Vlan configuration issues

  • 0
  • 1
  • Question
  • Updated 2 weeks ago
  • Answered
  • (Edited)
I'm working on extreme summit x450 with exos 15.3.1.4. I am playing around with vlans and am having some issues. Here is my vlan configuration:

configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-48, 2:1-48, 3:1-24
configure vr VR-Default add ports 1:1-48, 2:1-48, 3:1-24
configure vlan default delete ports 1:1-48, 2:1-48, 3:1-24
create vlan "Data"
configure vlan Data tag 1
configure vlan Default tag 3000
create vlan "test"
configure vlan test tag 10
create vlan "Voice"
configure vlan Voice tag 100
configure vlan Data add ports 1:3-48, 2:1-48, 3:1-3, 3:5-24 untagged
configure vlan test add ports 1:48 tagged
configure vlan test add ports 3:4 untagged
configure vlan Voice add ports 1:3-48, 2:1-48 tagged
configure vlan Voice add ports 1:1-2 untagged
configure vlan Voice ipaddress 192.168.112.3 255.255.255.0
enable ipforwarding vlan Voice
configure vlan Data ipaddress 172.24.112.27 255.255.254.0
enable ipforwarding vlan Data
configure vlan test ipaddress 172.24.108.3 255.255.254.0
enable ipforwarding vlan test
configure ports 1:48 monitor vlan test
configure ports 3:4 monitor vlan test

At the other end of port 3:4 is a fortigate router with 172.24.108.1/23. We have a dhcp server at 172.24.112.18. If I ping 172.24.108.1 from 172.24.108.3 it works. If I ping 172.24.112.18 from 172.24.108.3 it fails. I can ping it from 172.24.112.27 and it works correctly. I'm not sure where else to look to try and get this working. Ultimately I want to have DHCP handing out 172.24.108 addresses.

Photo of Jaren Boone

Jaren Boone

  • 130 Points 100 badge 2x thumb

Posted 2 weeks ago

  • 0
  • 1
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,500 Points 3k badge 2x thumb
Hi Jaren

Do you have a gateway configured for that 172.24.112.x network?

Thanks
Brad
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
network diagram please
Photo of Jaren Boone

Jaren Boone

  • 130 Points 100 badge 2x thumb
Sadly, I don't know the best way to give you a network diagram which isn't super confusing. 
Photo of Jaren Boone

Jaren Boone

  • 130 Points 100 badge 2x thumb
In the switch?

Here is my routing

Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration
#s   Default Route      172.24.112.251  1    UG---S-um--f- Data       15d:0h:10m:14s
#d   172.24.108.0/23    172.24.108.3    1    U------um--f- test       0d:1h:43m:18s
#d   172.24.112.0/23    172.24.112.27   1    U------um--f- Data       15d:0h:10m:23s
#d   192.168.112.0/24   192.168.112.3   1    U------um--f- Voice      15d:0h:10m:23s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
       (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
       (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
       (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
       (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
       (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
       (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
       (*) Preferred unicast route (@) Preferred multicast route
       (#) Preferred unicast and multicast route

Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic
       (f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP
       (l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing
       (p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP
       (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
     1 default routes                2 routes at length 23
     1 routes at length 24

Route Origin distribution:
     3 routes from Direct               1 routes from Static


Total number of routes = 4
Total number of compressed routes = 0 

Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,884 Points 20k badge 2x thumb
There is no routing issue on the switch but on the rest of the network.

You'd do 2 things....
- add a route to the DHCP server if that is possible = 172.24.107.0/23 via 172.24.112.27
- configure DHCP relay on the switch or the the DHCP requests from the clients will never reach the DHCP server because the server is in a different subnet
Photo of Jaren Boone

Jaren Boone

  • 130 Points 100 badge 2x thumb
Am I adding that route to the dhcp server on the switch?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,884 Points 20k badge 2x thumb
OK let's start from scratch...

If a client is connected to the test VLAN he tx a DHCP request - that is a braodcast = works only in the same subnet.
Because the DHCP server is in another subnet you'd need to configure the switch to forward the request to the IP of the server.

# configure bootprelay vlan test add 172.24.112.18

Now the packet could reach the server but we'd need to make sure that the server knows how to reach the 172.24.107.0/23 network.
Because the default gw is set to 251 (not sure who that is) we add a static route.

e.g. for a windows device go in the DOS window
# route add 172.24.107.0 mask 255.255.254.0 172.24.112.27 -p

Now the DHCP server will use .127 to reach the 172.24.107.0/23 network and it should work.
Photo of Jaren Boone

Jaren Boone

  • 130 Points 100 badge 2x thumb
Thank you, that worked, I had to enable bootprelay on the test and data vlan though. 

I'm confused as to why I had to add the static route to the dhcp server. The 112.251 gateway is the router, which is the router 108.1 is on, i.e. 108.1 is on port 16, 112.251 is on port 15. When there is no vlan involved and I gave my self a static 108 address, i could ping 112.18 just fine. What is about the vlan that all the sudden made it so that it didn't know where 108.0/24 is any more?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,884 Points 20k badge 2x thumb
OK that is why a network diagram is helpful.

In that case configure bootrelay on the router and not on the switch.

If the router has a interface/IP in all VLANs then I'd remove all the ipforwarding because the router should do the routing between the LANs and not the switch.

Just give the switch one IP in whatever VLAN you use as a mgmt VLAN for remote access.