Alcatel Unleashed

The #1 Worldwide board for technical support on Alcatel-Lucent Voice & Data gear.
https://alcatelunleashed.com/

[Ques] How to ping from 6400 to 6224 in this model?

https://alcatelunleashed.com/viewtopic.php?t=13383

Page 1 of 2

[Ques] How to ping from 6400 to 6224 in this model?

Posted: 23 Mar 2010 05:32
by dangkita
Hello,

I have 2 model:
Model 1: ManE---6850---6224
Model 2: ManE---6400---6224

In model 1, configures ethernet-service in 6850, 6224 trunks vlans to 6850. And i see that 6850 can ping 6224.
In model 2, 6400 configures ethernet-service, 6224 trunks vlan to 6400, and i cant ping from 6400 to 6224 and vice versa.

Model1:
6224(g1)---(1/20)6850(1/24)----ManE

Configuration in 6224:

Code: Select all

interface range ethernet g(1-2)
switchport trunk allowed vlan add 3900
interface vlan 3900
ip address 192.168.10.2 255.255.255.0
6850:

Code: Select all

ethernet-service svlan 900 name "VLAN 900"
ethernet-service management-vlan 3900 1x1 stp disable name "mgmt"

ip interface "mgmt" address 192.168.10.1 mask 255.255.255.0 vlan 3900 ifindex 1

ethernet-service svlan 3900 nni 1/24 

ethernet-service service-name "vlan_mgmt" svlan 900 
ethernet-service sap 900 service-name "vlan_mgmt" 
ethernet-service sap 900 uni 1/20 
ethernet-service sap 900 cvlan 3900
Show ethernet-service:

Code: Select all

Service Name : vlan_mgmt
    SVLAN   : 900
    NNI(s)  : No NNIs configured
    SAP Id  : 900
        UNIs        : 1/2
        CVLAN(s)    : 3900
        sap-profile : default-sap-profile
And i test ping, it's running!
But in model 2, when i apply configuration of 6850 to 6400, i cant ping from 6400 to 6224 :(

Another configuration :

Code: Select all

policy condition cDenyTelnet_192_168_10_2 source ip 192.168.10.2 destination tcp port 23 
policy action aDenyTelnet_192_168_10_2 disposition deny 
policy rule rDenyTelnet_192_168_10_2 condition cDenyTelnet_192_168_10_2 action aDenyTelnet_192_168_10_2 

qos port 1/20 default classification 802.1p 
qos port 1/24 default classification 802.1p 
qos apply
Although i think code of policy dont have any effect to my ping issue, but i still post it.

I cant understand why 6850 can ping 6224 with this configuration :-? What's principle?

Please explain to me!

Thanks and best regards,
dangkita

Posted: 23 Mar 2010 11:36
by cedric1
hello

First I suggest you to read this techtips
https://service.esd.alcatel-lucent.com/ ... umber=2769

You will see that mamangement-vlan is not used to access it via layer2.
You can see that this vlan is accessed via Layer3 only.

So managenement-vlan span your "provider switch" via nni port only.

Classical SVLAN carry traffic for customer vlan.

So access M-Vlan via layer3.
Pass your customer vlan into SVLAN.

For you policy pb enter log for the rule to see if traffic is matched on the switch.

Make a rule with permit any-any log to see how traffic pass on you switch

Regards

Cedric

Posted: 23 Mar 2010 12:49
by dangkita
Hi Cedric,
Thanks for ur reply.

I dont really understand this:
For you policy pb enter log for the rule to see if traffic is matched on the switch.

Make a rule with permit any-any log to see how traffic pass on you switch
Could you talk more detail?

So, as u said, in the model 1, we cant ping from 6850 to 6224 ? ( as i did, ping test is okie )

Thanks,
Dangkita

Posted: 23 Mar 2010 15:39
by cedric1
So, as u said, in the model 1, we cant ping from 6850 to 6224 ? ( as i did, ping test is okie )
I'm agree with you, but you are in a worst design case.
Make a good design , it is the most important.

for the policy question :

policy rule rDenyTelnet_192_168_10_2 condition cDenyTelnet_192_168_10_2 action aDenyTelnet_192_168_10_2 log

Make a rule with permit any-any log to see how traffic pass on you switch
make a rule with condition source any and use log in the rule using this condition

so you can see your traffic

But after reflexion in my car, I think that a switch wich make Svlan etc, will not check L3 traffic incoming traffic, but i'm not sure of that, but could be an explain policy is not working.

It's a provider switch, son he don't care about network L3 content.

Cedric

Posted: 23 Mar 2010 23:03
by dangkita
I'm agree with you, but you are in a worst design case.
Make a good design , it is the most important.
Hi Cedric,
which is it good design :-?
My issue now is "how to configure to make 6400 to ping 6224 with the model: 6400 ( ethernet-service) -- 6224 ( trunk) --- CPE "
I wonder why 6850 can ping 6224 in the model 1.
I saw model 1 in one of my customer's site, and now i'm implementing model 2. I have a problem with managing switches after 6400 ( these switches plug in uni port in 6400 ). Now i'm confusing why 6850 can ping 6224.

