Header Only - DO NOT REMOVE - Extreme Networks

c3g124-48 configuration intervlan routing and access policy and hyper-v integration


Hello, I'm new in configuring C3g124-48
I have a switch from you and it has the firmware in its last version, however I have some difficulties in the configuration shown below:
What I intend to create:
VLAN ID

ID NAME IP (/24) Gtw

1 Cliente 10.1.0.1

10 Administração 10.1.1.1

20 Tecnica 10.1.2.1

30 Servidores 10.1.3.1

40 Voip 10.1.4.1

50 Cameras 10.1.5.1

60 Testes 10.1.6.1

70 Public 10.1.7.1

Rules of Access:

Inter Vlan Access
ID 1 10 20 30 40 50 60 70

1 X - - X - - - -

10 X X X X X X X -

20 X - X X X X X X

30 X X X X X X X -

40 - - - X - X - -

50 - X - X - X - -

60 X - X X - - - X

70 X - - - - - - X


Vlan 30 - LACP configured on ports 44 - 48 Ports

Swicth Data:
IP Layer Vlan Default: 10.1.0.254/24
Each of the VLANs the switch would be the default gateway and the static routing between the gateway, switch and vlans.
Configuring access rules to filter traffic as shown above.

This configuration below do not know if it would be possible to create in this swicth:

Dynamic VLAN configured on port 42-43, where the Hyper-V Mac Source is: 0A: F1: 04: xx: xx: xx and will receive virtual machines with dynamic routing that only have access to them and to the router's ip, in addition to Access to the gateway IP, in case 10.1.0.1/24
Each VM Created with this MAC start belongs to a VLAN that can not access any of the other VLANs, only Gateway access.
Can you tell me if it would be possible to create this scenario on your Switch? If you can not create this whole scenario, how far can I go with your switch and which product of yours could satisfy the requirements for a network with this complexity.
Att,

Bruno D'Anna

9 replies

this is my config file:

# Firmware Revision: 06.61.16.0002#ip
set ip address 10.1.0.254 mask 255.255.255.0 gateway 10.1.0.1
set switch member 1 11
#vlan
set vlan create 10
set vlan create 20
set vlan create 30
set vlan create 40
set vlan create 50
set vlan create 60
set vlan create 70
set vlan name 10 "adm"
set vlan name 20 "tecnica"
set vlan name 30 "Servidores"
set vlan name 40 "Voip"
set vlan name 50 "camera"
set vlan name 60 "testes"
set vlan name 70 "publica"
clear vlan egress 1 ge.1.16
set vlan egress 10 ge.1.16 tagged
set vlan egress 20 ge.1.16 untagged
set vlan dynamicegress 20 enable
set vlan association subnet 10.1.2.0 255.255.255.0 20
!

#Router Configuration
router
enable
configure
ip igmp
interface vlan 10
ip address 10.1.1.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 20
ip address 10.1.2.1 255.255.255.0
ip rip enable
no shutdown
exit
interface vlan 30
ip address 10.1.3.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 40
ip address 10.1.4.1 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 10.1.5.1 255.255.255.0
no shutdown
exit
interface vlan 60
ip address 10.1.6.1 255.255.255.0
no shutdown
exit
router rip
distance 30
exit
exit
exit
exit
!
#dhcp
!
set dhcp enable
set dhcp bootp enable
!
#lacp
set lacp static lag.0.1
set lacp aadminkey lag.0.1 1
!
#port
set port lacp port ge.1.40 aadminkey 1
set port lacp port ge.1.41 aadminkey 1
set port lacp port ge.1.42 aadminkey 1
set port lacp port ge.1.43 aadminkey 1
set port lacp port ge.1.44 aadminkey 1
set port lacp port ge.1.45 aadminkey 1
set port lacp port ge.1.46 aadminkey 1
set port lacp port ge.1.47 aadminkey 1
set port lacp port ge.1.48 aadminkey 1
set port lacp port ge.1.40 disable
set port lacp port ge.1.41 disable
set port lacp port ge.1.42 disable
set port lacp port ge.1.43 disable
set port lacp port ge.1.45 disable
set port lacp port ge.1.46 disable
set port lacp port ge.1.47 disable
set port lacp port ge.1.48 disable
set port vlan ge.1.16 20
!
#ssh
set ssh enabled
!
end
Userlevel 7
Hi Bruno,

it should be possible to implement your scenario using a C3. You could use ACLs to implement the access restrictions.

If you want the C3 to route in the same VLAN you want to use for management, you should not use the host IP interface at all, just use SVIs (Switched Virtual Interface, interface vlan X).

For an SVI to become active, the VLAN needs to have at least one port active. As long as an SVI is not active, the network will not show up as directly connected and you will not be able to ping the configured address.

