Header Only - DO NOT REMOVE - Extreme Networks
Question

First Time Newbie Design Theroy - MLAG- 2 Cores - 2 Edge

  • 11 February 2019
  • 1 reply
  • 446 views

Hi All,

First time poster, I haven't had too much experience with Extreme in general tried to do as much research as possible, posting a theoretical setup that may be deployed, trying to iron out the issues before getting to the physical stage.

Any feedback appreciated. Thanks

10.55.1.1

X1 LAG X2
—————————-FIREWALL ————————

| |
| PORT#20 | PORT#20
| |
CORE-1 X870 (47-48) =============== (47-48) CORE-2 X870

G1(1/2) G3(3/4) G1(1/2) G3(3/4)
| | | |
| |___________________ |_________ _|______
| | | |
| _____________________| | |
| | | |
EDGE-1 X460-G2 (47-48) EDGE-2 X460-G2 (47-48)




Number of VLANS - 5

ISC - 4000
MANAGEMENT - 255
DATA-10 - 10
DATA-20 - 20
VOICE-250 - 250



***CONFIG ON CORE-1***

#configure default delete ports all
#create vlan MLAG-ISC tag 4000
#create vlan Management tag 255
#create vlan DATA-10 tag 10
#create vlan DATA-20 tag 20
#create vlan VOICE-250 tag 250

#enable sharing 47 grouping 47-48 lacp
#enable sharing 1 grouping 1-2 lacp
#enable sharing 3 grouping 3-4 lacp

#configure vlan MLAG-ISC add ports 47 tagged
#configure Management add ports 1,3,47 tagged
#configure data-10 add ports 1,3,47 tagged
#configure data-20 add ports 1,3,47 tagged
#configure VOICE-250 add ports 1,3,47 tagged

#config port 47 display-string ISC-LINK_to_CORE-2
#config port 1 display-string UPLINK_to_EDGE-1
#config port 2 display-string UPLINK_to_EDGE-2
#config port 20 display-string UPLINK_to_FIREWALL


#configure vlan iMLAG-ISC ipaddress 172.16.1.1/30
#configure vlan Management ipaddress 10.55.255.2/24
#configure vlan data-10 ipaddress 10.55.10.2/24
#configure vlan data-20 ipaddress 10.55.20.2/24
#configure vlan VOICE-250 ipaddress 10.55.250.2/24


#enable ipforwarding vlan Management
#enable ipforwarding vlan data-10
#enable ipforwarding vlan data-20
#enable ipforwarding vlan VOICE-250

#create mlag peer CORE-2
#configure mlag peer CORE-2 ipaddress 172.16.1.2 vr VR-Default
#configure mlag ports convergence-control fast
#config mlag peer CORE-2 lacp-mac auto
#enable mlag port 1 peer CORE-2 id 1
#enable mlag port 3 peer CORE-2 id 2


#create vrrp vlan management vrid 1
#configure vrrp management vrid 1 priority 200
#configure vrrp management vrid 1 add 10.55.255.1
#enable vrrp management vrid 1

#create vrrp vlan data-10 vrid 1
#configure vrrp data-10 vrid 1 priority 200
#configure vrrp data-10 vrid 1 add 10.55.10.1
#enable vrrp data-10 vrid 1

#create vrrp vlan data-20 vrid 1
#configure vrrp data-20 vrid 1 priority 200
#configure vrrp data-20 vrid 1 add 10.55.20.1
#enable vrrp data-20 vrid 1

#create vrrp vlan servers vrid 1
#configure vrrp servers vrid 1 priority 200
#configure vrrp servers vrid 1 add 10.55.250.1
#enable vrrp servers vrid 1

ip route add default 0.0.0.0/0 10.55.1.1


**CONFIG ON CORE-2***

#configure default delete ports all
#create vlan MLAG-ISC tag 4000
#create vlan Management tag 255
#create vlan DATA-10 tag 10
#create vlan DATA-20 tag 20
#create vlan VOICE-250 tag 250

#enable sharing 47 grouping 47-48 lacp
#enable sharing 1 grouping 1-2 lacp
#enable sharing 3 grouping 3-4 lacp

#configure vlan MLAG-ISC add ports 47 tagged
#configure vlan Management add ports 1,3,47 tagged
#configure vlan data-10 add ports 1,3,47 tagged
#configure vlan data-20 add ports 1,3,47 tagged
#configure vlan VOICE-250 add ports 1,3,47 tagged


#config port 49 display-string ISC-LINK_to_CORE-1
#config port 1 display-string UPLINK_to_EDGE-1
#config port 2 display-string UPLINK_to_EDGE-2
#config port 20 display-string UPLINK_to_FIREWALL


#configure vlan MLAG-ISC ipaddress 172.16.1.2/30
#config Management ipaddress 10.55.255.3/24
#config data-10 ipaddress 10.55.10.3/24
#config data-20 ipaddress 10.55.20.3/24
#config VOICE-250 ipaddress 10.55.250.3/24

#enable ipforwarding vlan MANAGE
#enable ipforwarding vlan data-10
#enable ipforwarding vlan data-20
#enable ipforwarding vlan VOICE-250


#create mlag peer CORE-1
#configure mlag peer CORE-1 ipaddress 172.16.1.1 vr VR-Default
#conf mlag peer CORE-1 lacp-mac auto
#configure mlag ports convergence-control fast

#enable mlag port 1 peer CORE-1 id 1
#enable mlag port 3 peer CORE-1 id 2


#create vrrp vlan Management vrid 1
#configure vrrp Management vrid 1 priority 100
#config vrrp Management vrid 1 add 10.55.255.1
#enable vrrp Management vrid 1

