Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 5
Registered: ‎11-21-2017

Routing a new vlan

I need help.

I am a newbie on Brocade, trying to set up a icx7150 FI layer3, code base is SPR08061a.bin

I am trying to vlan my network, so ipads are on vlan 2, Chromebooks on vlan 3, guests on vlan 10 and everything else on vlan 1.

vlan 1 and 10 are up and running perfectly fine, I have 2 interfaces on Sonicwall, one for guest network and one for everything else, working for existing setup.

I am trying to add vlans 2 and 3
Probelm is, I can't seem to get vlans 2 and 3 up and running.
I've been following videos and documents from Brocade/Ruckus for 2 weeks, to no avail.
A few starters:
Vlan 1 10.56.0.0/23 GW 10.56.0.1
Vlan 10 10.57.0.0/24 GW 10.57.0.1
Vlan 2 10.56.2.0/24 GW 10.56.2.1
Vlan 3 10.56.3.0/24 GW 10.56.3.1
partial show run...
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
spanning-tree
!
vlan 2 by port
tagged ethe 1/1/16 to 1/1/24
router-interface ve 2
spanning-tree
!
vlan 3 by port
tagged ethe 1/1/16 to 1/1/24
router-interface ve 3
spanning-tree
!
vlan 10 name Guest by port
tagged ethe 1/1/16 to 1/1/24
untagged ethe 1/1/1
spanning-tree
...
ip route 0.0.0.0/0 10.56.0.1
ip route 10.56.2.0/24 ve 2
ip route 10.56.2.0/24 0.0.0.0
ip route 10.56.3.0/24 ve 3
ip route 10.56.3.0/24 0.0.0.0
...
router rip
learn-default
...
interface ethernet 1/1/23
dual-mode
inline power
!
interface ethernet 1/1/24
dual-mode
inline power
!
....
interface ve 1
ip address 10.56.0.240 255.255.254.0
!
interface ve 2
ip address 10.56.2.1 255.255.255.0
!
interface ve 3
ip address 10.56.3.1 255.255.255.0
!
!
...end

I can ping 10.56.0.240, 10.56.0.1, and I am getting a DHCP address on 10.56.1.x network when plugged into the 7150.
I can't ping 10.56.2.1 or 10.56.3.1. 10.57.x network is supposed to be isolated, so not trying anything there.

Can anyone point me in the right direction, suggest a document,video or just guide me to the right configuration, to get this running.

Thank you all in advance for any help.

Frequent Contributor
Posts: 137
Registered: ‎07-20-2015

Re: Routing a new vlan

Not sure what is going on with your routing.

 

Specifically, this is a mystery to me:

 

ip route 10.56.2.0/24 ve 2
ip route 10.56.2.0/24 0.0.0.0
ip route 10.56.3.0/24 ve 3
ip route 10.56.3.0/24 0.0.0.0

 

 

Looks like you are putting in recursive, static routes to the default route.  Additionally, it looks like you are putting in static routes for directly connected networks that already exist with a metric of 0 (static uses 1).

 

I can only assume the reason is that you are using a RIP routing processes.

 

You probably want to do a "redistributed connected"

 

Additionally, on the SVI (i.e. VE interface) you probably want to to specify the versioning info, which is apparently mandatory.  It is V2 that works with VLSM (Variable Lenght Subnet Masks and your modern Classless routing).

 

For example:

 

http://www.brocade.com/content/html/en/configuration-guide/FI_08030_L3/GUID-14E023BD-F330-49D3-82A9-9385B2B665D4.html

 

 

***************

 

Why is everything Tagged?  These are trunk ports!  Do you have switches or other 802.1Q aware devices in VLAN 2 and VLAN 3 only?  I mean it is certainly possible you have different wireless networks (SSID names) residing in different VLANs on the APs trunked back via different physical interfaces and 802.1Q from the AP.

 

That said, usually,if you were doing that (from the same AP), you would have the AP plugged into one port, which would carry the trunk for multiple VLANs.

 

I am NOT certain what your setup is on the network.

 

 

Regardless, to be able to ping.

 

 

To be able to PING 10.56.2.1 or 10.56.3.1, an Interface within the VLAN that hosts the VE with that IP must be up/up.  If all interfaces are down and not passing traffic, it won't be in your routing table.

 

You can do a "sh ip route" or perhaps a "show ip route direct"

 

You should see routes for these networks.  If not, the interface is not up.