Could you explain it for me?

Thanks and best regards,
Dangkita

Posted: 24 Mar 2010 05:04
by dangkita
Hi Cedric,
I've known extractly what i have and what i am going to do.
Some hours later i will post the real model and solution here :)

Thanks for your supports!
Dangkita

Posted: 24 Mar 2010 08:49
by cedric1
ok waiting for your update !!

Posted: 24 Mar 2010 11:53
by dangkita
Hi, at the first time when i met model 1, i didn't see that 6850 use 2 connections to 6224.
We can see more detail in this model:
Image
This model:
6850 is running ethernet-service. Ports on 6850 that connect to 6224 are uni ports.
They are: 1/1;1/2;1/3;1/4
port 1/6 use to make a connection between 6850 and 6224 ( the red line) With it, we not only ping from 6850 to 6224 that it connects directly but also can ping from 6850 to another 6224 switches.

And i test the similar model like this:
Image

This model uses:
HUB ( 6400) connects to 2 Access : one 6400 and one 6224.
HUB(6400):
+ HUB ( 6400 ) use ethernet-service mode.
+ HUB ( 6400 ) use port 1/2; 1/6 as uni ports to link to 2 access switches
+ HUB ( 6400 ) use port 1/1 to make a connection to 6400 ( access) for ping test.
+ HUB ( 6400 ) creats management vlan 3900 with nni 1/1 and IP 192.168.10.10
+ HUB ( 6400 ) make a ethernet-service "mgmt" to connect access switches together:

Code: Select all

ethernet-service svlan 900 name "VLAN 900"
ethernet-service management-vlan 3900 1x1 stp disable name "mgmt"
ip interface "mgmt" address 192.168.10.10 mask 255.255.255.0 vlan 3900 
ethernet-service svlan 3900 nni 1/24 

ethernet-service service-name "vlan_mgmt" svlan 900 
ethernet-service sap 900 service-name "vlan_mgmt" 
ethernet-service sap 900 uni 1/2 
ethernet-service sap 900 uni 1/6
ethernet-service sap 900 cvlan 3900



ACCESS ( 6400):
+ creat vlan 3900 used for management.
+ port 1/6 use for customer service, customer vlan will push through this port.
+ port 1/1 use for management issue.
+ Creat Ip for vlan 3900 : 192.168.10.11

Code: Select all

vlan 3900 enable name "mgmt"
ip interface "mgmt" address 192.168.10.11 mask 255.255.255.0 vlan 3900 
vlan 3900 802.1q 1/1 
vlan 3900 802.1q 1/6
ACCESS ( 6224)
+ Also creat vlan 3900 for management.
+ port g1 use for customer service ( like access switch 6400 )
+ Creat Ip for vlan 3900 : 192.168.10.2

Code: Select all

interface range ethernet g(1-2)
switchport mode trunk
exit
vlan database
3900               
exit
interface range ethernet g(1-2)
switchport trunk allowed vlan add 3900
exit
interface vlan 3900
name quanly
exit
interface vlan 3900
ip address 192.168.10.2 255.255.255.0
exit

Test:
ping each other :192.168.10.2 ;192.168.10.10 ;192.168.10.11;
Ping okie!

Explain:
The first:

Code: Select all

ethernet-service service-name "vlan_mgmt" svlan 900 
ethernet-service sap 900 service-name "vlan_mgmt" 
ethernet-service sap 900 uni 1/2 
ethernet-service sap 900 uni 1/6
ethernet-service sap 900 cvlan 3900
we will creat an ethernet-service like this:

Code: Select all

Service Name : quanly
  SVLAN : 900,
  NNI(s) : No NNIs configured,
    SAP Id : 900
      UNIs : 1/2 1/6,
      CVLAN(s) : 3900,
      sap-profile : default-sap-profile

With this, access switches that connect to port 1/2 and 1/6 can ping each other okie because data can pass through from uni to uni ( not through nni ).

The second:

Code: Select all

ethernet-service management-vlan 3900 1x1 stp disable name "mgmt"
ip interface "mgmt" address 192.168.10.10 mask 255.255.255.0 vlan 3900 
ethernet-service svlan 3900 nni 1/24
This will make a pingable path from Hub to Access ( 6400)

So all these switches can ping each other.
=======================================================

In my country, we need to manage all the switch, not only core switch but also core-provider ( hub) and access-provider. So we need ability ping from one switch to all other. But if use ethernet-service, we have problem with managing switches that connect to the hub switch ( switch that use ethernet-service)
And another, some site use topology as: Sw1 ----Sw2-----Sw3 ( one by one) The serial switches!
We cant manage sw2 and sw3 in the nomal way when sw1 use ethernet-service mode :(


Thanks cedric for listen ;)
Hope have a chance to meet you!

