protocol based VLAN not working

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Configuration done to perform packet filter based on "Protocol Based VLAN", traffic was captured via mirroring and I see packets are not forwarding to correct VLAN.



Configuration for port 7:
Summit48si:18 # show port 7 vlan info
Name               VID  Protocol Addr           Flags        Proto   Ports
Payload            333  10.10.20.130  /25   ------f------- mnet   11/20
OM_Node         332  10.10.20.50   /28   v-----f------- ANY    10/20
OM_RPP          192  192.168.0.2    /24 ------f------- mnet   11/20
Internal              46                                ------------------ --------       p1      7/36

Mirror Results:
1) Using "enable mirror add port 7 vlan "Payload" I just see traffic to network 10.10.20.128/25. There is no traffic from network 10.10.20.128/25

2) Using "enable mirror add port 7 vlan OM_Node" I am able to see traffic from  network 10.10.20.128/25, but traffic is been received by different VLAN than expected which proves mnet protocol based is not working for some reason!

Additional Information:
- It happens for swiches Summit 48si running EOS "7.8.4.1 patch1-r4" & EOS "7.8.4.1".
- "enable multinet" is configured
- "create protocol mnet" is configured

Someone can help me uinderstand what is wrong?
Thanks in advance,
Wanderley Benacchio Junior
Photo of Wanderley Benacchio

Wanderley Benacchio

  • 150 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Wanderley,

Is the port receiving/sending that traffic configured as "tagged" to the protocol-based vlan?
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,086 Points 10k badge 2x thumb
What does the configuration for the 'mnet' protocol filter look like?
Photo of Wanderley Benacchio

Wanderley Benacchio

  • 150 Points 100 badge 2x thumb

Hi Henrique,

Port 7 is added to all VLANs as untag. That is why we need "protocol based" to coorectly decide to which VLAN packet shall be addimited.

Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Wanderley, thanks for your confirmation. Just to confirm since tagged has more priority than protocol-based.

It seems to be related to the protocol filter configuration.
Photo of Wanderley Benacchio

Wanderley Benacchio

  • 150 Points 100 badge 2x thumb
I would say thanks for your time & help ;-)

As I have commented with Brandon, I suppose "mnet" is a predefined protocol where is performed a comparation of Packet Source IP Address against VLAN network and in case it matches packet will be addmited on that VLAN, but I do not see so much references to "mnet".
Do you have docs that explain how "mnet" works?
When I do a "mnet" printout I see this:

SW# show protocol mnet
  Protocol Name     Type  Value
----------------   ----- ------
mnet              
SW#
Photo of Wanderley Benacchio

Wanderley Benacchio

  • 150 Points 100 badge 2x thumb

Hi Brandon,

I suppose mnet is a predefined protocol where is performed a comparation of Packet Source IP Address against VLAN network and in case it matches packet will be addmited on that VLAN. Anyway see printout for mnet protocol:   
SW# show protocol mnet
  Protocol Name     Type  Value
----------------   ----- ------
mnet              
SW#


Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi Wanderley,

as far as I understand it, you need to configure the manually created protocol with name mnet:
configure protocol mnet PARAMETERS
The parameters describe the layer 2 (Ethernet) values that define this protocol.

I am quite sure that this mechanism does not consider IP addresses.

Br,
Erik
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,086 Points 10k badge 2x thumb
Erik is correct, 'mnet' is a protocol filter that you created, and it must be manually defined as to what traffic goes into it.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi Brandon,

there seem to be examples using an "mnet" protocol filter as a dummy in the ExtremeWare 7.8 User Guide regarding Multinetting. But I have never used this feature and I do not know why this dummy protocol is needed.

I would suggest Wanderley to take a look at the examples there and try to follow them as close as possible.

Erik
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi Wanderley,

your questions seems to be related the IP Multinetting Operation section starting on page 670 of the ExtremeWare 7.8 User Guide. There a dummy protocol mnet is created w/o protocol parameters.

In the examples there, one of the VLANs is configured to use protocol ip, all others to use mnet.

Br,
Erik
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Based on the User Guide example, it seems that changing your vlan "OM_Node" protocol filter from "ANY" to "ip" should work.

There are 2 important comments:
  • All VLANs used in the multinetting application must share the same port assignment.
  • One VLAN is configured to use an IP protocol filter. This is considered the “primary” VLAN interface for the multinetted group.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi,

as I understand it, IP Multinetting (enable multinet) is used as a proprietary substitute for secondary IP addresses which were not supported until ExtremeWare 7.3:
IP multinetting is used in many legacy IP networks when there is need to overlap multiple subnets onto the same physical segment. Though it can be a critical element in a transition strategy, due to the additional constraints introduced in troubleshooting and bandwidth, it is recommended that multinetting be used as a transitional tactic, and not as a long-term network design strategy.
I do not see any provision to separate the traffic into different VLANs. On the contrary, this multinetting seems to join the different VLANs together.

Please note that I have not used or tried out the multinetting feature, I just try to understand it based on the documentation.

Br,
Erik