Problem with Enterasys B5G124 and D2G124 VLAN connection

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Acknowledged

Hello friends,

I have a huge problem with my VLAN connection. I've network in 2 locations:

Location 1 - central building with B5G124 router (IP 192.168.20.250) and computer (IP 192.168.30.200)

Location 2 - other building: an IP camera  (IP 192.168.103.71) and computer (IP 192.168.103.200) connected to D2G124 switch (IP 192.168.20.251). 

Connection between router (ge.1.23) and switch (ge.1.12): fiber optic

I can pinging between router and switch. I haven't any pings between computer in location 1 and camera, computer in location 2. Where is problem?

PS. Forgive me friends - I'm not IT specialist - I'm only engineer in energetic speciality.

Config of switches and VLAN was listed below:

LOCATION 1
 
VLAN: 1                 NAME: DEFAULT VLAN
 VLAN Type: Default
 Egress Ports
None.
 Forbidden Egress Ports
None.
 Untagged ports
None.

 

 VLAN: 20                NAME: Management
 VLAN Type: Permanent
 Egress Ports
ge.1.5, ge.1.23-24
 Forbidden Egress Ports
None.
 Untagged ports
ge.1.5

 VLAN: 30                NAME: WORK
 VLAN Type: Permanent
 Egress Ports
ge.1.1-3, ge.1.23-24
 Forbidden Egress Ports
None.
 Untagged ports
ge.1.1-3

 VLAN: 103               NAME: CAMERAS
 VLAN Type: Permanent
 Egress Ports
ge.1.23
 Forbidden Egress Ports
None.
 Untagged ports
None.

LOCATION 2

 VLAN: 1                 NAME: DEFAULT VLAN
 VLAN Type: Default
 Egress Ports
ge.1.12
 Forbidden Egress Ports
None.
 Untagged ports
ge.1.12

 VLAN: 20                NAME: Management
 VLAN Type: Permanent
 Egress Ports
ge.1.12
 Forbidden Egress Ports
None.
 Untagged ports
None.

 VLAN: 30                NAME: WORK
 VLAN Type: Permanent
 Egress Ports
ge.1.12
 Forbidden Egress Ports
None.
 Untagged ports
None.

 VLAN: 103               NAME: CAMERAS
 VLAN Type: Permanent
 Egress Ports
ge.1.1, ge.1.12
 Forbidden Egress Ports
None.
 Untagged ports
ge.1.1


Configuration of router

#vlan
set vlan create 20
set vlan create 30
set vlan create 103
set vlan name 20 "Management"
set vlan name 30 "WORK"
clear vlan egress 1 ge.1.1-5;ge.1.13;ge.1.19-24
set vlan egress 20 ge.1.23-24 tagged
set vlan egress 20 ge.1.5 untagged
set vlan egress 30 ge.1.23-24 tagged
set vlan egress 30 ge.1.1-4 untagged
set vlan egress 103 ge.1.13;ge.1.23 tagged
set host vlan 20
!

#Router Configuration

interface vlan 20
exit
interface vlan 30
ip address 192.168.30.254 255.255.255.0
no shutdown
exit
interface vlan 103
ip address 192.168.103.252 255.255.255.0
no shutdown


#port

set port vlan ge.1.1 30
set port vlan ge.1.2 30
set port vlan ge.1.5 20
set port vlan ge.1.12 20
set port vlan ge.1.13 103
set port vlan ge.1.23 30
set port vlan ge.1.24 30
!


Configuration of switch:

#vlan
set vlan create 20
set vlan create 30
set vlan name 20 "Management"
set vlan name 30 "WORK"
clear vlan egress 1 ge.1.1;ge.1.11
set vlan egress 20 ge.1.11-12 tagged
set vlan egress 30 ge.1.11-12 tagged
set vlan egress 30 ge.1.1-2 untagged
set host vlan 20


#port
set port disable ge.1.2
set port disable ge.1.3
set port disable ge.1.4
set port disable ge.1.5
set port disable ge.1.6
set port disable ge.1.7
set port disable ge.1.8
set port disable ge.1.9
set port disable ge.1.10
set port disable ge.1.11
set port duplex ge.1.1 full
set port speed ge.1.1 1000
set port vlan ge.1.1 30

I'm still self learning abou IT, but this is really wide range of science. I would be grateful for any help!

Peter






Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Christoph

Christoph

  • 1,842 Points 1k badge 2x thumb
you missed to configure vlan 103 on switch in location 2
Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb

Thanks Christoph! You have right of course! I missed my last configuration file (of switch) and pasted wrong (earlier) version. Here is good (directly from device):


#vlan
set vlan create 20
set vlan create 30
set vlan create 103
set vlan name 20 "Management"
set vlan name 30 WORK
set vlan name 103 "CAMERAS"
clear vlan egress 1 ge.1.1;ge.1.11
set vlan egress 20 ge.1.11-12 tagged
set vlan egress 30 ge.1.11-12 tagged
set vlan egress 30 ge.1.2 untagged
set vlan egress 103 ge.1.11-12 tagged
set vlan egress 103 ge.1.1 untagged
set host vlan 20
!


