david_griswold
asked on
Dell 6224f VLAN Routing not working (the way I think it should.)
Just a little background, I am a 21+ year IT pro, jack-of-all-trades type, but I would have to admit that networking is not my strongest area.
I think this is simple. Recently I moved the core routing off of my Checkpoint firewall and on to the Dell 6224. Currently, I am using only one port on the switch (actually 3, but the other two are for other networks, so they don't apply) and I have routing working for production networks. That is the key here, clients can get to servers, all the applications work.
But, there is a management network as well. Most of the devices on the management network use the 6224 as their default GW and I can access those from other subnets/VLANs. However, some of the IPs on the management network belong to Windows servers, which are dual-homed and have their default GWs on the production subnet/VLAN. When I try to access those IPs, I can't. Previously, when I was using the Checkpoint as the router, I could access those dual-homed systems on either IP.
I suspect that because the Checkpoint is more than a router, that has something to do with it. I also suspect that the current behavior is not wrong. SO, I guess my question is if it worked before, why not now? Or if it should still work, why doesn't it?
I think this is simple. Recently I moved the core routing off of my Checkpoint firewall and on to the Dell 6224. Currently, I am using only one port on the switch (actually 3, but the other two are for other networks, so they don't apply) and I have routing working for production networks. That is the key here, clients can get to servers, all the applications work.
But, there is a management network as well. Most of the devices on the management network use the 6224 as their default GW and I can access those from other subnets/VLANs. However, some of the IPs on the management network belong to Windows servers, which are dual-homed and have their default GWs on the production subnet/VLAN. When I try to access those IPs, I can't. Previously, when I was using the Checkpoint as the router, I could access those dual-homed systems on either IP.
I suspect that because the Checkpoint is more than a router, that has something to do with it. I also suspect that the current behavior is not wrong. SO, I guess my question is if it worked before, why not now? Or if it should still work, why doesn't it?
I think that the default managament vlan (vlan 1) is not routable. Is one of the interfaces on the servers connected to that vlan?
ASKER
No, I am not using VLAN 1
ASKER
In this case I am calling VLAN 30 my management VLAN - completely arbitrary. I will post my configs if someone thinks it would help.
Yes that would help
ASKER
Here ya go
!Current Configuration:
!System Description "PowerConnect 6224F, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,30,98,150,210,230
vlan routing 98 1
vlan routing 10 2
vlan routing 150 3
vlan routing 210 4
vlan routing 230 5
vlan routing 30 6
exit
sntp unicast client enable
sntp server 172.30.10.5
clock timezone -5 minutes 0 zone "CST"
stack
member 1 3
exit
switch 1 priority 1
ip address 192.168.0.254 255.255.255.0
ip default-gateway 192.168.0.1
ip name-server 172.30.10.5
no ipv6 forwarding
ip routing
ip route 10.10.101.0 255.255.255.0 10.10.98.1
ip route 10.10.100.0 255.255.255.0 10.10.98.1
ip route 0.0.0.0 0.0.0.0 172.30.10.3
ip route 10.10.102.0 255.255.255.0 10.10.98.1
ip route 10.10.103.0 255.255.255.0 10.10.98.1
ip route 10.10.0.0 255.255.255.0 10.10.98.1
ip route 10.10.2.0 255.255.255.0 10.10.98.1
ip route 10.10.3.0 255.255.255.0 10.10.98.1
ip route 10.10.4.0 255.255.255.0 10.10.98.1
ip route 10.10.5.0 255.255.255.0 10.10.98.1
ip route 192.168.0.0 255.255.254.0 10.10.98.1
ip route 192.168.15.0 255.255.255.0 10.10.98.1
ip route 10.10.96.0 255.255.255.0 10.10.98.1
ip route 172.30.151.0 255.255.255.0 172.30.150.2
router rip
no enable
exit
interface vlan 10
routing
ip address 172.30.10.254 255.255.255.0
exit
interface vlan 30
routing
ip address 172.30.30.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 98
routing
ip address 10.10.98.254 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 150
routing
ip address 172.30.150.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 210
routing
ip address 172.40.10.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 230
routing
ip address 172.40.30.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
username "admin" password xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxx level 15 encrypted
no spanning-tree
!
interface ethernet 1/g21
switchport mode general
switchport general pvid 210
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 210
exit
!