Dangkita

Posted: 24 Mar 2010 17:04
by cedric1
Hello

Thanks for this clarification.

Could you give me output of config port for HUb switch 1/1 (Are you sure it is NNI )

You have only on cnx between hub and 6200 ?

Could you send me a show spanning-tree vlan 3900 port on 6400 access

If you disable management port on 6850 is it continue to ping ?

Second : Why did you tag vlan 3900 on port 1/6 on 6400 access, as this vlan is for management.
Why did you carry vlan 3900 on 6400 HUB into Svlan 900 .

I will make a setup wich will permit you to carry management traffic behind NNI port.
Vlan 3900 only for Management.
Permit to access 6200 switch (ping)
Permit to Access HUB switch.
Only one cable to carry customer + management traffic from 6400 acces to 6400 HUB.

I need to test this seutp but should be more logical if you want to ping 6400 access ip from a switch wich is behind NNI port of HUb for exemple :
on HUB:
ethernet-service service-name "vlan_mgmt" svlan 3900
ethernet-service sap 390 service-name "vlan_mgmt"
ethernet-service sap 390 uni 1/1
ethernet-service sap 390 cvlan 3900

I will send you my best scenario

Cedric

For info I will be in vacation Friday and next week so will try to find time tomorrow

Posted: 25 Mar 2010 01:04
by dangkita
Hi Cedric,
Could you give me output of config port for HUb switch 1/1 (Are you sure it is NNI )
Which commands do you want?
I use some commands:

Code: Select all

hub# show interfaces 1/1
hub# show vlan 3900
hub# show vlan 3900 port
Output of this in the file "output of hub port 1.1.txt"
(Are you sure it is NNI )

You have only on cnx between hub and 6200 ?
Yes, 1/1 is nni port.
And i have only one cnx between hub and 6200.
Could you send me a show spanning-tree vlan 3900 port on 6400 access
If i use this command in 6400 hub:

Code: Select all

ethernet-service management-vlan 3900 1x1 stp disable name "mgmt"
output is:

Code: Select all

hub# show spantree 1x1 3900 ports 
Spanning Tree Port Summary for Vlan 3900 
       Oper  Path    Desig        Prim. Op  Op
Port   St    Cost    Cost   Role  Port  Cnx Edg  Desig Bridge ID       Note
------+----+-------+-------+----+------+---+---+----------------------+---------
 1/1    DIS       0       0  DIS  1/1    NS EDG 0000-00:00:00:00:00:00
if i use command :

Code: Select all

ethernet-service management-vlan 3900 name "mgmt"
output on access switch 6400:

Code: Select all

-> show spantree 1x1 3900 ports 
Spanning Tree Port Summary for Vlan 3900 
       Oper  Path    Desig        Prim. Op  Op
Port   St    Cost    Cost   Role  Port  Cnx Edg  Desig Bridge ID       Note
------+----+-------+-------+----+------+---+---+----------------------+---------
 1/1   FORW       4       0 DESG  1/1   PTP EDG 8000-00:e0:b1:da:61:a5  
 1/2   FORW       4       0 DESG  1/2   PTP EDG 8000-00:e0:b1:da:61:a5  
 1/6   FORW       4       0 DESG  1/6   PTP EDG 8000-00:e0:b1:da:61:a5
Second : Why did you tag vlan 3900 on port 1/6 on 6400 access, as this vlan is for management.
In the real model, we will have some vlan of customer push through port 1/6.
Example: vlan 100 for Internet, vlan 1000 for VOD ( video on demand)
We will trunk them through port 1/6. And of course, vlan3900 too.
In the test model, i dont creat vlan 100 and vlan 1000, so only have vlan 3900 trunk through it.
I simulate the real model but bypass customer vlan ( nomal vlan type )
Why did you carry vlan 3900 on 6400 HUB into Svlan 900 .
Svlan 900 dont have any effect, it's only for make a new service.

Code: Select all

ethernet-service service-name "vlan_mgmt" svlan 900 
ethernet-service sap 900 service-name "vlan_mgmt" 
ethernet-service sap 900 uni 1/2 
ethernet-service sap 900 uni 1/6
ethernet-service sap 900 cvlan 3900
As u see:

Code: Select all

Service Name : vlan_mgmt
  SVLAN : 900,
  NNI(s) : No NNIs configured,
    SAP Id : 900
      UNIs : 1/2 1/6,
      CVLAN(s) : 3900,
      sap-profile : default-sap-profile
No nni!

This service is only for make a cnx between uni 1/2 and uni 1/6.

If you can make Swith Hub pingable with switch access without 2 line, so it's great!
Hope a good news from u!

Thanks
Dangkita
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited