VLAN configuration on x450e, routing issue

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
I have a very basic network and am simply trying to get my VLANs to allow clients to their destination gateway which is the firewall.

                    Firewall > Core (x450e) > Access Switch 1 (x450e)
                                                           > Access Switch 2 (x450e)

On the Core switch, I have several VLAN's, Mgmt, Voice, Client, etc... The default route on all the switches point to the Management VLAN gateway on the Firewall. When on the management network I can ping between all switches as expected. 

I then add a client in the client vlan and I am unable to get anywhere. A traceroute shows that it is by default trying to route via the management gateway. I don't believe I need to add routes for all the VLANs but am essentially just trying to make them access ports as I am familiar doing on Cisco switches. 

Thanks for the help.

 
Photo of Andrew S.

Andrew S.

  • 210 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Thomas, Ajo

Thomas, Ajo, Alum

  • 252 Points 250 badge 2x thumb
Hi Andrew,

- Have you enable ipforwarding on all vlans?
- Could you please share the output of

a. rtlookup <destination ip address>
b. show vlan
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Andrew,

As Ajo pointed out, please check for the ipforwarding if it is enabled or not.

Below article might help you.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-enable-inter-VLAN-routing-in-EXOS

Also, from the firewall, make sure that there is a return route to all the other VLAN destination IP address.

Hope this helps!
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Also, make sure return traffic is allowed to your internal network.
Photo of Andrew S.

Andrew S.

  • 210 Points 100 badge 2x thumb
Hi all,

So on the switch where my client is attached, when I add

configure vlan Client ipaddress 10.10.0.6 255.255.255.0
enable ipforwarding vlan Client

From that switch, I can ping the client, however from other switches including core I cannot ping the client or the VLAN IP.


Per Ajo's request here is the output of the commands.

* Extreme-A-4.20 # rtlookup 10.10.0.1Ori  Destination        Gateway         Mtr  Flags        VLAN       Duration
#d   10.10.0.0/24       10.10.0.6       1    U------um--f Data       0d:0h:19m:1                                         3s



* Extreme-A-4.21 # show vlan---------------------------------------------------------------------------------------
Name            VID  Protocol Addr        Flags                Proto  Ports  Virtual
                                                                      Active router
                                                                      /Total
---------------------------------------------------------------------------------------
Data            3    10.10.0.6      /24  ----------------------- ANY    2 /50  VR-Default
Default         1    --------------------D---------------------- ANY    0 /0   VR-Default
Mgmt            4095 ------------------------------------------- ANY    0 /1   VR-Mgmt
Mgmt99          99   10.10.99.6     /24  ----------------------- ANY    1 /1   VR-Default
Voice           2    ------------------------------------------- ANY    0 /0   VR-Default
---------------------------------------------------------------------------------------

Total number of VLAN(s) : 5
Photo of Andrew S.

Andrew S.

  • 210 Points 100 badge 2x thumb
Ok, so I setup 3 of my other switches with an IP for that Data VLAN (Clients) and those are all working. I took a look at the other two that are not working and the VLAN details are different. 

Here is the working switch:

Extreme-A-1.15 # show vlan detailVLAN Interface with name Data created by user
        Admin State:    Enabled         Tagging:        802.1Q Tag 3
        Virtual router: VR-Default
        Primary IP    : 10.10.0.3/24
        IPv6:           None
        STPD:           None
        Protocol:       Match all unfiltered protocols
        Loopback:       Disabled
        NetLogin:       Disabled
        QosProfile:     None configured
        Egress Rate Limit Designated Port: None configured
        Flood Rate Limit QosProfile:       None configured
        Ports:   49.      (Number of active ports=1)
           Untag:       4,      5,      6,      7,      8,      9,     10,
                       11,     12,     13,     14,     15,     16,     17,
                       18,     19,     20,     21,     22,     23,     24,
                       25,     26,     27,     28,     29,     30,     31,
                       32,     33,     34,     35,     36,     37,     38,
                       39,     40,     41,     42,     43,     44,     45,
                       46,     47,     49,     50
           Tag:         2,      3,*48(Trunk_to_Core)





This is the non-working switch:


Extreme-A-4.6 # show vlan detailVLAN Interface with name Data created by user
        Admin State:    Enabled         Tagging:        802.1Q Tag 3
        Virtual router: VR-Default
        Primary IP    : 10.10.0.6/24
        IPv6:           None
        STPD:           None
        Protocol:       Match all unfiltered protocols
        Loopback:       Disabled
        NetLogin:       Disabled
        QosProfile:     None configured
        Egress Rate Limit Designated Port: None configured
        Flood Rate Limit QosProfile:       None configured
        Ports:   50.      (Number of active ports=2)
           Untag:      *1,      2,      3,      4,      5,      6,      7,
                        8,      9,     10,     11,     12,     13,     14,
                       15,     16,     17,     18,     19,     20,     21,
                       22,     23,     24,     25,     26,     27,     28,
                       29,     30,     31,     32,     33,     34,     35,
                       36,     37,     38,     39,     40,     41,     42,
                       43,     44,     45,     46,     47,     49,     50
           Tag:       *48(Trunk_to_Core)



It appears they are both trunks on port 48 but they look different and I'm not figuring that out yet.
Photo of Andrew S.

Andrew S.

  • 210 Points 100 badge 2x thumb
I figured out the issue. Very simple and I feel dumb for not seeing this immediately. On the core switch, the trunk ports to my access switches were not tagged, they were untagged for the Data (client) vlan. All is working now. Thanks for the assistance with the ipaddress and forwarding. That helped.

Andrew
Photo of Drew C.

Drew C., Community Manager

  • 39,134 Points 20k badge 2x thumb
Glad you got it working.  Thanks for coming back and letting us know.
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Second that and awesome profile image Andrew.  I like it.

Welcome to the Hub.  Really glad you joined us.