 

SSH@YourSwitch#sh ip route direct
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
Destination Gateway Port Cost Type Uptime
1 10.56.2.0/24 DIRECT ve 2 0/0 D 51d10h
2 10.56.3.0/24 DIRECT ve 3 0/0 D 1d3h

 

Lastly, what you can try to test is to temporarily remove an IP from a VE and put it on a loopback interface.

 

Lopback interfaces are ALWAYS in an UP state; hence, the reason they should also always be used for device management.  Typically, what organizations do is put a management IP on a loopback and it gets redistributed via their IGP into whatever area or AS or process they are running.. but RIP is not anyone's routing protocol of choice.

 

Most use OSPF internally if they are concerned with multi-vendor compatibility, EIGRP is commonly seen on Cisco networks, and with carriers and MPLS BGP is the norm.

 

If this is a brand new environment or relatively small deployment that can grow, I would encourage you to buy the ICX7150-PREM-LIC-SW and swith to a link-state dynamic routing protocol for the IGP.

 

Occasional Contributor
Posts: 5
Registered: ‎11-21-2017

Re: Routing a new vlan

NETWizz,

 

Thank you for your reply.

 

After reading over your response several times, I finally realized I did not have a route from 10.56.0.x/23 to the 10.56.2.x or 3.x network, as the gateway for the 0.x network was the Sonicwall at .0.1.  

 

You asked why so many tagged ports, yes, I have Ruckus R610 WAPs throughout the buildings running multiple VLANs via multiple SSIDs. and I also have one area that I go through a Cisco SG300 before getting to the WAPs.  I do this to separate the Chrome OS, Apple OS and Windows devices, as well as the Guest network.

 

My routes show:

Brocade Annex(config)#sho ip rout
Total number of IP routes: 4
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
Destination Gateway Port Cost Type Uptime
1 0.0.0.0/0 10.56.0.1 ve 1 1/1 S 6d23h
2 10.56.0.0/23 DIRECT ve 1 0/0 D 7d0h
3 10.56.2.0/24 DIRECT ve 2 0/0 D 7d0h
4 10.56.3.0/24 DIRECT ve 3 0/0 D 7d0h

Obviousy you can see, I did not put the other routes in, they are dynamic, I did manually put in static route for default (0.0.0.0/0), is that wrong?

 

 

As for the license ICX7150-PREM-LIC-SW, unfortunately, the budget does not allow for that right now, so from what I have read on Brocade site, RIP is my only choice, is that correct?  I have it enabled globally, but have not enabled it for advertising on any of the interfaces yet.

 

Thank you again, and any other guidance you could share would be appreciated. I included a rough diagram of my network plan.

 

Frequent Contributor
Posts: 137
Registered: ‎07-20-2015

Re: Routing a new vlan

Glad it was helpful.

 

I am now looking over your diagram and am a bit confused.

 

I do not see your LAG interfaces on the 7150, which you indicated was running SPR08061a (same as mine).  Undoubltedly, you indicated you used LACP between buildings in your diagram.

 

This would indicate the creation of various LAG entries like

 

lag ANNEX dynamic id 1

ports ethe x/x/x ethe x/x/x

!

 

Then those vlans would be like:

 

vlan 123 name WHATEVER by port

tagged lag 1

router-interface ve 123

!

 

*****

 

Now where I am confused is that you have subnets like 10.56.0.0/23 off of both the Cisco SG300-19 and all the way over at your Annex building.

 

I know you have the SVIs (ve interfaces) configured on whichever switch seves as the router (presumably Main ICX7150), but from the looks of your diagram you have nothing going on that would invovle a routing protocol that I can see.  I mean a LAG trunks one or more 802.1q VLANs via Layer-2, but I do nto see anywhere that there would be additional routing processes beyond that of say the Main 7150 in your diagram.

 

In other words from the looks of the diagram,  if routing was being done from one subnet to another (on different VLANs) for example on your Wireless in your Annex it would be trunked back to the Main building where routing would take place then trunked back to the Annex on a different VLAN if that makes sense.

 

Whichever switch has the default-gatway owns the routing process for the subnet if that makes sense.  If you were running a routing protocol and had say 10.57.0.0/24 existing only within the Annex, you really wouldn't trunk that VLAN back to main but rather would have a routing table entry to find that subnet via a next-hop pointing to the switch in the Annex.

 

 

Either way, I am not certain a network of this size merits a routing protocol.

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook