Okay so I am totally new to the actual implementation of VLANs, and trying to figure this out both conceptually as well as making it work so please bear with me if this seems simple. Also I am willing to read, but am not completely sure what I have to look for.
At this point I have a 6850 and have set up two VLANs; vlan 50 and vlan 100. I have set up vrrp and dhcp and I know that I am getting dhcp addressed to client and can ping clients on the same vlan. I took the following subnet 162.30.13.0 and split it into two segments from 162.30.13.0/25 (vlan 100)162.30.13.128/25 (vlan 50). I have a server connected to vlan 50 (ports 5-24) and a laptop connected to the vlan 100 (ports 25-48). At this time I can't ping them when they are on different vlans.
My idea is that I have to create a bridge between these two vlans, and reading on 802.1q it seems that vlan tagging might work as well. I am really wondering if there is a preferred method or best practice with connecting two vlans? Eventually I will be adding another 6850 to create redundancy, but I wanted to get the simple communication between the vlans first.
Any help pointing me in the right direction would be greatly appreciated.
Thanks,
Tadge
VLANs connecting to each other
-
one6f
Re: VLANs connecting to each other
Hi,
post your config. Usually you would be able to reach both vlans localy, when you have configured ip interfaces of those.
post your config. Usually you would be able to reach both vlans localy, when you have configured ip interfaces of those.
-
tadgeobrien
Re: VLANs connecting to each other
Sorry I totally forget that I should have included the config with this. Here it is.
Code: Select all
KPA-Test01>> show configuration snapshot
! Stack Manager :
! Chassis :
system name KPA-Test01
system timezone EST
system daylight savings time enable
! Configuration:
! VLAN :
vlan 1 enable name "VLAN 1"
vlan 50 enable name "Server"
vlan 50 mobile-tag enable
vlan 50 port default 1/5
vlan 50 port default 1/6
vlan 50 port default 1/7
vlan 50 port default 1/8
vlan 50 port default 1/9
vlan 50 port default 1/10
vlan 50 port default 1/11
vlan 50 port default 1/12
vlan 50 port default 1/13
vlan 50 port default 1/14
vlan 50 port default 1/15
vlan 50 port default 1/16
vlan 50 port default 1/17
vlan 50 port default 1/18
vlan 50 port default 1/19
vlan 50 port default 1/20
vlan 50 port default 1/21
vlan 50 port default 1/22
vlan 50 port default 1/23
vlan 50 port default 1/24
vlan 100 enable name "User"
vlan 100 port default 1/25
vlan 100 port default 1/26
vlan 100 port default 1/27
vlan 100 port default 1/28
vlan 100 port default 1/29
vlan 100 port default 1/30
vlan 100 port default 1/31
vlan 100 port default 1/32
vlan 100 port default 1/33
vlan 100 port default 1/34
vlan 100 port default 1/35
vlan 100 port default 1/36
vlan 100 port default 1/37
vlan 100 port default 1/38
vlan 100 port default 1/39
vlan 100 port default 1/40
vlan 100 port default 1/41
vlan 100 port default 1/42
vlan 100 port default 1/43
vlan 100 port default 1/44
vlan 100 port default 1/45
vlan 100 port default 1/46
vlan 100 port default 1/47
vlan 100 port default 1/48
! VLAN SL:
! IP :
ip service all
ip interface "User-Rtr2" address 162.30.13.4 mask 255.255.255.128 vlan 100 ifind
ex 1
ip interface "Server-Rtr2" address 162.30.13.132 mask 255.255.255.128 vlan 50 if
index 2
! IPX :
! IPMS :
! AAA :
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
session prompt default "KPA-Test01>> "
! SNMP :
! RIP :
! OSPF :
ip load ospf
ip ospf status enable
! BFD-STD :
