This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- End of Service Products
- c3g124-48 configuration intervlan routing and acce...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
c3g124-48 configuration intervlan routing and access policy and hyper-v integration
c3g124-48 configuration intervlan routing and access policy and hyper-v integration
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-17-2017 11:25 AM
Hello, I'm new in configuring C3g124-48
I have a switch from you and it has the firmware in its last version, however I have some difficulties in the configuration shown below:
What I intend to create:
VLAN ID
ID NAME IP (/24) Gtw
1 Cliente 10.1.0.1
10 Administração 10.1.1.1
20 Tecnica 10.1.2.1
30 Servidores 10.1.3.1
40 Voip 10.1.4.1
50 Cameras 10.1.5.1
60 Testes 10.1.6.1
70 Public 10.1.7.1
Rules of Access:
Inter Vlan Access
ID 1 10 20 30 40 50 60 70
1 X - - X - - - -
10 X X X X X X X -
20 X - X X X X X X
30 X X X X X X X -
40 - - - X - X - -
50 - X - X - X - -
60 X - X X - - - X
70 X - - - - - - X
Vlan 30 - LACP configured on ports 44 - 48 Ports
Swicth Data:
IP Layer Vlan Default: 10.1.0.254/24
Each of the VLANs the switch would be the default gateway and the static routing between the gateway, switch and vlans.
Configuring access rules to filter traffic as shown above.
This configuration below do not know if it would be possible to create in this swicth:
Dynamic VLAN configured on port 42-43, where the Hyper-V Mac Source is: 0A: F1: 04: xx: xx: xx and will receive virtual machines with dynamic routing that only have access to them and to the router's ip, in addition to Access to the gateway IP, in case 10.1.0.1/24
Each VM Created with this MAC start belongs to a VLAN that can not access any of the other VLANs, only Gateway access.
Can you tell me if it would be possible to create this scenario on your Switch? If you can not create this whole scenario, how far can I go with your switch and which product of yours could satisfy the requirements for a network with this complexity.
Att,
Bruno D'Anna
I have a switch from you and it has the firmware in its last version, however I have some difficulties in the configuration shown below:
What I intend to create:
VLAN ID
ID NAME IP (/24) Gtw
1 Cliente 10.1.0.1
10 Administração 10.1.1.1
20 Tecnica 10.1.2.1
30 Servidores 10.1.3.1
40 Voip 10.1.4.1
50 Cameras 10.1.5.1
60 Testes 10.1.6.1
70 Public 10.1.7.1
Rules of Access:
Inter Vlan Access
ID 1 10 20 30 40 50 60 70
1 X - - X - - - -
10 X X X X X X X -
20 X - X X X X X X
30 X X X X X X X -
40 - - - X - X - -
50 - X - X - X - -
60 X - X X - - - X
70 X - - - - - - X
Vlan 30 - LACP configured on ports 44 - 48 Ports
Swicth Data:
IP Layer Vlan Default: 10.1.0.254/24
Each of the VLANs the switch would be the default gateway and the static routing between the gateway, switch and vlans.
Configuring access rules to filter traffic as shown above.
This configuration below do not know if it would be possible to create in this swicth:
Dynamic VLAN configured on port 42-43, where the Hyper-V Mac Source is: 0A: F1: 04: xx: xx: xx and will receive virtual machines with dynamic routing that only have access to them and to the router's ip, in addition to Access to the gateway IP, in case 10.1.0.1/24
Each VM Created with this MAC start belongs to a VLAN that can not access any of the other VLANs, only Gateway access.
Can you tell me if it would be possible to create this scenario on your Switch? If you can not create this whole scenario, how far can I go with your switch and which product of yours could satisfy the requirements for a network with this complexity.
Att,
Bruno D'Anna
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-25-2017 03:22 PM
Hi,
I think that "ip routing" is default on the C3, thus it does not show up in "show run." You could try something like "show config all router" in the switch mode of the CLI. A "no ip routing" might show up in the running configuration, if accepted.
