Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 6
Registered: ‎12-16-2013

Initial Config (6610 and 6450)

Hi all - i'm going to ask what I believe to be a common, and simple process - i'm just getting hung up on this.

 

My environment consists (lab right now) of a 6610 and a 6450.  I've got the two connected together via a 10Gb fiber.

 

I've got two vlans created on both devices:

PORT-VLAN 10, Name MGMT-Subnet_10.0.10.0/24, Priority level0, Spanning tree On

PORT-VLAN 20, Name ART-LS-Subnet_10.0.20.0/24, Priority level0, Spanning tree Off

 

I've got a device plugged into the 6610 configured on VLAN 10 / port is dual mode there.

I've got a device plugged into the 6450 configure on VLAN 20 / port is dual mode there.

 

From either of these devices I can ping their related Virtual Interfaces (configure on the 6610).

 

---

What i'm trying to accomplish

 

What I can not do is talk between vlans.  I can't ping the VE for VLAN 20 from VLAN 10, or vice versa.  I can see the 6450 from the 6610 - as well as see devices connected - just can't communicate.

 

I'm assuming i'm missing setting up either link-agg on the uplink ports, or trunking ... again, i'm new to this realm and trying to solidfy the design in my lab.  The 6610 will be our "core" with 6450's at the edge for our edge closets.  Eventually we'll have many more VLANs to represent traffic areas and such - that will of course need to communicate with the other VLANS.

 

Any help is greatly appreciated - or if i need to better explain something I can do that too.  Configs are below:

 

6610 (core):

ICX6610-24 Router(config)#show run
Current configuration:
!
ver 07.3.00cT7f3
!
stack unit 1
  module 1 icx6610-24-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  stack-trunk 1/2/1 to 1/2/2
  stack-trunk 1/2/6 to 1/2/7
stack disable
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 name MGMT-Subnet_10.0.10.0/24 by port
 tagged ethe 1/1/13 ethe 1/3/1
 router-interface ve 10
 spanning-tree
!
vlan 20 name ART-LS-Subnet_10.0.20.0/24 by port
tagged ethe 1/3/1
 router-interface ve 20
!
vlan 30 name WLAN-Subnet_10.0.30.0/23 by port
 tagged ethe 1/3/1
 router-interface ve 30
 spanning-tree
!
!
!
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
boot sys fl sec
enable telnet authentication
no ip dhcp-client auto-update enable
ip dns domain-name luv
username admin password .....
cdp run
fdp run
snmp-server contact Josh or Lori
snmp-server location ITS Data Center

web-management https
web-management enable ethe 1/1/23
interface management 1
 ip address 10.0.0.15 255.255.255.0
!
interface ethernet 1/1/13
 dual-mode  10
!
interface ethernet 1/3/1
 speed-duplex 10G-full
 no spanning-tree
!
interface ve 10
 ip address 10.0.10.254 255.255.255.0
!
interface ve 20
 ip address 10.0.20.254 255.255.255.0
!
interface ve 30
ip address 10.0.31.254 255.255.254.0
!
!
!
!
!

!
end

ICX6610-24 Router(config)#

 

6450 (edge):

telnet@ICX6450-48P Switch>show run
Current configuration:
!
ver 07.4.00bT311
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 name MGMT-Subnet_10.0.10.0/24 by port
 tagged ethe 1/2/1
 uplink-switch ethe 1/2/1
 no spanning-tree
!
vlan 20 name ART-LS-Subnet_10.0.20.0/24 by port
 tagged ethe 1/1/45 ethe 1/2/1
!
vlan 30 name WLAN-Subnet_10.0.30.0/23 by port
 tagged ethe 1/2/1
untagged ethe 1/1/1 to 1/1/2
!
!
!
!
!
!
!
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
ip address 10.0.10.3 255.255.255.0
no ip dhcp-client enable
ip default-gateway 10.0.10.254
username admin password .....

web-management https
web-management enable ethe 1/1/47
interface ethernet 1/1/1
inline power power-by-class 1
!
interface ethernet 1/1/2
 inline power power-by-class 1
!
interface ethernet 1/1/45
 dual-mode  20
!
!
!
!
!

end

telnet@ICX6450-48P Switch>exit

New Contributor
Posts: 2
Registered: ‎12-15-2013

Re: Initial Config (6610 and 6450)

Hello Josh,

 

First thing i would do is upgrade both switches to 7400d

 

next thing i would do is implement Rstp on all vlans using spanning-tree 802-1w.  make sure your priorities are set correctly.

