Comware

Morning guys,

 

 

still working on my A5500 and now that the IRF is working fine I'd like to confirm/check some things before doing something wrong.

 

First of all : VLANs

I will have 4 1910 switches connected with LACP to my 5500 stack.

On each 1910 I will have several VLANs configured ....all carried by the 5500s.

 

1 - I assume that I shall configure the VLAN/VLAN interface on the 5500 and then configure the ports on the 1910 to match the existing VLANs created on the core. I am right here?

2 - I see the words "hybrid", "tagged" and "untagged". What does hybrid stands for? If a port is untagged on VLAN 1on the 1910...will the 5500 be able to route the traffic coming from VLAN 2 to the VLAN 1?
I assume that I have to tag every vlan on every 1910 port wich have an LACP uplink to the 5500...but want to check with you folks.

 

DHCP Relay :

I will create one DHCP pool for each VLAN I have on my DHCP server to provide each subnet with a proper IP@ and my 5500 will be the DHCP-Relay.

 

1 - Should I enable the DHCP snooping on the 5500 & 1910? [dumb question....]
2 - Will that be a problem to have all the subnets redirected to the same DHCP server by the 5500?

 

Many thanks to you all!

 

Armahir

 

#VLAN
#DHCP

1) Yes

2) The ports between the 5500 and 1910 should be mode trunk (tagged). Hybrid is a mode where you can have more than 1 untagged vlan on a trunk, kind of confusing. But trunk it is.

 

1) Depends. If you will have clients/users connected to the 5500 then both. Otherwise just the 1910.

2) Thats no problem, the server will know which IP do give out based on the IP of the relayed vlan.

#DHCP-relay
#VLAN
#DHCPRelays

Hey Fredrik,

 

thank you very much for your concise answer!

If I'm correct it's the second time you help me out of trouble :)

 

Just have a last question though : port on 1910 AND 5500 should be tagged [link between IRF stack & 1910]?

 

I'll do the conf' now for test-environment and let you know how it goes!

 

Cheers & enjoy your WE!

 

Armahir

Hi,

 

I hope everything goes as planned :). Yes the link between the 5500 stack and the 1910 should be tagged if you have multiple VLANs spanning over it.

Ola!

 

Everything went as planned....but not quite :)

 

 

 

Actually thing is I have 2 VLANs [100 & 101] on a 1910 and the VLAN interfaces are on my 5500.

 

PVID on ports between the 1910 and 5500 is 1

Ports are tagged 100 & 101

Vlan1 - 1910 IP@ : 10.10.10.1 /24

Vlan1 - 5500 IP@ : 10.10.10.254 /24

They both ping each other with I have the following issue for my other Vlans.

 

In a few word :

On 5500:

VLAN interface 100 : 192.168.100.254

Port 1 HYBRID Tagged 100 -101 / untagged 1

OSPF : 192.168.100.0 /24 directly connected - Nexthop is Interface vlan 100 on 127.0.0.1

 

 

On 1910 :

Vlan 100 is created without an interface

Port 24 access vlan 100

Port 1 HYBRID tagged 100 - 101 / untagged 1

Computer plugged on port 24 [IP 192.168.100.1 /24]

 

Computer can ping the Gateway on the 5500......but 5500 can not ping the computer.

 

 

 

 

 

I'm a bit lost here...

 

Do you have a clue? :)
Is the Hybrid mode the issue? [does not make sens to me]

 

EDIT : Yes was hybrid...I'm dumb.... :=)

EVERYTHING IS NOW FINE!!!

 

Cheers!

 

Armahir

Actually.....It's failing again.

 

I can ping all my VLAN interfaces on my 5500 from all my VLANs but the 5500 does not forward traffic from a VLAN to another....

 

Help still needed :)

Many thanks.

 

Armahir

PCs got the 5500 as default gateway? Can you post a display route from the 5500.

Yes, PCs have their Vlan interface on 5500 as their gateway [and so default route on route print].

 

Dis route on my 5500 does not show anything....

