VLAN across a MatrixN7 and a B-Series B5

  • 0
  • 1
  • Problem
  • Updated 4 years ago
Hello,

i recently inherited a small network composed entirely of enterasys gear.

I have been reading the many helpful posts in this forum, including the faq on the matrix n-series on how to create a 802.1q trunk, but still im struggling and im not one to give up but i decided to reach out for help.

Basically i have this setup with 2 remote locations:

- Site A with the matrix n7
- Site B with the B5
- Trying to setup a new vlan in the N7 and having it forward the new VLan across the trunk to the B5...simple eh...well, not for me :(

The moment i create a new vlan and tag that vlan to the port, i lose connectivity between the 2 switches.

- In matrix n7 i have this:

set vlan create 2-11,99
set vlan name 2 Oficinas
set vlan name 3 Maq_Cafe
set vlan name 4 DataCenter
set vlan name 5 Piso1
set vlan name 6 Piso2
set vlan name 7 VilaConde
set vlan name 8 vlan8
set vlan name 9 consulta_externa
set vlan name 10 ILOS
set vlan name 11 vc2
set vlan name 99 outside
clear vlan egress 1 host.0.1;ge.1.23,25-48,52,54;rtr.1.1;ge.2.23-48,52;ge.3.37-48
set vlan egress 1 lag.0.1-48;ge.1.1-22,24,49-51,53;ge.2.1-22,49-51,53-54;ge.3.1-36,49-54 untagged
set vlan egress 2 lag.0.1-3;ge.1.49-53;ge.2.49-54 tagged
set vlan egress 2 ge.1.54 untagged
set vlan egress 3 lag.0.1-3;ge.1.49-54;ge.2.49-54 tagged
set vlan egress 4 lag.0.1-4;ge.1.49-54;ge.2.49-54;ge.3.1-2 tagged
set vlan egress 4 ge.1.25-48;ge.2.23,25-48;ge.3.37-48 untagged
set vlan egress 5 lag.0.1-3;ge.1.49-51,53-54;ge.2.49-54 tagged
set vlan egress 5 ge.1.52 untagged
set vlan egress 6 lag.0.1-3;ge.1.49-54;ge.2.49-51,53-54 tagged
set vlan egress 6 ge.2.52 untagged
set vlan egress 7 ge.2.24 untagged
set vlan egress 8 lag.0.5;ge.1.53;ge.2.53 tagged
set vlan egress 9 ge.3.49-50 tagged
set vlan egress 10 lag.0.1-5;ge.1.47-54;ge.2.24,49-54;ge.3.1-2 tagged
set vlan egress 10 host.0.1;ge.1.23 untagged
set vlan egress 11 ge.2.24 tagged
set vlan interface 9 create

- In the B5 i  have this:

set vlan create 7
set vlan create 10
set vlan create 11
set vlan name 11 vc2
clear vlan egress 1 ge.1.7
set vlan egress 10 ge.1.1;ge.1.41-48;lag.0.1-6 tagged
set vlan egress 11 ge.1.43;ge.1.45 tagged
set vlan egress 11 ge.1.7 untagged

In bold is the port assigned vlan that its used for the trunking between the 2 switches, but i see them as untagged at port ge.2.24 in the N7 side and as tagged at port ge.1.43 in the B5 side.

What im trying to do is to tag same vlan 7 at both ends of the trunks on respective ports and configure a new vlan to span across the trunk, but the minute i add set vlan egress 7 ge.1.43 tagged to the B5 side, and tag the ge.2.24 at vlan 7 in the N7 side, i lose everything.

I really hope anyone can help me with this, and explain to me what am i not seing with the concept used by extreme networks, as i will be needing this to manage this network and im really depending on it.

Sorry for the long text .

Thank you.

António.


Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,740 Points 2k badge 2x thumb
Antonio,

Try running the command 'show port egress ge.2.24' on the N7 and 'show port egress ge.1.43' on the B5. Those commands should give you a good idea about what's tagged and what's not tagged. That command does require the port link state is up though.