#port
set port disable ge.1.3
set port disable ge.1.4
set port disable ge.1.5
set port disable ge.1.6
set port disable ge.1.7
set port disable ge.1.8
set port disable ge.1.9
set port disable ge.1.10
set port disable ge.1.11
set port duplex ge.1.1 full
set port speed ge.1.1 1000
set port vlan ge.1.1 103
!


With configuration as above connection not working. I'm sorry for mistake!

Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb
The IP of the Computer in Location 2 seems like vlan 103. You defined vlan 30 ge.1.2. Which port do you use as uplink in the router. You defined vlan 103 tagged on port 23, the other vlan are tagged on port 23 and 24?
Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb
Below I peform basic schematic my network:

VLAN 10 will be build in future. Nowadays I'd like using computer in Location 1 (VLAN 30) to watch cameras in Location 2 (VLAN 103) and cameras in Location 3 (VLAN10) - in future. When I wrote:
show mac port ge.1.23 I can see mac addresses: D2G124, camera (other switch - in optional), but I haven't ping response - Request time out".
I read about port forwarding, but I can't switch it in this situation. Maybe I have written something bad in interfaces?
I count on any kind of help.
Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb

Please configure this commands in your router Interfaces:

  no ip proxy-arp
  no ip redirects
  no ip icmp unreachable

Photo of Andre K.

Andre K.

  • 356 Points 250 badge 2x thumb
You have "set port vlan ge.1.23 30" in your B5 config. I think this results in VLAN 30 being trasmitted untagged on this port. While on the other side (ge.1.12 on your D2) it is configured as tagged. Issue the following on your B5:

clear vlan egress 30 ge.1.23
set vlan egress 30 ge.1.23 tagged

Afterwards make sure all VLANS are tagged only on your uplink ports with
show vlan portinfo port ge.1.23 (B5)
show vlan portinfo port ge.1.12 (D2)
If that still won't make it work, go to your workstation 192.168.30.200 and issue
ping 192.168.30.254
ping 192.168.103.252
ping 192.168.103.71
Tell us what pings time out.
Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb

@Nico
I haven't possibilites write all commands. I wrote only "no ip proxy-arp" in my interfaces because possible commands in B5 router are:
no ip access-group
no ip address
no ip directed-broadcast
no ip forward-protocol
no ip helper address
no ip icmp
no ip igp
no ipigmp-proxy
no ip irdp
no ip rip

but after all network still doesn't work...

@Andre
I wrote commands lines and after all - when I pinging from 192.168.20.250 to:
192.168.20.251 alive
192.168.103.254 alive (this is my MikroTIK mini router connected to ge.1.1 D2 switch)
192.168.103.71 alive

Pinging from 192.168.30.200 to:
192.168.20.251 time<1ms TTL=64
192.168.103.254 time=20ms TTL=254
192.168.103.71 "No request time out"

when I connect my camera 192.168.103.71 directly to to ge.1.1 D2 switch - "No request time out"

I don't know it... Newtwork doesn't want working... :(

Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb

and:

ping 192.168.30.254 ->  time<1ms TTL=64
ping 192.168.103.252-> time<1ms TTL=64
ping 192.168.103.71 -> "Request time out"

Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb
The correctly command in router Interface for a B5 Switch is

no ip icmp redirect enable

Thats also be written so in the CLI Guide for B5 Switches.

Photo of Andre K.

Andre K.

  • 356 Points 250 badge 2x thumb

Did you make sure, that the Default Gateway on 192.168.103.71 is set to 192.168.103.252 and subnet mask is 255.255.255.0? Because if you ping successfully from 192.168.30.200 to 192.168.103.254 your routing/uplink configuration seems to be correct. Is your IP camera (192.168.103.71) directly connected to the D2 or is your MikroTIK device in between? If the latter is the case, I propose that's where your problems come from.

Photo of Piotr

Piotr

  • 120 Points 100 badge 2x thumb
Thanks friends! I wrote bad address of gateway camera 192.168.103.71 - I wrote adress: 192.168.103.254 - adress of MikroTIK router as the main gate for cameras. After change - all works good (I thought that gateway is always next hop switch over the cameras!). I think my mistake is result of my future task and I have LAST problem combine with it.In future I can get possibility to connect to other party network (Location 3) with a few cameras(192.168.10.XX) connected to HP switch (with default configuration) and server 192.168.10.254 (192.168.10.254 is gateway for cameras). I can make link by fiber optic between B5 router and HP switch in Location3; I'm going to make next actions:
1. set VLAN 10 on B5 router and D2 switch, set interface VLAN 10 (for example: 192.168.10.100)
2. make dialoque with admin of Location 3 network for set gateway on HP switch (for cameras and server) - for example: 192.168.10.254 and change serverIP on 192.168.10.253
My ask is: if example above is the best solution of my problem?

PS actions with electric ciruits is simplier than IT networks (this my second, additional-non official part of job, so forgive me my lack of knowledge).