 

Your comment on link aggregation is not needed as you only have one link. If you were to have 2 links, link aggregation would improve throughput with a trunk.

 

 

the uplink-switch command on the 6450 is not needed.

 

 

as far as everything else goes, it looks good with your tagging between the switches.

 

Maybe if you could configure spanning tree and then re copy in your config with the following outputs.

 

show interface brief both switches

 

sh int eth 1/3/1 - 6610

sh int eth 1/2/1-6450

sh 802-1w- both switches

 

might give us a better idea!

 

Joe

 

 

 

Contributor
Posts: 28
Registered: ‎07-25-2013

Re: Initial Config (6610 and 6450)

can you reach the gateway from your end device?

Occasional Contributor
Posts: 6
Registered: ‎12-16-2013

Re: Initial Config (6610 and 6450)

Thanks for the feedback Joe.  I've upgraded both switches - and here is the output from the other changes.  I'm still unable to communicate from one VLAN to the other:

 

6610:

 

ICX6610-24 Router(config-if-e10000-1/3/1)#show int e 1/3/1
10GigabitEthernet1/3/1 is up, line protocol is up
  Hardware is 10GigabitEthernet, address is 748e.f8f9.b3fc (bia 748e.f8f9.b419)
  Interface type is 10Gig SFP+
  Configured speed 10Gbit, actual 10Gbit, configured duplex fdx, actual fdx
  Member of 3 L2 VLANs, port is tagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled
  Link Error Dampening is Disabled
  STP configured to OFF, priority is level0, mac-learning is enabled
  Flow Control is enabled
  Mirror disabled, Monitor disabled
  Not member of any active trunks
  Not member of any configured trunks
  No port name
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 936 bits/sec, 1 packets/sec, 0.00% utilization
  300 second output rate: 656 bits/sec, 0 packets/sec, 0.00% utilization
  53994 packets input, 3761066 bytes, 0 no buffer
  Received 132 broadcasts, 3795 multicasts, 50067 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  50592 packets output, 26638542 bytes, 0 underruns
  Transmitted 64 broadcasts, 724 multicasts, 49804 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               50551                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                   1                   0
    6                   0                   0
    7                  40                   0

 

6450:

 

telnet@ICX6450-48P Switch(config)#show int e 1/2/1
10GigabitEthernet1/2/1 is up, line protocol is up
  Hardware is 10GigabitEthernet, address is cc4e.242b.41b1 (bia cc4e.242b.41b1
  Configured speed 10Gbit, actual 10Gbit, configured duplex fdx, actual fdx
  Member of 3 L2 VLANs, port is tagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Flow Control is enabled
  Mirror disabled, Monitor disabled
  Not member of any active trunks
  Not member of any configured trunks
  No port name
  MTU 1500 bytes
  300 second input rate: 328 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 1056 bits/sec, 1 packets/sec, 0.00% utilization
  338 packets input, 80281 bytes, 0 no buffer
  Received 23 broadcasts, 161 multicasts, 154 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  1909 packets output, 140615 bytes, 0 underruns
  Transmitted 53 broadcasts, 1687 multicasts, 169 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0                   0                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                   0                   0
    6                   0                   0
    7                   0                   0

 

802-1w (6610):

 

ICX6610-24 Router(config-if-e10000-1/3/1)#show 802-1w

IEEE 802-1w is not configured on port-vlan 1

--- VLAN 10 [ STP Instance owned by VLAN 10 ] ----------------------------

Bridge IEEE 802.1W Parameters:

Bridge           Bridge Bridge Bridge Force    tx
Identifier       MaxAge Hello  FwdDly Version  Hold
hex              sec    sec    sec             cnt
8000748ef8f9b3fc 20     2      15     Default  3

RootBridge       RootPath  DesignatedBri-   Root   Max Fwd Hel
Identifier       Cost      dge Identifier   Port   Age Dly lo
hex                        hex                     sec sec sec
8000748ef8f9b3fc 0         8000748ef8f9b3fc Root   20  15  2

Port IEEE 802.1W Parameters:

       <--- Config Params --><-------------- Current state ----------------->
Port   Pri PortPath P2P Edge Role       State       Designa-  Designated
Num        Cost     Mac Port                        ted cost  bridge
1/1/13 128 20000    F   F    DESIGNATED FORWARDING  0         8000748ef8f9b3fc
1/3/1  128 0        F   F    DISABLED   DISABLED    0         0000000000000000