Right now it looks like the following is true for the N7:
ge.2.24 is:
Untagged - VLAN 7
Tagged - VLAN 10,11

B5:
ge.1.43 is:
Tagged - VLAN 10,11

Check to see if the show port egress shows the same information. That will help determine what is going on. Also, what vlan is the management of the B5 on? You can find this out by typing 'show host vlan'.

-Tyler
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
Hi Tyler,

thank you for your quick reply. Unfortunately i have been away for personal reasons, but im returning to this subject as it is important for me to get it fixed.

I dont have acess to the SW at the moment, but i do know that the management vlan for the B5 is Vlan1.

As soon as i can i get the info you requested. If you can find just by looking at the config what is wrong, it would be great.

Thank you again..

António.
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
Hello Tyler,

the info you requested on the N7:

Matrix N7 Platinum(su)->show port egress ge.2.24
ge.2.24       1      untagged              static
ge.2.24       7      untagged              static
ge.2.24      10      tagged                static
ge.2.24      11      tagged                static

VLAN Config

Matrix N7 Platinum(su)->show vlan

 VLAN: 1         NAME: Servers                   Status: Enabled
 VLAN Type: Permanent    FID: 1
 Creation Time: 0 days 0 hours 0 minutes 0 seconds ago
 Egress Ports
lag.0.2,4-5;ge.1.3-4,9,13-15,17-22,24,49,51;rtr.1.1;ge.2.1,3-7,9-22,24,50;ge.3.3-6,8-10,16,18-27,49-50
 Forbidden Egress Ports
None.
 Untagged Ports
lag.0.2,4-5;ge.1.3-4,9,13-15,17-22,24,49,51;ge.2.1,3-7,9-22,24,50;ge.3.3-6,8-10,16,18-27,49-50

 
 VLAN: 7         NAME: VilaConde                         Status: Enabled
 VLAN Type: Permanent    FID: 7
 Creation Time: 0 days 0 hours 0 minutes 0 seconds ago
 Egress Ports
rtr.1.1;ge.2.24
 Forbidden Egress Ports
None.
 Untagged Ports
ge.2.24

 
 VLAN: 10        NAME: ILOS                      Status: Enabled
 VLAN Type: Permanent    FID: 10
 Creation Time: 0 days 0 hours 0 minutes 0 seconds ago
 Egress Ports
lag.0.2,4-5;host.0.1;ge.1.23,47-49,51,54;rtr.1.1;ge.2.24,50,52
 Forbidden Egress Ports
None.
 Untagged Ports
host.0.1;ge.1.23

 VLAN: 11        NAME: vc2                       Status: Enabled
 VLAN Type: Permanent    FID: 11
 Creation Time: 80 days 12 hours 29 minutes 51 seconds ago
 Egress Ports
rtr.1.1;ge.2.24
 Forbidden Egress Ports
None.
 Untagged Ports
None.

 Ill get the B5 info as soon as i can.
Thanks again.

Edit: removed excess info to make post easier to read
(Edited)
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
While doing my daily, painful by now i must say, visit to this small EN network, i have noticed a protocol activated in the N7 side: GVRP.

Read an article in this community about that protocol, and would be very happy if anyone could take the time to tell me if the issue im having with VLAN creation can be related to this protocol.

Thank you.
António.
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
Heres the info on the sh port egress

 

Matrix N7 Platinum(su)->show port egress ge.2.24

ge.2.24       1      untagged              static

ge.2.24       7      untagged              static

ge.2.24      10      tagged                static

ge.2.24      11      tagged                static


C3(su)->show port egress ge.1.43

 Port       Vlan      Egress          Registration

  Number      Id        Status            Status

    ------------------------------------------------------------

ge.1.43     1         untagged        static

ge.1.43     7         tagged          static

ge.1.43     10        tagged          static

ge.1.43     11        tagged          static


Host Vlan is 1

Spantree mode is mstp

GVRP is running in the N7 side.