Erik
Hello, Erick, the problem I'm facing at this point, if I notice in the configuration file, port 16 is mapped to vlan 20, but I can not turn on the switch routing with the command:#ip routing He accepts the command but it does not appear in the #show running-config I'm afraid I'm doing something wrong.[/code]
this is a resume of config used in Vlan 20, please help us to review the problem in this config file:

#set vlan create 20set vlan name 20 "tecnica"
#set vlan dynamicegress 20 enable --> dinamic association for hosts, but not use in this moment, only one test
#set vlan association subnet 10.1.2.0 255.255.255.0 20
#Router Configuration
#router
#enable
#configure
i#nterface vlan 20
#ip address 10.1.2.1 255.255.255.0
i#p rip enable
#no shutdown
#exit
#set port vlan ge.1.16 20

the command "#ip routing" do not show in the config file
Userlevel 7
Hi,

I think that "ip routing" is default on the C3, thus it does not show up in "show run." You could try something like "show config all router" in the switch mode of the CLI. A "no ip routing" might show up in the running configuration, if accepted.

Routing is easily testable, just connect two devices (e.g. PCs) to ports in different VLANs, configure SVIs for each VLAN, give the two test devices appropriate IP addresses and default gateways, and verify packet forwarding between the two devices. The switch will show the SVI's subnets as directly connected routes with "show ip route."

Without anything connected to the switch, the SVIs will be down (inactive), and no routes will show up in "show ip route."

Erik
Hello Friend,

I run several tests and Intervlan routing does not seem to be working

For the purpose of testing, I isolated a Swicth port and defined a static IP, along with a static VLAN, these command lines were used in the Switch:

#set ip address 10.1.0.254 mask 255.255.255.0 gateway 10.1.0.1

#set vlan create 20

#set vlan name 20 "tecnica"

#set vlan egress 20 ge.1.5 untagged

#clear vlan egress 1 ge.1.5

#set vlan association subnet 10.1.2.0 255.255.255.0 20

#router

#enable

#configure

I#nterface vlan 20

I#p address 10.1.2.1 255.255.255.0

#ip rip enable (no necessary)

#no shutdown

#exit

#set port vlan ge.1.5 20



#show ip route

Destination Gateway Flags Use If Metric

0.0.0.0/0 10.1.0.1 UG 1 host 5

10.1.0.0/24 10.1.0.254 UC 33 host 5

10.1.0.254 10.1.0.254 UH 0 lo0 5

10.1.2.0/24 10.1.0.254 UC 0 rt2 5

10.1.2.1 10.1.0.254 UH 0 lo0 5

#ping 10.1.2.1

10.1.2.1 is alive


On the computer connected to VLAN Default:

Ip: 10.1.0.4/24 gtw: 10.1.0.1

#route add 10.1.2.0 mask 255.255.255.0 10.1.0.254

#ping 10.1.2.1

(no response)

#tracert 10.1.2.1

(no trace to route)

Route Print

endereço de rede Máscara Ender. gateway Interface Custo

0.0.0.0 0.0.0.0 10.1.0.1 10.1.0.4 266

10.1.0.0 255.255.255.0 No vínculo 10.1.0.4 266

10.1.0.4 255.255.255.255 No vínculo 10.1.0.4 266

10.1.0.255 255.255.255.255 No vínculo 10.1.0.4 266

10.1.2.0 255.255.255.0 10.1.0.254 10.1.0.4 11




Config in the Computer Connected to the port 5 Vlan 20:

IP: 10.1.2.3/24 gtw: 10.1.2.1

#ping 10.1.2.1 (alive)

#Ping 10.1.0.254 (switch)

No response

#Ping 10.1.0.1 (router)

No response



Router Config: 10.1.0.1/24

#route add -net 10.1.2.0/24 gateway 10.1.0.254

#route

Destination Gateway Genmask Flags Metric Ref Use Iface

default 200-1-58-201. 0.0.0.0 UG 0 0 0 ppp1

1.1.1.0 * 255.255.255.0 U 0 0 0 eth1

10.1.0.0 * 255.255.255.0 U 0 0 0 br0

10.1.2.0 10.1.0.254 255.255.255.0 UG 0 0 0 br0

200-1-58-201. * 255.255.255.255 UH 0 0 0 ppp1

#ping 10.1.2.1 (no response)

But no response or track to VLAN 20
Userlevel 7
Hi,

the switch interface, configured with "set ip address", cannot be used for routing. You should probably remove that address from a console session with "clear ip address" and then add an SVI to VLAN 1. Otherwise the C3 cannot route from or to VLAN 1.

Erik
Understand, in this case the default Vlan will remain without IP address and routing is run on the other VLan ´ s.
So how do I set a default gateway to switch in Vlan 1 interface?
Userlevel 7
Hi Bruno,

I would not recommend to use both the switch's host IP interface (set ip address) and SVIs on the same switch. I would recommend to use only SVIs, including for VLAN 1 (if you really want to use VLAN 1 at all).

If you want to use an SVI for VLAN 1 use the following:
clear ip address router enable configure interface vlan 1 ip address 10.1.0.254 255.255.255.0 no shutdown exit ip route 0.0.0.0 0.0.0.0 10.1.0.1 exit exit exit[/code]Erik

Reply