routing via interface on extreme 670, xos 15.3

  • 0
  • 1
  • Question
  • Updated 4 years ago
Hi,

On some linux server i have routing via interface:

ifconfig eth0 10.10.20.1/24
route add -net 10.10.10.0/24 dev eth0

I'd like do the same on extreme 670, but i can't

something like this:
configure vlan999 ipaddress 10.10.20.1/24
configure iproute add 10.10.10.0/24 vlan999

Is there some trick or other way to get this kind of functionality ? second/multi addresses on interface has some cons for me..

thanks for help,
greetings
Peter


Photo of Peter1962

Peter1962

  • 90 Points 75 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
you have to enable ipformwarding command on vlan vlan999  in order to send traffic between the vlans.

Mentioned the gateway address instead of vlan name as shown below,

configure iproute add 10.10.10.0/24 10.10.20.1
Photo of Peter1962

Peter1962

  • 90 Points 75 badge 2x thumb
Hmm, still doesn't work. I don't see any packets on server with ip 10.10.10.88

I have:
configure vlan vlan999 ipaddress 10.10.20.1 255.255.255.255
enable ipforwarding vlan vlan999
configure access-list test_vlan999 vlan "vlan999" ingress
configure access-list test_vlan999 vlan "vlan999" egress
configure iproute add 10.10.10.0 255.255.255.0 10.10.20.1

sho iproute:
#s   10.10.10.0/24     10.10.20.1   1    U----S-um--f- vlan999 6d:2h:4m:11s

 # show access-list counter
Policy Name       Vlan Name        Port   Direction
    Counter Name                   Packet Count         Byte Count
==================================================================
test_vlan999      vlan999          *      ingress
    a1-in                          74
    a1-out                         0


entry a1-in {
if match all {
   source-address 10.10.10.88/32 ;
  }
then {
    log ;
   permit  ;
   count a1-in ;
}
}

entry a1-out {
if match all {
   destination-address  10.10.10.88/32 ;
 }
then {
    log ;
   permit  ;
   count a1-out ;
}
}

Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
To see the egress ACL counter use the command "show access-list counter egress".

Confirm the ARP and FDB has properly learnt on port.
show ARP 10.10.10.88
show fdb
Photo of Esa Kuusisto

Esa Kuusisto

  • 310 Points 250 badge 2x thumb
Check your netmask in vlan 999 and you need to have second vlan with network 10.10.10.0/24.
(Edited)
Photo of Peter1962

Peter1962

  • 90 Points 75 badge 2x thumb
There is correct fdb entry but there is no iparp entry for this ip address.

 show iproute "vlan999"
Ori Destination Gateway Mtr Flags VLAN Duration
#s 10.10.10.0/24 10.10.20.1 1 U----S-um--f- vlan999 9d:10h:39m:17s
 d 10.10.20.1/32 10.10.20.1  1  -------um---- vlan999 3d:9h:27m:48s

as i said before: second/multi addresses on interface has some cons for me and i looking another solution.