More Vman configuration questions

  • 1
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
  • (Edited)
Im trying to configure Vman for the first time and hopefully have followed the documentation for a basic system.

Ist switch 
Slot-1 SLOUGH_SWITCH4.69 # sh conf | include vman
configure vman ethertype 0x8100
create vman "SLOUGH4088"
configure vman SLOUGH4088 tag 4088
configure vman SLOUGH4088 add ports 1:48 tagged
configure vman SLOUGH4088 add ports 1:1 untagged ( customer facing port) 

Conf vlan test1 add port 1:1 t (user vlan)
Conf vlan test2 add port 1:1 t ( user vlan )

( middle switch )

Slot-1 SLOUGH_SWITCH1.39 # sh conf | include vman
configure vman ethertype 0x8100
create vman "SLOUGH4088"
configure vman SLOUGH4088 tag 4088
configure vman SLOUGH4088 add ports 1:46-47 tagged

Bottom Switch


* Slot-1 SLOUGH_SWITCH3.16 # sh conf | include vman
configure vman ethertype 0x8100
create vman "SLOUGH4088"
configure vman SLOUGH4088 tag 4088
configure vman SLOUGH4088 add ports 1:48 tagged
configure vman SLOUGH4088 add ports 1:1 untagged ( customer facing port.

Conf vlan test1 add port 1:1 t
Conf vlan test2 add port 1:1 t

There are two other switches , one at each end , where test 1 and test 2 reside with IP addresses.

I have added an IP address also the the vman and this pings across ( which you would expect as it basic layer 2 connection 

Please advise what  am i missing ..
Photo of Rod Robertson

Rod Robertson

  • 2,344 Points 2k badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
From what I understand (bear with me, I *just* recently did this and had a million questions about it), you don't need vlan test1/test2 on port 1:1 on the top/bottom switches. Unless those lines only exist on the customer switch, in which case things should work

You don't care what vlans the customer runs; they just tag their vlans on their switches to the port that connects to your top/bottom port 1:1.
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
You said "I tag my user vlans ( test1 and 2  port 1:1 )"
Don't do that ;) Or at least: "I didn't do that"

Let's say user's switch, port 24, has tagged vlan "123" and "234" - connects to physical port 1:1 on bottom switch.

Bottom switch has VMAN "slough4088" configured with UNtagged port 1:1 and TAGged port 48 (presumably goes to 46/47 on middle switch)
Middle switch has VMAN "slough4088" with TAGged 46/47
Upper switch etc. just like bottom switch.
All VMANs are ethertype 0x8100

In my case, I just hand the customer an ethernet cable that's plugged in to my switch's "1:1" port (untagged VMAN port). That gets plugged into their switch, and I don't care how many VLANs they tag on their port, or what the numbers are, etc.

Now, if they would need multiple (5) ethernet cables connecting their gear to let's say ports 1:1-5 on my end, I'd still tell them to tag/trunk that stuff on their ports, and I'd just say "conf VMAN slough add ports 1:1-5 UNtagged" - or at least I think that's how that should work.
Photo of Rod Robertson

Rod Robertson

  • 2,344 Points 2k badge 2x thumb
Frank , brilliant It works ... I was getting stuck on the Tagged untagged on port 1:1 ...

Thanks for your help..
Photo of Rod Robertson

Rod Robertson

  • 2,344 Points 2k badge 2x thumb
Of course all the vlan names have been changed to protect the location..
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
Heh - you do the same that we do: draw pictures on a whiteboard, then document it via smartphone pic! +1, kind sir :D
Glad I could help!
Photo of Rod Robertson

Rod Robertson

  • 2,344 Points 2k badge 2x thumb
I thought I had the vman stuff sorted , in the lab , it works fine.. as per my diagram.

Now the real world.. The layer two internet part is provided by an ISP and their network is cisco.

Configuration as before at both ends 

 # sh conf | include vmanconfigure vman ethertype 0x8100
create vman "4088"
configure vman 4088 tag 4088
configure vman 4088 add ports 1:47 tagged
configure vman 4088 add ports 1:48 untagged

Connect cable to port 1:48  VMAN( port untagged )

From connecting switch the vlans are tagged..

The only difference now is that the vman terminating switch is an X670 48X

And the user switch is an X670-48T
So basically teh same as the diagram already supplied exect now I am using fibre connections ..

I have added IP addresses to the vman 4088 of 192.168.200.100 and 192.168.20.200.

Ok what can I not do .

I cannot ping the remote end of the vman link ( which as layer 2 I should be able to ) 

From my client side .. Tagged Vlan out of the switch, connected to the vman untagged port ..

If I send a ping to the default gateway I get no response, though if I look in the arp cache of the PC , I see the default gateway address.

If I have a look at the fdb of the client switch , I can see the mac address of the remote switches ( across the vman ) 

If I connect my laptop on the client switch and I monitor the Vman ports on the X670-48X I can see the approprate packets coming in on the untagged and going out on the tagged ( as it should be  )

Everything look like the lab.. but its not working ..

Any suggestions would be appreciated..

For lab see previous posting with drawing..
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
Hi,
The port that your ISP plugs into, that should be a tagged port, I would think. Also, make sure you have jumbo-frames enabled on all ports.
But I might misunderstand something - in your photo, which part is the ISP with their Cisco gear?
Photo of Rod Robertson

Rod Robertson

  • 2,344 Points 2k badge 2x thumb
Frank, thanks again for your input.. I seem to have transposed my ins and outs again..

 I started a new case as I thought this one was closed..


configure vman ethertype 0x8100
create vman "4089"
configure vman 4089 tag 4089
configure vman 4089 add ports 1:48 tagged ( janet ISP )
configure vman 4089 add ports 1:47 untagged ( connected to X670-48t ) where the uplinking vlans are tagged  ( 10 Gig fibre link )..

Jumbo frames enabled 

Config jumbo-frame-size 9216
conf ip-mtu 9216 vlan 4089


My access to janet ( ISP ) is port 1:48 which is tagged

As you see this worked in the lab and I could ping the vman IP that I had configured at each end.. now in the real world .. LOL

The strangest thing is that in the IPARP Cache i can see the remote IP address

lot-1 SDC_EXT2.7 # sh iparp
VR            Destination      Mac                Age  Static  VLAN          VID   Port
VR-Default    192.168.200.100  00:04:96:8b:fd:d6    6      NO  4089    4089  1:48

Just cant ping it !!!!

I think its back to the lab tomorrow..