Question

Communication between 2 Vlans


I am trying to get our wireless network communicating with a specific Vlan. So our wireless network is setup with a vlan as well. I have ipforwarding enabled for both vlans. What am I missing?

Just a little more information: If I am connected to the network via wired connection, I can ping a device on our 114 vlan. If I am connected to the network via wireless (118 vlan), then I cannot ping that same device.

16 replies

Userlevel 7
Hello Beth,

Could you give us a little more detail on the products you are working with?

Thanks,

Doug
Our Core switch is stacked Summit X460G2 and the edge switches are Summit X440's.
Our wireless controllers are Cisco 5508's
Beth,

I would look at what information you have for subnet/routing at both the wireless controllers and on the wireless clients (DHCP config?).

Can you plug your laptop/device into a wired port on vlan 118, manually configure an ip/subnet/gateway that matches what the wireless clients should have and ping your VLAN 114 device?
Our wireless is configured for DHCP on both controllers and clients. On the Extreme side we do not have any ports that are configured just for the 118 Vlan.

It is strange because if on what we call our Finishing side, which has its own edge switch, we cannot ping the 114 vlan from wireless. However, if we are standing in certain areas on our Extrusion side, there are some areas that the wireless communication to the 114 vlan works and areas that don't.

When our main core was yet Cisco, everything worked as it should, even after we swapped out all Cisco edge switches with the edge Extreme. Now that we moved our main core over to Extreme, it does not. I am assuming it is configuration on the Extreme core but not sure what is missing.

I do not believe that it is configuration with the access points or the controllers.

Thoughts?

Thanks, Beth
Can you post the results of show vlan and show iproute from the core and the edge switches? You can sanitize the IPs as long as it's easy to tell the different subnets apart still and the logic stays accurate.
Here is the core:

telnet session telnet0 on /dev/ptyb0

login: admin
password:

ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================

Press the or '?' key at any time for completions.
Remember to save your configuration changes.

Slot-1 Main-96.1 # show vlan
-----------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
-----------------------------------------------------------------------------------------------
Default 1 --------------------------------T---------------- ANY 0 /8 VR-Default
Mgmt 4095 ------------------------------------------------- ANY 0 /1 VR-Mgmt
v100 100 10.128.100.1 /24 -f--------------------------- ANY 33/79 VR-Default
v101 101 10.128.101.1 /24 -f--------------------------- ANY 12/14 VR-Default
v102 102 10.128.102.1 /24 -f--------------------------- ANY 12/15 VR-Default
v103 103 10.128.103.1 /24 -f--------------------------- ANY 12/14 VR-Default
v104 104 10.128.104.1 /24 -f--------------------------- ANY 12/14 VR-Default
v105 105 10.128.105.1 /24 -f--------------------------- ANY 16/19 VR-Default
v106 106 10.128.106.1 /24 -f--------------------------- ANY 12/14 VR-Default
v107 107 10.128.107.1 /24 -f--------------------------- ANY 12/14 VR-Default
v108 108 10.128.108.1 /24 -f--------------------------- ANY 12/14 VR-Default
v109 109 10.128.109.1 /24 -f--------------------------- ANY 12/14 VR-Default
v110 110 10.128.110.1 /24 -f--------------------------- ANY 12/14 VR-Default
v111 111 10.128.111.1 /24 -f--------------------------- ANY 13/15 VR-Default
v112 112 10.128.112.1 /24 -f--------------------------- ANY 12/14 VR-Default
v113 113 10.128.0.1 /22 -f--------------------------- ANY 12/14 VR-Default
v114 114 10.128.114.1 /23 -f--------------------------- ANY 12/15 VR-Default
v118 118 10.128.118.1 /24 -f--------------------------- ANY 12/14 VR-Default
v120 120 10.128.120.1 /24 -f--------------------------- ANY 13/15 VR-Default
v200 200 10.128.200.1 /24 -f--------------------------- ANY 3 /5 VR-Default
v211 211 10.128.211.1 /24 -f--------------------------- ANY 4 /8 VR-Default
v300 300 ------------------------------------------------- ANY 13/17 VR-Default
v50 50 10.128.8.1 /21 -f--------------------------- ANY 25/28 VR-Default
v600 600 ------------------------------------------------- ANY 14/20 VR-Default
v666 4069 192.168.1.1 /24 ----------------------------- ANY 0 /1 VR-Default
-----------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (h) TRILL Enabled, (i) ISIS Enabled,
(I) Inter-Switch Connection VLAN for MLAG, (k) PTP Configured,
(l) MPLS Enabled, (L) Loopback Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled,
(p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled,
(R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN,
(t) Translation VLAN or Network VLAN, (T) Member of STP Domain,
(v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled, (Z) OpenFlow Enabled

Total number of VLAN(s) : 25
Slot-1 Main-96.2 # show iproute
Ori Destination Gateway Mtr Flags VLAN Duration
#s Default Route 10.128.211.11 1 UG---S-um--f- v211 37d:18h:12m:3s
#d 10.128.0.0/22 10.128.0.1 1 U------um--f- v113 37d:18h:12m:8s
#d 10.128.8.0/21 10.128.8.1 1 U------um--f- v50 37d:18h:12m:8s
#d 10.128.100.0/24 10.128.100.1 1 U------um--f- v100 37d:18h:12m:8s
#d 10.128.101.0/24 10.128.101.1 1 U------um--f- v101 37d:18h:12m:8s
#d 10.128.102.0/24 10.128.102.1 1 U------um--f- v102 37d:18h:12m:8s
#d 10.128.103.0/24 10.128.103.1 1 U------um--f- v103 37d:18h:12m:8s
#d 10.128.104.0/24 10.128.104.1 1 U------um--f- v104 37d:18h:12m:8s
#d 10.128.105.0/24 10.128.105.1 1 U------um--f- v105 37d:18h:12m:8s
#d 10.128.106.0/24 10.128.106.1 1 U------um--f- v106 37d:18h:12m:8s
#d 10.128.107.0/24 10.128.107.1 1 U------um--f- v107 37d:18h:12m:8s
#d 10.128.108.0/24 10.128.108.1 1 U------um--f- v108 37d:18h:12m:8s
#d 10.128.109.0/24 10.128.109.1 1 U------um--f- v109 37d:18h:12m:8s
#d 10.128.110.0/24 10.128.110.1 1 U------um--f- v110 37d:18h:12m:8s
#d 10.128.111.0/24 10.128.111.1 1 U------um--f- v111 37d:18h:12m:8s
#d 10.128.112.0/24 10.128.112.1 1 U------um--f- v112 37d:18h:12m:8s
#d 10.128.114.0/23 10.128.114.1 1 U------um--f- v114 37d:18h:12m:8s
#d 10.128.118.0/24 10.128.118.1 1 U------um--f- v118 5d:19h:18m:25s
#d 10.128.120.0/24 10.128.120.1 1 U------um--f- v120 37d:18h:12m:8s
#d 10.128.200.0/24 10.128.200.1 1 U------um--f- v200 28d:21h:35m:13s
#d 10.128.211.0/24 10.128.211.1 1 U------um--f- v211 37d:18h:12m:8s
d 192.168.1.0/24 192.168.1.1 1 -------um---- v666 37d:18h:12m:8s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP,
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext,
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2,
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp,
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2,
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM,
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown,
(*) Preferred unicast route (@) Preferred multicast route,
(#) Preferred unicast and multicast route.

Flags: (b) BFD protection requested, (B) BlackHole, (c) Compressed, (D) Dynamic,
(f) Provided to FIB, (G) Gateway, (H) Host Route, (l) Calculated LDP LSP,
(L) Matching LDP LSP, (m) Multicast, (p) BFD protection active, (P) LPM-routing,
(R) Modified, (s) Static LSP, (S) Static, (t) Calculated RSVP-TE LSP,
(T) Matching RSVP-TE LSP, (u) Unicast, (U) Up, (3) L3VPN Route.

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
1 default routes 1 routes at length 21
1 routes at length 22 1 routes at length 23
18 routes at length 24

Route Origin distribution:
21 routes from Direct 1 routes from Static

Total number of routes = 22
Total number of compressed routes = 0

Slot-1 Main-96.3 #
Here is our Finishing switch that we cannot ping the 114 vlan from the wireless vlan 118:

telnet session telnet0 on /dev/ptyb0

login: admin
password:

ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================

Press the or '?' key at any time for completions.
Remember to save your configuration changes.