Routing is easily testable, just connect two devices (e.g. PCs) to ports in different VLANs, configure SVIs for each VLAN, give the two test devices appropriate IP addresses and default gateways, and verify packet forwarding between the two devices. The switch will show the SVI's subnets as directly connected routes with "show ip route."
Without anything connected to the switch, the SVIs will be down (inactive), and no routes will show up in "show ip route."
Erik
I think that "ip routing" is default on the C3, thus it does not show up in "show run." You could try something like "show config all router" in the switch mode of the CLI. A "no ip routing" might show up in the running configuration, if accepted.
Routing is easily testable, just connect two devices (e.g. PCs) to ports in different VLANs, configure SVIs for each VLAN, give the two test devices appropriate IP addresses and default gateways, and verify packet forwarding between the two devices. The switch will show the SVI's subnets as directly connected routes with "show ip route."
Without anything connected to the switch, the SVIs will be down (inactive), and no routes will show up in "show ip route."
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-21-2017 03:23 PM
this is a resume of config used in Vlan 20, please help us to review the problem in this config file:
#set vlan create 20set vlan name 20 "tecnica"
#set vlan dynamicegress 20 enable --> dinamic association for hosts, but not use in this moment, only one test
#set vlan association subnet 10.1.2.0 255.255.255.0 20
#Router Configuration
#router
#enable
#configure
i#nterface vlan 20
#ip address 10.1.2.1 255.255.255.0
i#p rip enable
#no shutdown
#exit
#set port vlan ge.1.16 20
the command "#ip routing" do not show in the config file
#set vlan create 20set vlan name 20 "tecnica"
#set vlan dynamicegress 20 enable --> dinamic association for hosts, but not use in this moment, only one test
#set vlan association subnet 10.1.2.0 255.255.255.0 20
#Router Configuration
#router
#enable
#configure
i#nterface vlan 20
#ip address 10.1.2.1 255.255.255.0
i#p rip enable
#no shutdown
#exit
#set port vlan ge.1.16 20
the command "#ip routing" do not show in the config file
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-21-2017 03:17 PM
Hello, Erick, the problem I'm facing at this point, if I notice in the configuration file, port 16 is mapped to vlan 20, but I can not turn on the switch routing with the command:#ip routing He accepts the command but it does not appear in the #show running-config I'm afraid I'm doing something wrong.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-18-2017 03:06 PM
Hi Bruno,
it should be possible to implement your scenario using a C3. You could use ACLs to implement the access restrictions.
If you want the C3 to route in the same VLAN you want to use for management, you should not use the host IP interface at all, just use SVIs (Switched Virtual Interface, interface vlan X).
For an SVI to become active, the VLAN needs to have at least one port active. As long as an SVI is not active, the network will not show up as directly connected and you will not be able to ping the configured address.
Erik
it should be possible to implement your scenario using a C3. You could use ACLs to implement the access restrictions.
If you want the C3 to route in the same VLAN you want to use for management, you should not use the host IP interface at all, just use SVIs (Switched Virtual Interface, interface vlan X).
For an SVI to become active, the VLAN needs to have at least one port active. As long as an SVI is not active, the network will not show up as directly connected and you will not be able to ping the configured address.
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-17-2017 12:55 PM
this is my config file:
# Firmware Revision: 06.61.16.0002#ip
set ip address 10.1.0.254 mask 255.255.255.0 gateway 10.1.0.1
set switch member 1 11
#vlan
set vlan create 10
set vlan create 20
set vlan create 30
set vlan create 40
set vlan create 50
set vlan create 60
set vlan create 70
set vlan name 10 "adm"
set vlan name 20 "tecnica"
set vlan name 30 "Servidores"
set vlan name 40 "Voip"
set vlan name 50 "camera"
set vlan name 60 "testes"
set vlan name 70 "publica"
clear vlan egress 1 ge.1.16
set vlan egress 10 ge.1.16 tagged
set vlan egress 20 ge.1.16 untagged
set vlan dynamicegress 20 enable
set vlan association subnet 10.1.2.0 255.255.255.0 20
!