--- VLAN 20 [ STP Instance owned by VLAN 20 ] ----------------------------

Bridge IEEE 802.1W Parameters:

Bridge           Bridge Bridge Bridge Force    tx
Identifier       MaxAge Hello  FwdDly Version  Hold
hex              sec    sec    sec             cnt
8000748ef8f9b3fc 20     2      15     Default  3

RootBridge       RootPath  DesignatedBri-   Root   Max Fwd Hel
Identifier       Cost      dge Identifier   Port   Age Dly lo
hex                        hex                     sec sec sec
8000748ef8f9b3fc 0         8000748ef8f9b3fc Root   20  15  2

Port IEEE 802.1W Parameters:

       <--- Config Params --><-------------- Current state ----------------->
Port   Pri PortPath P2P Edge Role       State       Designa-  Designated
Num        Cost     Mac Port                        ted cost  bridge
1/3/1  128 0        F   F    DISABLED   DISABLED    0         0000000000000000

IEEE 802-1w is not configured on port-vlan 30

 

802-1w (6450):

telnet@ICX6450-48P Switch(config)#show 802-1w

IEEE 802-1w is not configured on port-vlan 1

--- VLAN 10 [ STP Instance owned by VLAN 10 ] ----------------------------

Bridge IEEE 802.1W Parameters:

Bridge           Bridge Bridge Bridge Force    tx
Identifier       MaxAge Hello  FwdDly Version  Hold
hex              sec    sec    sec             cnt
8000cc4e242b4180 20     2      15     Default  3

RootBridge       RootPath  DesignatedBri-   Root   Max Fwd Hel
Identifier       Cost      dge Identifier   Port   Age Dly lo
hex                        hex                     sec sec sec
8000cc4e242b4180 0         8000cc4e242b4180 Root   20  15  2

Port IEEE 802.1W Parameters:

       <--- Config Params --><-------------- Current state ----------------->
Port   Pri PortPath P2P Edge Role       State       Designa-  Designated
Num        Cost     Mac Port                        ted cost  bridge
1/2/1  128 2000     F   F    DESIGNATED FORWARDING  0         8000cc4e242b4180

--- VLAN 20 [ STP Instance owned by VLAN 20 ] ----------------------------

Bridge IEEE 802.1W Parameters:

Bridge           Bridge Bridge Bridge Force    tx
Identifier       MaxAge Hello  FwdDly Version  Hold
hex              sec    sec    sec             cnt
8000cc4e242b4180 20     2      15     Default  3

RootBridge       RootPath  DesignatedBri-   Root   Max Fwd Hel
Identifier       Cost      dge Identifier   Port   Age Dly lo
hex                        hex                     sec sec sec
8000cc4e242b4180 0         8000cc4e242b4180 Root   20  15  2

Port IEEE 802.1W Parameters:

       <--- Config Params --><-------------- Current state ----------------->
Port   Pri PortPath P2P Edge Role       State       Designa-  Designated
Num        Cost     Mac Port                        ted cost  bridge
1/1/45 128 20000    F   F    DESIGNATED FORWARDING  0         8000cc4e242b4180
1/2/1  128 2000     F   F    DESIGNATED FORWARDING  0         8000cc4e242b4180

IEEE 802-1w is not configured on port-vlan 30

 

Occasional Contributor
Posts: 6
Registered: ‎12-16-2013

Re: Initial Config (6610 and 6450)

Yes, i can reach the gateway from my end device, so long as that device is in the same vlan as my gateway (virtual interface address of vlan).

 

so from vlan 20 (VE is 10.0.20.254) ... from a VLAN 20 device, i can reach that.  From a VLAN 10 device, i can not.  And vice versa

Occasional Contributor
Posts: 6
Registered: ‎12-16-2013

Re: Initial Config (6610 and 6450)

Now, i can ping devices from the core (6610) to the edge (6450) that are on a designated VLAN.

 

However, communication from a device on the core, to a device on the edge - that fails.

Occasional Contributor
Posts: 6
Registered: ‎12-16-2013

Re: Initial Config (6610 and 6450)

So i'm actualy talking between VLANs now - i may have just not given a reload or enough time, but i walked to the other device, and sure enough - it was working!

 

Do those configs look pretty standard to you guys though?  Nothing i'm doing that seems out of place or incorrect?

 

My next step is to (in my mind) now create a legacy vlan, so that this equipment can talk to our old network (the old network is a single subnet - with a gateway actually being a sonicwall firewall device).

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.