Question

Enterasys C3 Linking Vlans

  • 5 December 2018
  • 11 replies
  • 362 views

Hello everyone.

First let me say, that i really like this community. It helped me a lot in configuring our Enterasys switches in my company. But now let me come to my problem.

We use a few 48 port poe swichtes in our AV Rental company. Its for connecting devices such as ethernet based intercom system and so on.

I configured the swichtes in 3 Vlans. Now i want to link the vlans between the switches. But i dont want to use a trunk port, i want to link them separately. It's because the Intercom uses full 1000 MBit if the max number of users is used.

I tried to link the two Vlans via sfp modules. The Sfp Ports are in the correct VLans. But whenever i connect more than one SFP Link between two switches the connection refuses and the devices cant talk to each other. I thought it could be something with a loopback. But the two SFP Port i connect to eacht other are in different Vlans. So there cant be a loop. or am i wrong?

I hope you can help me out with this. Just let me know, if you need additional information.

11 replies

Userlevel 5
Hello Janni,

At first I would like to ask you for 'show vlan portinfo' for those ports you try to link.
You can have vlan egress set to your tagged VLANs, but PVID (native VLAN) might be still the same and that's why a loop would occur.
Then, depending on what STP mode is there by default and whether it is enabled by default or not, you might experience port blocks.

Hope that helps,
Tomasz
Hey Tomasz,
This is what the console outputs after my Vlan config. Should be correct?!

VLAN: 1 NAME: DEFAULT VLAN
VLAN Type: Default
Egress Ports
lag.0.1-6
Forbidden Egress Ports
None.
Untagged ports
lag.0.1-6

VLAN: 100 NAME: vlan-one
VLAN Type: Permanent
Egress Ports
ge.1.1-16, ge.1.46
Forbidden Egress Ports
None.
Untagged ports
ge.1.1-16, ge.1.46

VLAN: 110 NAME: vlan-two
VLAN Type: Permanent
Egress Ports
ge.1.17-32, ge.1.47
Forbidden Egress Ports
None.
Untagged ports
ge.1.17-32, ge.1.47

VLAN: 120 NAME: vlan-three
VLAN Type: Permanent
Egress Ports
ge.1.33-45, ge.1.48
Forbidden Egress Ports
None.
Untagged ports
ge.1.33-45, ge.1.48

Regards,
Jan
Userlevel 5
Hi Jan,

How about:
'show vlan portinfo port ge.1.46-48'? Just wanna make sure from the display I'm more familiar with. It's been long time no see with EOS but I used to issue that command to see what is PVID (result of 'set port vlan ... modify-egress') and what are the egress VLANs (result of 'set vlan egress ... tagged/untagged') and over there it should be clear if PVID's the case.

Regards,
Tomasz
Userlevel 7
It would make more sense to configure a LAG in that case.
Hi Tomasz,

here it is:

C3(su)->show vlan portinfo port ge.1.46-48
Port VLAN Ingress Egress
Filter Vlan
-----------------------------------------------------------------
ge.1.46 100 N untagged: 100
ge.1.47 110 N untagged: 110
ge.1.48 120 N untagged: 120
i know that would be my next consideration. Use 2 ports as a VLAN Trunk with as a LAG. But i thought it should be possible with single Links....
Userlevel 7
Hi,

it is possible using different independent links, but this needs a specific STP configuration, because by default STP does not know about the different VLANs.

  1. You can use MSTP and create on instance per VLAN with dedicated link.
  2. You can disable STP on the inter switch link ports (this is dangerous!).
Using one LAG configured as a trunk for all relevant VLANs would be the easiest solution.

Thanks,
Erik
Hi Erik,
That was my first thought. But the spanguard is disabled by default for the whole switch. Or is this a different thing? Im sorry for being not that common with the whole thing about VLANs

Regards,
Jan
Userlevel 7
Hi,

spanguard is a different feature. Spanguard is intended to protect against unexpected BPDUs sent by switches that should not be connected to the port.

The problem with 3 individual links between two switches is that STP will block two of the three links. That is normal operation for spanning tree. In general, it is needed to avoid a layer 2 loop.

But in your case the links have different VLANs, thus they do not form a loop (unless there was a mistake). This is not known by STP or RSTP, not even MSTP without specific configuration. MSTP allows to create instances and assign VLANs to those instances. Inside one MSTP region (same configuration name, configuration revision number and hash of instance to VLAN mapping) different links can be used for different instances by appropriate configuration (you would probably need to adjust port costs per instance). All links should still carry all VLANs, the MSTP instances determine which of the available links is active for each instance. That is quite complex.

A dangerous solution is to disable STP for the port (set spantree portadmin disable). If you or someone else in the future makes a mistake during a configuration change, STP will not save the day, since it is disabled. Thus I can only advise not to do this.

Using an LAG allows all three links to be used simultaneously, instead of using only one of three (or more) individual links with STP blocking all others.

Thanks,
Erik
Hey Erik,

Thank you for your detailed answer. I will now try it with a LACP. As you all said, it should be the better way.

But there is still one thing, that makes me wonder. I tried to do the "wrong" way and disabled the STP on my "link" ports. But the problem still exists. A few seconds after i plug in the second link, the connection between the switches stop.

The most interestin thing is. That a power cycle won't solve the problem. I have to do a "clear config" and set up my vlans again. So is there another portection besides STP?

Best Regards,
Jan
Userlevel 7
Hi Janni,

if you have disabled STP on both sides of the inter-switch-links, it should not block those ports. Please ensure that you do not have additional STP features active on one side (e.g. loop protect).

But you may just created a loop and thus broke the network. :-(

Thanks,
Erik

Reply