#Router Configuration
router
enable
configure
ip igmp
interface vlan 10
ip address 10.1.1.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 20
ip address 10.1.2.1 255.255.255.0
ip rip enable
no shutdown
exit
interface vlan 30
ip address 10.1.3.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 40
ip address 10.1.4.1 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 10.1.5.1 255.255.255.0
no shutdown
exit
interface vlan 60
ip address 10.1.6.1 255.255.255.0
no shutdown
exit
router rip
distance 30
exit
exit
exit
exit
!
#dhcp
!
set dhcp enable
set dhcp bootp enable
!
#lacp
set lacp static lag.0.1
set lacp aadminkey lag.0.1 1
!
#port
set port lacp port ge.1.40 aadminkey 1
set port lacp port ge.1.41 aadminkey 1
set port lacp port ge.1.42 aadminkey 1
set port lacp port ge.1.43 aadminkey 1
set port lacp port ge.1.44 aadminkey 1
set port lacp port ge.1.45 aadminkey 1
set port lacp port ge.1.46 aadminkey 1
set port lacp port ge.1.47 aadminkey 1
set port lacp port ge.1.48 aadminkey 1
set port lacp port ge.1.40 disable
set port lacp port ge.1.41 disable
set port lacp port ge.1.42 disable
set port lacp port ge.1.43 disable
set port lacp port ge.1.45 disable
set port lacp port ge.1.46 disable
set port lacp port ge.1.47 disable
set port lacp port ge.1.48 disable
set port vlan ge.1.16 20
!
#ssh
set ssh enabled
!
end
# Firmware Revision: 06.61.16.0002#ip
set ip address 10.1.0.254 mask 255.255.255.0 gateway 10.1.0.1
set switch member 1 11
#vlan
set vlan create 10
set vlan create 20
set vlan create 30
set vlan create 40
set vlan create 50
set vlan create 60
set vlan create 70
set vlan name 10 "adm"
set vlan name 20 "tecnica"
set vlan name 30 "Servidores"
set vlan name 40 "Voip"
set vlan name 50 "camera"
set vlan name 60 "testes"
set vlan name 70 "publica"
clear vlan egress 1 ge.1.16
set vlan egress 10 ge.1.16 tagged
set vlan egress 20 ge.1.16 untagged
set vlan dynamicegress 20 enable
set vlan association subnet 10.1.2.0 255.255.255.0 20
!
#Router Configuration
router
enable
configure
ip igmp
interface vlan 10
ip address 10.1.1.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 20
ip address 10.1.2.1 255.255.255.0
ip rip enable
no shutdown
exit
interface vlan 30
ip address 10.1.3.1 255.255.255.0
ip igmp enable
ip rip enable
no shutdown
exit
interface vlan 40
ip address 10.1.4.1 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 10.1.5.1 255.255.255.0
no shutdown
exit
interface vlan 60
ip address 10.1.6.1 255.255.255.0
no shutdown
exit
router rip
distance 30
exit
exit
exit
exit
!
#dhcp
!
set dhcp enable
set dhcp bootp enable
!
#lacp
set lacp static lag.0.1
set lacp aadminkey lag.0.1 1
!
#port
set port lacp port ge.1.40 aadminkey 1
set port lacp port ge.1.41 aadminkey 1
set port lacp port ge.1.42 aadminkey 1
set port lacp port ge.1.43 aadminkey 1
set port lacp port ge.1.44 aadminkey 1
set port lacp port ge.1.45 aadminkey 1
set port lacp port ge.1.46 aadminkey 1
set port lacp port ge.1.47 aadminkey 1
set port lacp port ge.1.48 aadminkey 1
set port lacp port ge.1.40 disable
set port lacp port ge.1.41 disable
set port lacp port ge.1.42 disable
set port lacp port ge.1.43 disable
set port lacp port ge.1.45 disable
set port lacp port ge.1.46 disable
set port lacp port ge.1.47 disable
set port lacp port ge.1.48 disable
set port vlan ge.1.16 20
!
#ssh
set ssh enabled
!
end