Finishing-48.1 # show vlan
-----------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
-----------------------------------------------------------------------------------------------
Default 1 ------------------------------------------------- ANY 0 /0 VR-Default
Mgmt 4095 ------------------------------------------------- ANY 0 /1 VR-Mgmt
v105 105 10.128.105.14 /24 ----------------------------- ANY 4 /6 VR-Default
v112 112 ------------------------------------------------- ANY 17/32 VR-Default
v114 114 ------------------------------------------------- ANY 12/13 VR-Default
v115 115 ------------------------------------------------- ANY 11/11 VR-Default
v118 118 ------------------------------------------------- ANY 0 /0 VR-Default
v300 300 ------------------------------------------------- ANY 1 /2 VR-Default
v50 50 ------------------------------------------------- ANY 3 /5 VR-Default
-----------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (h) TRILL Enabled, (i) ISIS Enabled,
(I) Inter-Switch Connection VLAN for MLAG, (k) PTP Configured,
(l) MPLS Enabled, (L) Loopback Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled,
(p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled,
(R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN,
(t) Translation VLAN or Network VLAN, (T) Member of STP Domain,
(v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled, (Z) OpenFlow Enabled

Total number of VLAN(s) : 9
Finishing-48.2 # show iproute
Ori Destination Gateway Mtr Flags VLAN Duration
#s Default Route 10.128.105.1 1 UG---S-um--f- v105 64d:8h:34m:6s
#d 10.128.105.0/24 10.128.105.14 1 U------um--f- v105 64d:8h:34m:7s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP,
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext,
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2,
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp,
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2,
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM,
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown,
(*) Preferred unicast route (@) Preferred multicast route,
(#) Preferred unicast and multicast route.

Flags: (b) BFD protection requested, (B) BlackHole, (c) Compressed, (D) Dynamic,
(f) Provided to FIB, (G) Gateway, (H) Host Route, (l) Calculated LDP LSP,
(L) Matching LDP LSP, (m) Multicast, (p) BFD protection active, (P) LPM-routing,
(R) Modified, (s) Static LSP, (S) Static, (t) Calculated RSVP-TE LSP,
(T) Matching RSVP-TE LSP, (u) Unicast, (U) Up, (3) L3VPN Route.

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
1 default routes 1 routes at length 24

Route Origin distribution:
1 routes from Direct 1 routes from Static

Total number of routes = 2
Total number of compressed routes = 0

Finishing-48.3 #
This edge switch has sporatic connections from the wireless to the 114 vlan:

telnet session telnet0 on /dev/ptyb0

login: admin
password:

ExtremeXOS
Copyright (C) 1996-2013 Extreme Networks. All rights reserved.
Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135; 7,448,045; 7,447,777; 7,453,874; 7,463,628; 7,483,370; 7,499,679; 7,502,374; 7,539,750; 7,522,516; 7,546,480; 7,552,275; 7,554,978; 7,558,273; 7,568,107; 7,577,996; 7,581,024; 7,580,409; 7,580,350; 7,584,262; 7,599,292; 7,602,721; 7,606,249; 7,606,240; 7,606,263; 7,613,209; 7,619,971; 7,646,773; 7,646,770; 7,649,879; 7,657,619; 7,657,635; 7,660,259; 7,660,894; 7,668,969; 7,672,228; 7,675,915; 7,689,678; 7,693,158; 7,710,993; 7,719,968; 7,724,734; 7,724,669; 7,733,899; 7,752,338; 7,773,507; 7,783,733; 7,792,058; 7,813,348; 7,814,204; 7,817,549; 7,817,633; 7,822,038; 7,822,032; 7,821,931; 7,823,199; 7,822,033; 7,835,348; 7,843,927; 7,856,019; 7,860,006; 7,889,750; 7,889,658; 7,894,451; 7,903,666; 7,908,431; 7,912,091; 7,936,764; 7,936,687; 7,944,942; 7,983,192; 7,990,850; 8,000,344; 8,055,800; 8,059,658; 8,072,887; 8,085,779; 8,107,383; 8,117,336; 8,117,657; 8,135,007; 8,139,583; 8,159,936; 8,160,074; 8,161,270; 8,174,980; 8,204,070; 8,208,418; 8,233,474; 8,255,996; 8,274,974; 8,279,874; 8,295,188.
==============================================================================

Press the or '?' key at any time for completions.
Remember to save your configuration changes.

Extrusion-48.1 # show vlan
---------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------------
Default 1 ------------------------------------------------ ANY 0 /0 VR-Default
Mgmt 4095 ------------------------------------------------ ANY 0 /1 VR-Mgmt
v105 105 10.128.105.9 /24 ---------------------------- ANY 4 /6 VR-Default
v106 106 ------------------------------------------------ ANY 10/23 VR-Default
v114 114 ------------------------------------------------ ANY 15/22 VR-Default
v118 118 ------------------------------------------------ ANY 0 /0 VR-Default
v200 200 ------------------------------------------------ ANY 1 /3 VR-Default
v300 300 ------------------------------------------------ ANY 1 /2 VR-Default
v50 50 ------------------------------------------------ ANY 3 /4 VR-Default
---------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for MLAG,
(k) PTP Configured, (l) MPLS Enabled, (L) Loopback Enabled,
(m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled,
(Z) OpenFlow Enabled