 

Here's the 5500 conf :

 

[sysname] dis cur
#
 version 5.20, Release 2208P01
#
 sysname Romeo
#
 super password level 3 cipher xxxxxxxxxxxxxxxxxxxxxxx
#
 ftp server enable
#
 dhcp relay server-group 1 ip xxxxxxxxxx
 dhcp relay server-group 1 ip xxxxxxxxxx
#
 irf mac-address persistent always
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 32
#
 domain default enable system
#
 telnet server enable
#
 ip http acl 2001
#
 multicast routing-enable
#
acl number 2001
 rule 0 permit
#
igmp-snooping
#
vlan 1
 description DOWNLINK
 ip-subnet-vlan 0 ip 10.10.10.0 255.255.255.0
#
vlan 2 to 99
#
vlan 100
 description ADMIN
 name ADMIN
 ip-subnet-vlan 0 ip 192.168.100.0 255.255.255.0
#
vlan 101
 description xxxxxxxxxx
 namexxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.101.0 255.255.255.0
#
vlan 102
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.102.0 255.255.255.0
#
vlan 103
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.103.0 255.255.255.0
#
vlan 104
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.104.0 255.255.255.0
#
vlan 105
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.105.0 255.255.255.0
#
vlan 106
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.106.0 255.255.255.0
#
vlan 107
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.107.0 255.255.255.0
#
vlan 108
 description GUEST-WIFI
 name GUEST
 ip-subnet-vlan 0 ip 192.168.108.0 255.255.255.0
#
vlan 109
 description xxxxxxxxxx
 name xxxxxxxxxx
 ip-subnet-vlan 0 ip 192.168.109.0 255.255.255.0
 igmp-snooping enable
#
vlan 110 to 199
#
vlan 200
 description xxxxxxxxxx
 name xxxxxxxxxxv
 ip-subnet-vlan 0 ip 192.168.0.0 255.255.255.0
#
vlan 201 to 4094
#
radius scheme system
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
local-user admin
 password cipher xxxxxxxxxxxxxxxxxxxx
 authorization-attribute level 3
 service-type lan-access
 service-type ssh telnet terminal
 service-type ftp
 service-type portal
#
user-profile admin
#
interface NULL0
#
interface Vlan-interface1
 description DOWNLINK
 ip address 10.10.10.254 255.255.255.0
#
interface Vlan-interface100
 description ADMIN
 ip address 192.168.100.254 255.255.255.0
#
interface Vlan-interface101
 description xxxxxxxxxx
 ip address 192.168.101.254 255.255.255.0
#
interface Vlan-interface102
 description xxxxxxxxxx
 ip address 192.168.102.254 255.255.255.0
#
interface Vlan-interface103
 description xxxxxxxxxx
 ip address 192.168.103.254 255.255.255.0
#
interface Vlan-interface104
 description xxxxxxxxxx
 ip address 192.168.104.254 255.255.255.0
#
interface Vlan-interface105
 description xxxxxxxxxx
 ip address 192.168.105.254 255.255.255.0
#
interface Vlan-interface106
 description xxxxxxxxxx
 ip address 192.168.106.254 255.255.255.0
#
interface Vlan-interface107
 description xxxxxxxxxx
 ip address 192.168.107.254 255.255.255.0
#
interface Vlan-interface108
 description GUEST-WIFI
 ip address 192.168.108.254 255.255.255.0
#
interface Vlan-interface109
 description xxxxxxxxxx
 ip address 192.168.109.254 255.255.255.0
#
interface Vlan-interface200
 description xxxxxxxxxx
 ip address 192.168.0.253 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
#
interface Ten-GigabitEthernet1/1/1
#
interface Ten-GigabitEthernet1/1/2
#
interface Ten-GigabitEthernet2/1/1
#
interface Ten-GigabitEthernet2/1/2
#
ospf 1
 enable link-local-signaling
#
ospfv3 1
#
igmp
#
 snmp-agent
 snmp-agent local-engineid 800063A203B8AF67DD8C2D
 snmp-agent sys-info contact IT
 snmp-agent sys-info location LTE
 snmp-agent sys-info version v3

 

Am i missing something?