interface ethernet 1/g22
switchport mode trunk
switchport trunk allowed vlan add 10,30,150,210,230
exit
!
interface ethernet 1/g23
mtu 9216
switchport mode trunk
switchport trunk allowed vlan add 10,30,98,150,210,230
exit
!
interface ethernet 1/g24
switchport mode trunk
switchport trunk allowed vlan add 10,30,150,210,230
exit
snmp-server community Opsview ro ipaddress 172.30.10.144
exit
!Current Configuration:
!System Description "PowerConnect 6224F, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,30,98,150,210,230
vlan routing 98 1
vlan routing 10 2
vlan routing 150 3
vlan routing 210 4
vlan routing 230 5
vlan routing 30 6
exit
sntp unicast client enable
sntp server 172.30.10.5
clock timezone -5 minutes 0 zone "CST"
stack
member 1 3
exit
switch 1 priority 1
ip address 192.168.0.254 255.255.255.0
ip default-gateway 192.168.0.1
ip name-server 172.30.10.5
no ipv6 forwarding
ip routing
ip route 10.10.101.0 255.255.255.0 10.10.98.1
ip route 10.10.100.0 255.255.255.0 10.10.98.1
ip route 0.0.0.0 0.0.0.0 172.30.10.3
ip route 10.10.102.0 255.255.255.0 10.10.98.1
ip route 10.10.103.0 255.255.255.0 10.10.98.1
ip route 10.10.0.0 255.255.255.0 10.10.98.1
ip route 10.10.2.0 255.255.255.0 10.10.98.1
ip route 10.10.3.0 255.255.255.0 10.10.98.1
ip route 10.10.4.0 255.255.255.0 10.10.98.1
ip route 10.10.5.0 255.255.255.0 10.10.98.1
ip route 192.168.0.0 255.255.254.0 10.10.98.1
ip route 192.168.15.0 255.255.255.0 10.10.98.1
ip route 10.10.96.0 255.255.255.0 10.10.98.1
ip route 172.30.151.0 255.255.255.0 172.30.150.2
router rip
no enable
exit
interface vlan 10
routing
ip address 172.30.10.254 255.255.255.0
exit
interface vlan 30
routing
ip address 172.30.30.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 98
routing
ip address 10.10.98.254 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 150
routing
ip address 172.30.150.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 210
routing
ip address 172.40.10.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
interface vlan 230
routing
ip address 172.40.30.1 255.255.255.0
bandwidth 10000
ip mtu 1500
exit
username "admin" password xxxxxxxxxxxxxxxxxxxxxxxxxx
no spanning-tree
!
interface ethernet 1/g21
switchport mode general
switchport general pvid 210
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 210
exit
!
interface ethernet 1/g22
switchport mode trunk
switchport trunk allowed vlan add 10,30,150,210,230
exit
!
interface ethernet 1/g23
mtu 9216
switchport mode trunk
switchport trunk allowed vlan add 10,30,98,150,210,230
exit
!
interface ethernet 1/g24
switchport mode trunk
switchport trunk allowed vlan add 10,30,150,210,230
exit
snmp-server community Opsview ro ipaddress 172.30.10.144
exit
Can you expound on your statement "When you try to access those ip's?" How, from where?
ASKER
My workstations is on the 172.30.151.0/24 subnet, any attempt to access (ping, RDP, etc) one of the dual-homed systems by it's VLAN 30 IP, it fails. On a non-dual-homed server on the 172.30.10.0/24 (VLAN 10) subnet, any attempt to access one of the dual-homed systems by it's VLAN 30 IP, it fails. But from either location, if want to access one of my VMware hosts, which only has an IP on VLAN 30, so it's default GW is on VLAN 30, I can access those hosts, as expected.
What other vlan it the dual homes servers connected to other than vlan 30?
ASKER
VLAN 10
I am pretty sure this is just basic IP 101. That doesn't explain why I could access those IPs without a gateway when they were being routed by the Checkpoint.
I am pretty sure this is just basic IP 101. That doesn't explain why I could access those IPs without a gateway when they were being routed by the Checkpoint.
I've requested that this question be deleted for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did discover a solution to my issue and posted it.
ASKER
It seems that spanning tree protocol on these Dell switches, at least in smaller installations, causes more problems.