#create vrrp vlan data-10 vrid 1
#configure vrrp data-10 vrid 1 priority 100
#config vrrp data-10 vrid 1 add 10.55.10.1
#enable vrrp data-10 vrid 1

#create vrrp vlan data-20 vrid 1
#configure vrrp data-20 vrid 1 priority 100
#config vrrp data-20 vrid 1 add 10.55.20.1
#enable vrrp data-20 vrid 1

#create vrrp vlan VOICE-250 vrid 1
#configure vrrp VOICE-250 vrid 1 priority 100
#config vrrp VOICE-250 vrid 1 add 10.55.250.1
#enable vrrp VOICE-250 vrid 1

#ip route add default 0.0.0.0/0 10.55.1.1



***VERIFY MLAG***
#show mlag peer
#show mlag ports
#sh sharing
#sh vrrp

#save


EDGE SWITCHES:


***EDGE-1***

#configure default delete ports all
#create vlan Management tag 255
#create vlan DATA-10 tag 10
#create vlan DATA-20 tag 20
#create vlan VOICE-250 tag 250


#configure vlan Management ipaddress 10.55.255.11/24
#enable sharing 47 grouping 47-48 lacp

#configure vlan Management add ports 47 tagged
#configure vlan DATA-10 add ports 47 tagged
#configure vlan DATA-20 add ports 47 tagged
#configure vlan DATA-10 add ports 1-16 untagged
#configure vlan DATA-20 add ports 17-32 untagged

#configure iproute add 10.55.255.0/24 10.55.255.1
#configure iproute add 10.55.10.0/24 10.55.10.1
#configure iproute add 10.55.20.0/24 10.55.20.1
#configure iproute add 10.55.250.0/24 10.55.250.1


**EDGE-2**
#configure default delete ports all
#create vlan Management tag 255
#create vlan DATA-10 tag 10
#create vlan DATA-20 tag 20
#create vlan VOICE-250 tag 250

#configure vlan Management ipaddress 10.55.255.12/24
#enable sharing 47 grouping 47-48 lacp

#configure vlan Management add ports 47 tagged
#configure vlan DATA-10 add ports 47 tagged
#configure vlan DATA-20 add ports 47 tagged
#configure vlan VOICE-250 add ports 47 tagged

#configure vlan DATA-10 add ports 1 -16 untagged
#configure vlan DATA-20 add ports 17-32 untagged

#configure iproute add 10.55.255.0/24 10.55.255.1 (this would be the virtual IP address for the vlan?)
#configure iproute add 10.55.10.0/24 10.55.10.1
#configure iproute add 10.55.20.0/24 10.55.20.1
#configure iproute add 10.55.250.0/24 10.55.250.1

#show ip route
#show running-config routes
#save


Questions

1.On either Edge switch, if i wanted a specific port for example port #1 to be available to either DATA-10 or DATA-20 IP’s, would I add the
the port to vlan DATA-10 untagged and DATA-20 tagged or both tagged?

2.The uplink to the firewall from both cores has a single connection from port 20 on core#1 and core#2 (this is where i get confused)
Do I need to add:

Core#1
#enable mlag port 20 peer CORE-2 id 20

Core#2
#enable mlag port 20 peer CORE-1 id 20

How would this be configured on the firewall side as just a LAG on X1/X2?

Additionally do i need to add all vlans to port 20 on both cores? or does the default route (ip route add default 0.0.0.0/0 10.55.1.1) take care of all the traffic to this ip?


3.If I wanted to add a “non “extreme switch with a single port connection to say port 21 on both core switches with just 1 vlan DATA-10,
would this be set up the same way as how i think the firewall has to be setup?
Ie:

CORE#1
#enable mlag port 21 peer CORE-2 id 21
#config port 21 display-string UPLINK_to_NEW_SWITCH
#configure data-10 add ports 21 tagged


CORE#2
#enable mlag port 21 peer CORE-1 id 21
#config port 21 display-string UPLINK_to_NEW_SWITCH
#configure data-10 add ports 21 tagged


NEW SWITCH (SOMETHING LIKE THIS)

#create vlan Management tag 255
#create vlan DATA-10 tag 10
#configure vlan Management ipaddress 10.55.255.13/24
#enable sharing 47 grouping 47-48 lacp

#configure iproute add 10.55.10.0/24 10.55.10.1
#configure iproute add 10.55.255.0/24 10.55.255.1



Thanks!!!

1 reply

Userlevel 7
Answers to your questions:

  1. Tagging just needs to be consistent on both sides of the link. In general all VLANs can be tagged on uplink ports. An example where you would use untagged and tagged would be on an edge port when you are tethering a computer through a phone (Phones can send tagged traffic where computers typically can't).
  2. You would only enable mlag on port 2 if you are going to lag the two ports on the firewall. This would be ideal and provide the best L2 redundancy. As far as the traffic flow goes this depends on the setup. Looks like you plan on using the MLAG peers as the default gateways for your VLANs. You could make a /29 on the switch and point to the firewall as your default route. This would require the firewall to have all the routes back to the subnets you create don the mlag peers. In this case you would only need to add the /29 VLAN to port 20 and the ISC. All vlans added to MLAG ports need ot be added to the ISC.
  3. Yes. You would follow the same configuration on any device that can be configured with a LAG. The downstream client device is none the wiser it is sending traffic to two different switches. So a lag on the non-extreme switch and enable mlag on ports on each peer.

Reply