Thank you for your help.
Photo of JAMES WIEDEL

JAMES WIEDEL

  • 780 Points 500 badge 2x thumb
Looking at your configuration for ge.2.24,  you have two untagged VLANs on that port.   This is in general a bad idea.   The issue is this:  both VLANs will send traffic out the port fine.   The real problem is when untagged data comes IN the port;  which VLAN does it go to?  (That is a mystery).
You should always have tagged VLANs on your trunk ports except for one (1) default VLAN.

That being said, it is very easy build these (assuming the VLAN is already created):
"set vlan egress ge.2.24 22 tag"   will add VLAN 22 as a tagged VLAN on port ge.2.24
Do the same command with appropriate ports and you are done.
You can leave the default VLAN set to 1, as long as there is only one untagged VLAN.

As for GVRP....   well, we turn it off by default.   We have found it creates more trouble than it is worth at times.   The idea is great, how it is actually implemented is not.   It tears down VLANs before rebuilding them.  If you have your management on a VLAN other that VLAN 1, when the VLANs are torn down, you loose contact between the switches.   You would then have to make a trip out to the switches to reprogram them via the command console.

    James
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
Lets look at it this way

Switch A going to switch B
If all tagged (set vlan egress) then all should be well but note:
if 2 or more ports are in a lag then I suggest
a. placing all ports in the set vlan egress command
b. run the command
   Stack set vlan egress vlan X lag.0.1-6 tagged   (6 is the max)
   N7     set vlan egress vlan X lag.0.1-62 tagged (I think it goes to a higher vlan  but it depends on code

The one thing to note:
1. Are all of the VLAN's you want on the link(Lag or singleport) on the vlan egress tagged
BTW
Stacks allow a command
show vlan portinfo port (port#)
The later N codes (I believe) support this command

now Test via pings
Jason
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
You have been great guys. Thank you for all the helpful posts. I will get back to you soon.
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
After reading some docs about GVRP, i have one doubt: can i disable GVRP globally or i need to disable it by port, and doing so can i do it without breaking existing VLANs?

TY again.
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
Hello,

i got my problem solved. Managed to understand how things work and heres my input:

- In the B5/C3 side,

Set vlan egress 7 ge.1.1-48 untagged
Set port vlan ge.1.1-48 7 modify-egress
Set vlan egress 1 ge.1.43 tagged
Set host vlan 7

 - In the N7 side

Set gvrp disable
Set vlan egress 1 ge.2.24 tagged


Thank you all very much for all the input.

Now, to boldly go where i never went before...

To create a trunk between this same C3 stack (former B5) and a trio of Enterasys Vertical Horizon VH2402S and spam those same VLANS :)

But thats for another post hehe
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
To respond to this comment

After reading some docs about GVRP, i have one doubt: can i disable GVRP globally or i need to disable it by port, and doing so can i do it without breaking existing VLANs?

Here are the best steps to take on this issue 
  • Disable GVRP (Global before disabling the ports (Set gvrp disable)
  • Disable GVRP at the port which eliminates advertises the ports vlans as well as the switches VLAN’s to each other and including other switches) “set GVRP disable *.*.*”
  • Enable GVRP Globally “set gvrp enable” this allows the switches to share information about VLAN’s between switches. The ports should never advertise their information
Disable on all ports unless you need to share the details such as running the command
set vlan dynamicegress 188 enable

set gvrp enable x.x.x (uplink port to start)
This allows mobility of a client/phone/etc
Photo of AJP

AJP

  • 208 Points 100 badge 2x thumb
Thank you very much Jason.

Worked like a charm.

Suddenly all the issues i was having with vlan advertisement went away, and with minor impact to the network while i was doing the changes.

Thank you.
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
Glad to help
Take care
Jason