04-02-2012 09:54 PM
Hello, hopefully I can express this well enough but we are trying to set up our brand new 3+ year old NetIron MLX8, we needed a serious upgrade and put our unopened spares from one network to use on another, but our support contract has since lapsed. Our operations do not afford too much network downtime and thus we have been trying to do this over the past few days that we have had some with limited success. We are eventually (hopefully in the next week or two) going to fully migrate from the 3 to 8 year old Cisco equipment that we are currently using. We have already successfully migrated off of the Cisco 3825 Router that we have been using for years, that went ok and we didn't have too much problem, but...the switch and it's VLANs OMG!
NetIron MLX8 Chassis
2 - 1GX20 fiber modules loaded with Gbics
2 - 1GX20 Copper modules
1 - management module
As I had stated, we successfully configured the router, this consisted of 4 VLANs; 1 - Internet network, 1 - Tunneled network (this is basically a passthrough port) 1 - uplink to an FTP setup on a server, 1 - uplink to a Cisco 4506 (this is our current production switch and will be replaced when we get the MLX Switch part figured out). Trying to configure our Switch VLANs, 1 for Workstations, 1 for VoIPs, 1 for Servers and Printers, and 1 for our VM Management has proven to be quite an exercise in frustration. Obviously there is quite a bit more that goes into configuring the switch than we expected, especially as compared to the Cisco 3825 -> Cisco 4506. We have been scouring the Config guide and trying everything that we can, but we cannot get our Internet network to talk to the VLANs. We have VLAN 200 that is our Workstations, we have it configured with interfaces 1/1 to 2/20 as our workstation ports range with 1/1 connected to a server as our test link. We have configured a Virtual Interface VE and gave it the Gateway Ip address for that subnet, but when we enable that VE, we lose the connection on our uplink to the Cisco...without the interface on 1/1 picking it up...what are we missing? We are not feeding any Edge switches thus our ports are untagged, this should be a pretty easy and straightforward configuration but we just cannot get this talking. The original MLX's that are/have been running for the past few years were configured by an install team and thus there is nobody that has any experience with a fresh install, only a few years of operation/maintenance of them.
I hope I have explained this well enough for you to understand, but I/we really need some assistance with figuring out how to get our Router pushing traffic through our Switch and it's VLANs.
04-13-2012 05:53 PM
First of all, I guess you figured out that the MLX ports are all disabled by default. You have to manually enable them (???).
"We have VLAN 200 that is our Workstations, we have it configured with interfaces 1/1 to 2/20 as our workstation ports range with 1/1 connected to a server as our test link"
I assume you can talk to each other and the server at this point?
"We have configured a Virtual Interface VE and gave it the Gateway Ip address for that subnet, but when we enable that VE, we lose the connection on our uplink to the Cisco"
I'm not sure what you mean here. How are you uplinked to the Cisco?
"...without the interface on 1/1 picking it up"
I thought 1/1 went to a server? Why would it pick up a circuit to the Cisco?
If you have only untagged ports ("access ports") configured on the MLX, you'll need to connect it to an "access" port on the Cisco as the other end of that connection - The VLAN IDs don't even matter since you're not passing tags between the MLX and the Cisco. That will give you a layer-2 connection, which is all you need to accomplish hooking the switches together. You're basically just using the MLX like a $30 netgear unmanaged switch. No need for a virtual interface at this point. If you're looking to route into other subnets and you can already do that from the Cisco VLAN that you just connected, it should just work. Just unplug a workstation from the Cisco and plug it into the MLX - nothing needs to be changed.
If you're adding new routes, you just have to get your routing straight, but I wouldn't set up routing on both switches - that would be redundant. I'd keep all my routing consolidated in one place. Since it appears to already be set up and working on the Cisco, just leave it there and add any new routes there.
If you need to "trunk" multiple VLANs so that you can have "access" ports to those VLANs on the MLX, just configure your uplinks as "tagged" on the MLX and VLAN "trunks" on the Cisco side. The Cisco can still do all of the routing between those VLANs.
There's no difference in configuring the MLX or the Cisco's except for the proprietary terminology Cisco uses.
int ge 0/1
switchport mode access
switchport access vlan 200
int ge 0/2
switchport mode trunk
switchport trunk allowed vlan 200,300,400
tag e 1/2
tag e 1/2
tag e 1/2
interface vlan 200
ip address 172.16.1.1 255.255.0.0
router-interface ve 200
int ve 200
ip address 172.16.1.1/16
It's all the same thing....
04-18-2012 04:16 PM
Kurt, Thanks for the reply. We have made some progress in getting this thing up and running after we discovered the need for Router Interfaces for each VLAN. Once that was configured we tested on the Test machine (the server with the gig fiber nic that is simulating a workstation) and had network connectivity, but I am definitely having some performance issues.
We now have all of our servers, printers and voips off of the Cisco 4506 and on the MLX, but we still have our workstations on the Cisco while we await the Gig Fiber nics. Anyway, we blew out the configuration of the 4506 as we suspected having duplicate identical VLANs on each device was causing our problems, and also double-checked the Routes for any error or omissions. Additionally, to make for a more convenient transition to Gig Fiber Nics in the workstations, I have one of my gig fiber Workstation ports on the MLX feeding the 4506 where the workstations are currently connected, this way I can just install the NICs in the machines and patch them to the MLX as I go along. By the way, the 4506 is a Legacy chassis and was not upgradeable with a Gig module, so we decided to put one of the spares from the other network to use rather than try to get money for a new one from the budgetless govt.
So now I have things running on the MLX but my performance is absolutely awful, it is running like I have something in half-duplex, but I have gone through and checked everything on both the MLX and the 4506 and I can find no speed mismatches. It takes a very long time to login via Remote Desktop to any of my servers (all VMs) and when it does I often get RDP disconnections/reconnections, I have very spotty performance on my vCenter, and I even had one user try to launch a 320kb Powerpoint presentation, and after 15 min he gave up...I didn't have much better luck. I feel like I just set up a big giant collision domain instead of a 5+ times faster router/switch, trust me when I say that my users are not happy. Any help would be very welcomed.
04-18-2012 04:44 PM
I can pretty much guarantee that there are no performance issues with a properly functioning MLX-8. Sounds like you have some kind of looping going on. If it's not a layer-2 loop (which I'm sure would be obvious with all the lights blinking like mad), then a potential routing loop, or ambiguous routes.
Once again, in your first scenario, you had 40 ports on the MLX configured as untagged on VLAN 200 for workstation/server access. You said yuo have a VLAN for Internet, I'm not sure if this is the private side or the public side. I'm not quite sure why you would need a separate VLAN for the private side, so I assume this VLAN distributes public address space to Internet gateway routers. You'd need to provide some kind of diagram. Since you can't attach in this forum, maybe post a link to a webpage with a diagram? With that I might be able to provide more help.
04-20-2012 10:34 AM
Hi Patrick! If you want to attach an image to this discussion, please click "Show Full Editor" at the top of the discussion box. Then you will be able to see the Camera Icon to attach a photo in this discussion thread.
2) Click the "Camera Icon":
Hope this helps!
Global Community Administrator