cancel
Showing results for 
Search instead for 
Did you mean: 

Vlan configuration issues

Vlan configuration issues

Jaren_Boone
New Contributor II
I'm working on extreme summit x450 with exos 15.3.1.4. I am playing around with vlans and am having some issues. Here is my vlan configuration:

configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-48, 2:1-48, 3:1-24
configure vr VR-Default add ports 1:1-48, 2:1-48, 3:1-24
configure vlan default delete ports 1:1-48, 2:1-48, 3:1-24
create vlan "Data"
configure vlan Data tag 1
configure vlan Default tag 3000
create vlan "test"
configure vlan test tag 10
create vlan "Voice"
configure vlan Voice tag 100
configure vlan Data add ports 1:3-48, 2:1-48, 3:1-3, 3:5-24 untagged
configure vlan test add ports 1:48 tagged
configure vlan test add ports 3:4 untagged
configure vlan Voice add ports 1:3-48, 2:1-48 tagged
configure vlan Voice add ports 1:1-2 untagged
configure vlan Voice ipaddress 192.168.112.3 255.255.255.0
enable ipforwarding vlan Voice
configure vlan Data ipaddress 172.24.112.27 255.255.254.0
enable ipforwarding vlan Data
configure vlan test ipaddress 172.24.108.3 255.255.254.0
enable ipforwarding vlan test
configure ports 1:48 monitor vlan test
configure ports 3:4 monitor vlan test

At the other end of port 3:4 is a fortigate router with 172.24.108.1/23. We have a dhcp server at 172.24.112.18. If I ping 172.24.108.1 from 172.24.108.3 it works. If I ping 172.24.112.18 from 172.24.108.3 it fails. I can ping it from 172.24.112.27 and it works correctly. I'm not sure where else to look to try and get this working. Ultimately I want to have DHCP handing out 172.24.108 addresses.

14 REPLIES 14

Jaren_Boone
New Contributor II
In the switch?

Here is my routing

Ori Destination Gateway Mtr Flags VLAN Duration #s Default Route 172.24.112.251 1 UG---S-um--f- Data 15d:0h:10m:14s #d 172.24.108.0/23 172.24.108.3 1 U------um--f- test 0d:1h:43m:18s #d 172.24.112.0/23 172.24.112.27 1 U------um--f- Data 15d:0h:10m:23s #d 192.168.112.0/24 192.168.112.3 1 U------um--f- Voice 15d:0h:10m:23s Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic (f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP (l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing (p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up MPLS Label: (S) Bottom of Label Stack Mask distribution: 1 default routes 2 routes at length 23 1 routes at length 24 Route Origin distribution: 3 routes from Direct 1 routes from Static Total number of routes = 4 Total number of compressed routes = 0

OK that is why a network diagram is helpful.

In that case configure bootrelay on the router and not on the switch.

If the router has a interface/IP in all VLANs then I'd remove all the ipforwarding because the router should do the routing between the LANs and not the switch.

Just give the switch one IP in whatever VLAN you use as a mgmt VLAN for remote access.

Thank you, that worked, I had to enable bootprelay on the test and data vlan though.

I'm confused as to why I had to add the static route to the dhcp server. The 112.251 gateway is the router, which is the router 108.1 is on, i.e. 108.1 is on port 16, 112.251 is on port 15. When there is no vlan involved and I gave my self a static 108 address, i could ping 112.18 just fine. What is about the vlan that all the sudden made it so that it didn't know where 108.0/24 is any more?

OK let's start from scratch...

If a client is connected to the test VLAN he tx a DHCP request - that is a braodcast = works only in the same subnet.
Because the DHCP server is in another subnet you'd need to configure the switch to forward the request to the IP of the server.

# configure bootprelay vlan test add 172.24.112.18

Now the packet could reach the server but we'd need to make sure that the server knows how to reach the 172.24.107.0/23 network.
Because the default gw is set to 251 (not sure who that is) we add a static route.

e.g. for a windows device go in the DOS window
# route add 172.24.107.0 mask 255.255.254.0 172.24.112.27 -p

Now the DHCP server will use .127 to reach the 172.24.107.0/23 network and it should work.
GTM-P2G8KFN