 

Plus, on the 1910 I can't access the management mode via CLI [_cmdonline-mode on does not take my super password] so I've made port 1/0/1 on 1910 trunk + tagged for vlan 2-201

 

 

Edit :

On 5500 HTTP interface in IPv4 routing I see all my vlan interfaces ==>

 

10.10.10.0 255.255.255.0 Direct 0 10.10.10.254 Vlan-interface1
10.10.10.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


127.0.0.0 255.0.0.0 Direct 0 127.0.0.1 InLoopBack0
127.0.0.1 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.0.0 255.255.255.0 Direct 0 192.168.0.253 Vlan-interface200
192.168.0.253 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.100.0 255.255.255.0 Direct 0 192.168.100.254 Vlan-interface100
192.168.100.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.101.0 255.255.255.0 Direct 0 192.168.101.254 Vlan-interface101
192.168.101.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.102.0 255.255.255.0 Direct 0 192.168.102.254 Vlan-interface102
192.168.102.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.103.0 255.255.255.0 Direct 0 192.168.103.254 Vlan-interface103
192.168.103.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.104.0 255.255.255.0 Direct 0 192.168.104.254 Vlan-interface104
192.168.104.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.105.0 255.255.255.0 Direct 0 192.168.105.254 Vlan-interface105
192.168.105.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.106.0 255.255.255.0 Direct 0 192.168.106.254 Vlan-interface106
192.168.106.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.107.0 255.255.255.0 Direct 0 192.168.107.254 Vlan-interface107
192.168.107.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.108.0 255.255.255.0 Direct 0 192.168.108.254 Vlan-interface108
192.168.108.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0


192.168.109.0 255.255.255.0 Direct 0 192.168.109.254 Vlan-interface109
192.168.109.254 255.255.255.255 Direct 0 127.0.0.1 InLoopBack0

 

Sorry, the command is "display ip routing-table"

Remove all the ip-subnet-vlan from the VLANs, its not needed for intervlan routing, might mess things up.

No worries :)

 

All ip-subnet-vlan REMOVED.

 

Here's the output of dis ip routing-table :

[Romeo]dis ip routing-table
Routing Tables: Public
        Destinations : 26       Routes : 26

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.10.10.0/24       Direct 0    0            10.10.10.254    Vlan1
10.10.10.254/32     Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

192.168.0.0/24      Direct 0    0            192.168.0.253   Vlan200
192.168.0.253/32    Direct 0    0            127.0.0.1       InLoop0

192.168.100.0/24    Direct 0    0            192.168.100.254 Vlan100
192.168.100.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.101.0/24    Direct 0    0            192.168.101.254 Vlan101
192.168.101.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.102.0/24    Direct 0    0            192.168.102.254 Vlan102
192.168.102.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.103.0/24    Direct 0    0            192.168.103.254 Vlan103
192.168.103.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.104.0/24    Direct 0    0            192.168.104.254 Vlan104
192.168.104.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.105.0/24    Direct 0    0            192.168.105.254 Vlan105
192.168.105.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.106.0/24    Direct 0    0            192.168.106.254 Vlan106
192.168.106.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.107.0/24    Direct 0    0            192.168.107.254 Vlan107
192.168.107.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.108.0/24    Direct 0    0            192.168.108.254 Vlan108
192.168.108.254/32  Direct 0    0            127.0.0.1       InLoop0

192.168.109.0/24    Direct 0    0            192.168.109.254 Vlan109
192.168.109.254/32  Direct 0    0            127.0.0.1       InLoop0

 

That looks about right. Did the removal of ip-subnet-vlan make any difference?

Nope....unfortunatly.

 

It's really wierd.

 

 

 

My two computers are on the same 1910, wich is connected to the 5500, but cant ping each other.

 

Basically :

 

Computer 1 [VLAN100] can ping his gateway on the 5500, can ping ALL the other gateways on the 5500....put can't ping Computer 2 [VLAN200].

 

Can't the issue come from the 1910?

1910 could be the issue, but I cant really see how. If you are able; connect the end-point PCs directly in the 5500 to rule out the 1910.

Issue is indeed on 5500.

 

Computer 1 / VLAN 100 / Port 24 / Untagged

Computer 2 / VLAN 200 / Port 23 / Untagged

 

I can still ping all the gateways....but not from a computer to an other...

 

I heard something about 802.1q encapsulation, what is it? do our issue could be related to that?

Make 100% sure that the 5500 is the default gw of the computers, and also of course disable firewall if you're running windows :).

802.1q encapsulation is what's used on trunks.

Never applied that on my trunks :)

How can I do that?

 

============

 

I can confirm that the gateway on my computers are ok [all pointing to their respective vlan interface on 5500] and that I have disabled this f***** MS firewall ^^.

Hi there,

 

just to let you know that I've rebooted the switches [5500] and that all is now well.

 

Weird, but like someone said before me : "In doubt, reboot".

 

A lot of thanks to you Fredrick!!

 

Cheers!

 

Armahir

Heh weird. Well, good to hear everything worked out :)