11-08-2023 02:40 PM
Hello,
So I've currently got inherited a large Extreme network across multiple sites made up of x440-g2 edge switching with X660 core switches.
I need to remove one of the X660 switches to utilise it elsewhere. It's currently under not much use. Connected to the X660 in question is just one X440 edge stack. What I would like to do is remove the X660 where the X440 stack connects to and connect the X440 stack directly to our main X660 core in our main server room (which is where the current X660 is connected to).
Current setup.
Secondary Site where I want to remove the X660 -
X660 IP 10.1.1.3 - Connected back to main site through private fibre. There's 3 VLANs with interfaces on this X660 which are used solely on this site.
configure vlan VLAN-Data ipaddress 10.10.10.1 255.255.255.0
enable ipforwarding vlan VLAN-Data
configure vlan VLAN-Voice ipaddress 10.10.20.1 255.255.254.0
enable ipforwarding vlan VLAN-Voice
configure vlan VLAN-Security ipaddress 10.10.30.1 255.255.255.0
enable ipforwarding vlan VLAN-Security
enable iproute sharing vr VR-Default
configure iproute add default 10.1.1.2 (Main Site X660 IP)
configure bootprelay add DHCPServerIP vr VR-Default
enable bootprelay ipv4 vlan VLAN-Data
enable bootprelay ipv4 vlan VLAN-Voice
enable bootprelay ipv4 vlan VLAN-Security
X440 Stack IP 10.1.1.31
All VLANs are tagged on the links between the X440 and the X660 - all working without issue.
I've updated the default route to now be the X660 core at our main site.
configure iproute add default 10.1.1.2 (Main Site X660 IP)
Main Site -
X660 IP 10.1.1.2 - connected to all various sites / servers / local stacks through own private fibre. Most VLAN interfaces reside on this for the majority of sites as we only have a small number of other sites with X660s connected up to this.
Route - The default route on this X660 is to our firewall IP. There's an additional route on here that includes the IP ranges of the Secondary Site pointing the route to the IP address of the Secondary Site X660 IP.
configure iproute add default firewallIP
configure iproute add 10.10.0.0 255.255.0.0 10.1.1.3 (Secondary Site X660 IP)
Current Setup Continued
So the uplink from the Secondary Site X660 was removed and placed into the X440 stack. The X440 stack instantly came online without issue and now directly connects to the Main Site X660. VLANs that reside (with interfaces) and are tagged through on the Main Site X660 work without issue. The issue lies with the VLANs that resided on the X660 at the Secondary Site - Now obviously the first thing is that they no longer have an interface address.
What I've tried.
First Attempt - I thought I could just easily add the interface(s) that existed on the Secondary Site X660 to the X440 stack, ensure bootprelay is configured (Note - At this point the Secondary Site X660 was no longer live on the network and nothing connected to it) and update the route on the Main Site.
from
configure iproute add 10.10.0.0 255.255.0.0 10.1.1.3
to
configure iproute add 10.10.0.0. 255.255.0.0 10.1.1.31 (Secondary Site X440 IP)
Secondary Site X440
configure vlan VLAN-Data ipaddress 10.10.10.1 255.255.255.0
enable ipforwarding vlan VLAN-Data
configure vlan VLAN-Voice ipaddress 10.10.20.1 255.255.254.0
enable ipforwarding vlan VLAN-Voice
configure vlan VLAN-Security ipaddress 10.10.30.1 255.255.255.0
enable ipforwarding vlan VLAN-Security
configure bootprelay add DHCPServerIP vr VR-Default
enable bootprelay ipv4 vlan VLAN-Data
enable bootprelay ipv4 vlan VLAN-Voice
enable bootprelay ipv4 vlan VLAN-Security
This didn't seem to work and I had no network connectivity from the VLANs in question.
Second Attempt - I undid what I did, I then thought I would use the main X660 core for the main interfaces for the VLANs and ensure they're tagged through the links.
enable bootprelay ipv4 vlan VLAN-Data
enable bootprelay ipv4 vlan VLAN-Voice
enable bootprelay ipv4 vlan VLAN-Security
configure vlan VLAN-Data ipaddress 10.10.10.1 255.255.255.0
enable ipforwarding vlan VLAN-Data
configure vlan VLAN-Voice ipaddress 10.10.20.1 255.255.254.0
enable ipforwarding vlan VLAN-Voice
configure vlan VLAN-Security ipaddress 10.10.30.1 255.255.255.0
enable ipforwarding vlan VLAN-Security
Remove the route for the IP ranges that were on the Secondary Site X660 so they now should just use the default route
configure iproute delete 10.10.0.0 255.255.0.0 10.1.1.3
Tag VLANs on the link ports of the X440 & X660
Still nothing on the VLANs in question - Tried to static my IP on the range just in case there was a DHCP issue somewhere but still no connectivity.
I'm at a loss now. If it wasn't for a number of cameras on VLAN-Security using static addresses I'd have removed them all together and just passed through some already in use VLANs from the Main Site X660.
Sorry for the long post and if it sounds over complicated. Any help would be appreciated - I'm sure I've missed some basic config out that may help with this but if you let me know anything else I need to provide I'll post it up.
Thank you!
Solved! Go to Solution.
11-27-2023 12:57 PM
Both the first and second scenarios you describe seem like they should have worked to me. Can you give a little more information about specifically what was not working? For example, were you able to reach other devices within the VLAN? What about between VLANs that live on X440 where the config changes have been occurring?
The one thing I would suggest checking is any routes needed on the firewall. I'm not sure if one needs to be updated or not, but I would make sure there is a route for the networks in question pointing in the correct direction.
11-27-2023 12:57 PM
Both the first and second scenarios you describe seem like they should have worked to me. Can you give a little more information about specifically what was not working? For example, were you able to reach other devices within the VLAN? What about between VLANs that live on X440 where the config changes have been occurring?
The one thing I would suggest checking is any routes needed on the firewall. I'm not sure if one needs to be updated or not, but I would make sure there is a route for the networks in question pointing in the correct direction.