Total number of VLAN(s) : 9
Extrusion-48.2 # show iproute
Ori Destination Gateway Mtr Flags VLAN Duration
#s Default Route 10.128.105.1 1 UG---S-um--f- v105 91d:17h:50m:49s
#d 10.128.105.0/24 10.128.105.9 1 U------um--f- v105 64d:19h:18m:41s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route

Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic
(f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP
(l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing
(p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP
(T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
1 default routes 1 routes at length 24

Route Origin distribution:
1 routes from Direct 1 routes from Static

Total number of routes = 2
Total number of compressed routes = 0

Extrusion-48.3 #
Well, my initial thought was maybe there's an issue with routing traffic back to the wireless clients.

Now I'm just going to ramble ideas and we'll see what happens.
Are there any LAG groups in the path wireless clients are taking? Perhaps there's an issue with traffic getting lost in the LAG? (This is usually diagnosable by looking at source/destination details and seeing that traffic works when the hash is even vs odd or visa versa and is usually caused by configuration mismatches between sides of the link)
Are all of the APs in the same mode (tunnel vs bridge)? Perhaps there's an issue there.
Do all of the APs in the extrusion switch have the same port configuration (VLANs, tagged/untagged)?
Are the wireless clients able to ping anything successfully? Their own gateway, switch and wifi controller management interfaces, etc?
Are they receiving an IP from DHCP that matches the scope you expect?

I know you said this all worked with a Cisco core, but Cisco also seems to support a lot of "auto configuration" when communicating with other Cisco products that the Extreme core likely doesn't support.
Userlevel 2
Is the VLAN tagged on all the uplink ports all the way back to the router? Like Doug says, Cisco uses VTP by default, which essentially configures everything for you as long as you designate the uplink as a trunk port. (Cisco VLAN naming standards are weird). The XOS switches will require manual VLAN tagging on all the uplink ports that connect back to the routing segment.
It appears that the AP's are bridged back to the WLC and all the uplink ports are setup as tagged.

One item I did see in the iproute, is that Vlan300, which is what the AP's and WLC are on, is not listed in the iproute. Could this be the issue?
Also, Vlan300 is not listed in the IPForwarding on the Core as well.

On the Cisco, the WLC, AP's were all configured to the Vlan300 on the core switch.
Hi,

Our APs usually have a traffic vlan (tagged) and the management vlan (untagged) unless you do not need to access those APs from another VLAN it should not be necessary to have VLAN 300 in ipforwarding mode. The WLC should be able to contact all APs within the VLAN.

To come to a point, if you ping your AP's Mgmt Address in VLAN 300 from anyother VLAN this will not work. If you ping a device in the traffic vlan (which is 118 from what I understand) then this should work.

I would advise to check on your uplink ports configuration (tagged/untagged). E.g. to VLAN 118 no Ports are attached on two of your sh vlan prints and the VLAN is therfore in disabled state.

Regards
Unless all your APs plug directly into your core, none of your APs are on vlan300 right now. (sh vlan on both edge switches only show v300 assigned to 2 ports with only 1 active)
I think it may be time for methodical documentation. This generally leads to finding the issue.
Start at your core, go through every port and verify they have the vlans needed and are in the correct tagged/untagged binding, verify all LAG groups are configured as you expect them to be.
Go to the WLC, verify that it is plugged into the port(s) you expect it to be in, verify any LAG configuration, verify tagged/untagged expectations of vlans.
Go to the edge switches, verify that they are connected to the core in the ports you expect them to be in, lag configuration, verify AP ports are configured as you expect them to be and that the APs are receiving the IP you expect them to have.
If you have edp enabled (and I recommend it) you can use "show edp ports all detail" to verify what port and vlans the other side of a EN to EN link has.

We use Aruba for wlan here, but the idea should be similar.
All end-user vlans and the management vlan are tagged into the WLC. We use 2x10GBps LACP groups for our WLCs, so LACP must be configured on both sides of the link.
Our APs connect to the edge switches on untagged ports in the local VLAN for that building/floor and DHCP is used to tell the APs where to connect. It sounds like you're expecting to be using Layer2 discovery where all APs should be in the same VLAN as the management/primary interface of the WLCs.
The end-user traffic is then tunneled back to the WLC, which does its magic and spits the traffic out onto the end-user VLANs into the core for routing.

Reply