should delete all router configuration from the switch.

You would just create the five VLANs, configure the trunk link, set the host vlan to 10, and add the management IP address. If you are routing from/to the management VLAN, you need to set a default gateway as well (I have used 10.1.1.1 as default gateway in the following example).

clear vlan egress 1 *.*.*
set vlan create 10,20,30,40,50
set vlan egress 10,20,30,40,50 ge.1.1 tagged
set host vlan 10
set ip address 10.1.1.25 mask 255.255.255.0 gateway 10.1.1.1
You might want to take a look at How to configure IP address / Subnet Mask / Default Gateway on SecureStack.

If the management VLAN 10 is untagged you need to modify the configuration as follows:
set port vlan ge.1.1 10 modify-egress
set vlan egress 20,30,40,50 ge.1.1 tagged
On the other hand, if you want to use the C2 as a router, you should not configure a host IP address at all (clear ip address) and use the router configuration (the part that looks like a Cisco IOS configuration) for all IP addresses on the switch.

Thanks,
Erik
Photo of Matt

Matt

  • 144 Points 100 badge 2x thumb
Thanks Erik, that worked. Is there any advantage to setting the switch to router mode?
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,722 Points 10k badge 2x thumb
Hi Matt,

the C2 can act as a (simple) router and provide wire speed IP forwarding by utilizing forwarding ASICs. The small Cisco 887 router provides more features, but uses software forwarding and cannot provide the forwarding performance of a layer 3 switch.

Anyway, software forwarding performance should suffice for a small home network.

You may be able to utilize the additional performance of hardware IP forwarding if you have a fast storage server in a different subnet than the clients.

Thanks,
Erik
Photo of Matt

Matt

  • 144 Points 100 badge 2x thumb
Thanks Erik,

I'll probably stick to the 887 doing the routing as it seems to have a far more advanced feature set. The Enterasys seems to be lacking in IPv6 commands and routing features. As I'm also using prefix delegation from my ISP and using 5 VLANs I'll keep the C2 as purely a switch. Your above config works well.

Here in Australia we have the crappiest NBN internet connections in the world. Mine maxes out at 50Mbps so the 887 should handle these speeds with ease.

Matt.
(Edited)