Network Management

 View Only
  • 1.  Simple Uplink and VLAN configuration issues - help needed

    Posted Oct 03, 2024 12:18 PM

    I have a simple setup that's not working and I could really use some help. 

    Network Overview

    Firewall - LAN 1 - 10.1.1.1 with a sub-interface VLAN 9 - 10.1.9.1
    Switch 1- VLAN 1 - 10.1.1.2, VLAN 9 (no IP)
    Switch 2 - VLAN 1 - 10.1.1.3, VLAN 9 (no IP)

    VLAN 1 holds general PC traffic
    VLAN 9 holds traffic for some Server Lab Traffic

    Firewall port 1 connects to Switch1, Port 1
    Switch 1, Port 48 connect to Switch 2, Port 1

    Problem

    Right now, my laptop is the only thing I connect to a VLAN 1 port, and I move that between switches as needed. 2 devices are plugged into VLAN 9.  The problem is that Switch 2 keeps going down.  Port 48 on Switch 1 flaps.  Port 1 on Switch 2 Flaps.  This seems to happen when things are connected/disconnected from ports.  

    I have replaced cables, used different ports, checked for rx/tx/etc errors and there are none.  The flapping will continue forever unless I intervene.  If I disconnect the cable between the two switches then re-connect, it stablizes.

    When the problem happens, the logs look like this:

    Switch 1 show log -r output 

    10/02/24 18:55:31 00077 ports: port 48 is now off-line
    I 10/02/24 18:54:30 00076 ports: port 48 is now on-line
    I 10/02/24 18:54:27 00077 ports: port 48 is now off-line
    I 10/02/24 18:54:23 00076 ports: port 48 is now on-line
    I 10/02/24 18:54:17 00077 ports: port 48 is now off-line
    I 10/02/24 18:54:15 00076 ports: port 48 is now on-line
    I 10/02/24 18:54:06 00077 ports: port 48 is now off-line
    I 10/02/24 18:54:05 00076 ports: port 48 is now on-line
    I 10/02/24 18:54:02 00077 ports: port 48 is now off-line
    I 10/02/24 18:54:01 00076 ports: port 48 is now on-line
    I 10/02/24 18:53:58 00077 ports: port 48 is now off-line
    I 10/02/24 18:53:57 00076 ports: port 48 is now on-line

    Switch 2 show log -r output 

    I 10/03/24 10:24:32 00076 ports: port 1 is now on-line
    I 10/03/24 10:24:27 00077 ports: port 1 is now off-line
    I 10/03/24 10:24:25 00076 ports: port 1 is now on-line
    I 10/03/24 10:24:20 00002 vlan: AccessControl virtual LAN disabled (9 times in 60 seconds)
    I 10/03/24 10:24:20 00002 vlan: DEFAULT_VLAN virtual LAN disabled (9 times in 60 seconds)
    I 10/03/24 10:24:20 00077 ports: port 1 is now off-line
    I 10/03/24 10:24:18 00001 vlan: AccessControl virtual LAN enabled (9 times in 60 seconds)
    I 10/03/24 10:24:18 00001 vlan: DEFAULT_VLAN virtual LAN enabled (9 times in 60 seconds)
    I 10/03/24 10:24:18 00076 ports: port 1 is now on-line
    I 10/03/24 10:24:12 00077 ports: port 1 is now off-line
    I 10/03/24 10:24:11 00076 ports: port 1 is now on-line
    I 10/03/24 10:24:05 00077 ports: port 1 is now off-line

    Overview and configuration look like this:

    Firewall - LAN 1 - 10.1.1.1 with a sub-interface VLAN 9 - 10.1.9.1
    Switch 1- VLAN 1 - 10.1.1.2, VLAN 9 (no IP)
    Switch 2 - VLAN 1 - 10.1.1.3, VLAN 9 (no IP)

    VLAN 1 holds general PC traffic
    VLAN 9 holds traffic for some Server Lab Traffic

    Firewall port 1 connects to Switch1, Port 1
    Switch 1, Port 48 connect to Switch 2, Port 1

    *******SWITCH 1*******

    vlan 1
    name "DEFAULT_VLAN"
    no untagged 13-15
    untagged 1-12,16-47
    tagged 48
    ip address 10.1.1.2 255.255.255.0
    exit

    vlan 9
    name "VLAN9"
    untagged 13-15
    tagged 1,48
    no ip address
    exit

    *******SWITCH 2*******

    vlan 1
    name "DEFAULT_VLAN"
    no untagged 3-9
    untagged 2,10-48
    tagged 1

    ip address 10.1.1.3 255.255.255.0
    exit

    vlan 9
    name "VLAN9"
    untagged 3-9
    tagged 1
    no ip address
    exit

    My guess is that I have something wrong with the no tagged/tagged/untagged settings.  Anyone have any idea what the issue is?  I'm stumped.  



  • 2.  RE: Simple Uplink and VLAN configuration issues - help needed

    Posted Oct 03, 2024 01:52 PM
    Hello, first of all you need to be sure that you're forming a simple chain (Firewall - single physical link - Switch 1 - single physical link - Switch 2): there shouldn't be loops especially between Switch 1 and Switch 2 or between Switch 1 and/or Switch 2 and any other switch eventually present in your network (included Switch 2 or Switch 1 closing any remote loop).

    Once you are sure that your network topology (a chain) is loop free by design and de-facto then you should check how you're transporting the VLANs routed by your Firewall across your entire topology (where they are needed).

    To start, it looks like Firewall's LAN facing port is an untagged member of VLAN id 1 and tagged member of VLAN id 9, if so...the peer port on Switch 1 (Port 1) needs to cope with that specific VLANs membership scheme: Switch 1 Port 1 needs to be an untagged member of VLAN id 1 and tagged member of VLAN id 9.

    Check with "show vlan ports ethernet 1 details" CLI command executed on Switch 1.

    The output should match the configuration of Firewall LAN port the Switch 1 is uplinked to.

    Then move down to Switch 1 to Switch 2 interlink: Switch 1 Port 48 and Switch 2 Port 2 could transport VLAN id 1 and VLAN id 9 both tagged (the absence of untagged membership is admitted if each involved port is at least member of a tagged VLAN)...it means that those two ports need to be both tagged members of VLAN id 1 and VLAN id 9.

    Check with "show vlan ports ethernet 48 details" CLI command executed on Switch 1 and with "show vlan ports ethernet 1 details" CLI command executed on Switch 2.

    The outputs should match.





  • 3.  RE: Simple Uplink and VLAN configuration issues - help needed

    Posted Oct 03, 2024 01:54 PM
    Edited by parnassus Oct 04, 2024 08:38 AM
    Forgot, I'm assuming that network connectivity between all involved devices is already good and stable (I mean: the existing physical fiber/copper ethernet connectivity should be working without causing issues, that is an assumption given for granted).


  • 4.  RE: Simple Uplink and VLAN configuration issues - help needed

    Posted Oct 04, 2024 11:33 AM

    Thank you for the detailed response.

    I can confirm there are no loops and the devices are linked in a "chain" manner.

    Here is the current config.  

    Switch 1:

    interface 1
       tagged vlan 9
       untagged vlan 1
       exit

    interface 48
       tagged vlan 1,9
       exit

    Switch 2:

    interface 1
     
     tagged vlan 1,9
       exit

    The same behavior is happening, and this time it happened after a few hours of being online with no changes at all.

    I am going apply new firmware later today to see if this helps.

    Thank you