! ISIS :
! IPv6 :
! IPSec :
! IP multicast :
! RIPng :
! OSPF3 :
! BGP :
! Health monitor :
! Interface :
! Udld :
! Netsec :
! Link Aggregate :
lacp linkagg 2 size 2 admin state enable
! Port Mapping :
! VLAN AGG:
! 802.1Q :
vlan 100 802.1q 1/5 "vlan 50"
vlan 50 802.1q 1/25 "vlan 50"
! Spanning tree :
bridge mode 1x1 pvst+ enable
bridge 1x1 50 priority 4096
bridge 1x1 100 priority 4096
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
swlog console level debug3
! SSH :
! VRRP :
VRRP 50 50 DISABLE
VRRP 50 50 PRIORITY 100 PREEMPT INTERVAL 1
VRRP 50 50 ADDRESS 162.30.13.129
VRRP 50 50 ENABLE
VRRP 100 100 DISABLE
VRRP 100 100 PRIORITY 100 PREEMPT INTERVAL 1
VRRP 100 100 ADDRESS 162.30.13.1
VRRP 100 100 ENABLE
! Web :
! AMAP :
! Lan Power :
! NTP :
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
! EFM-OAM :
! ERP :
! SAA :
! DHCP Server :
dhcp-server enable
! WCCP :
ip wccp admin-state enable
! LLDP :
lldp chassis tlv management port-description enable system-name enable system-de
scription enable system-capabilities enable
lldp chassis tlv management management-address enable
lldp chassis tlv dot1 vlan-name enable port-vlan enable
lldp chassis tlv dot3 mac-phy enable
lldp chassis tlv med capability enable network-policy enable power enable
! Link-fault-propagation :
link-fault-propagation group 1
link-fault-propagation group 1 wait-to-shutdown 10
! DHL :
KPA-Test01>>
-
one6f
Re: VLANs connecting to each other
At this point you should be able to ping from laptop to server, because you have configured two ip interfaces that provide routing.tadgeobrien wrote: At this point I have a 6850 and have set up two VLANs; vlan 50 and vlan 100. I have set up vrrp and dhcp and I know that I am getting dhcp addressed to client and can ping clients on the same vlan. I took the following subnet 162.30.13.0 and split it into two segments from 162.30.13.0/25 (vlan 100)162.30.13.128/25 (vlan 50). I have a server connected to vlan 50 (ports 5-24) and a laptop connected to the vlan 100 (ports 25-48). At this time I can't ping them when they are on different vlans.
I don't see any issues in your config, hence you have a wrong client/server settings or patch cabling?
Try the simple configuration, but before remove the old config:
Code: Select all
mv working/boot.cfg working/boot.cfg.old
reload working no rollback-timeout
Code: Select all
session prompt default "KPA-Test01>> "
vlan 50 enable name "Server"
vlan 50 mobile-tag enable
vlan 50 port default 1/1
vlan 100 enable name "User"
vlan 100 port default 1/2
ip interface "User-Rtr2" address 162.30.13.4 mask 255.255.255.128 vlan 100
ip interface "Server-Rtr2" address 162.30.13.132 mask 255.255.255.128 vlan 50
IP-Addresse 162.30.13.10
Subnetmask 255.255.255.128
Gateway 162.30.13.4
and Server
IP-Addresse 162.30.13.150
Subnetmask 255.255.255.128
Gateway 162.30.13.132
Attach the laptop to 1/2 and the server to 1/1. Disable the firewall for ping on both devices.
Check the port forwarding:
Code: Select all
KPA-Test01>> show vlan 50 port
port type status
---------+---------+--------------
1/1 default forwarding
KPA-Test01>> show vlan 100 port
port type status
---------+---------+--------------
1/2 default forwarding
Then configure VRRP(copy/paste this):
Code: Select all
VRRP 50 50 DISABLE
VRRP 50 50 PRIORITY 100 PREEMPT INTERVAL 1
VRRP 50 50 ADDRESS 162.30.13.129
VRRP 50 50 ENABLE
VRRP 100 100 DISABLE
VRRP 100 100 PRIORITY 100 PREEMPT INTERVAL 1
VRRP 100 100 ADDRESS 162.30.13.1
VRRP 100 100 ENABLEChange the Gateway on your server to 162.30.13.129 (instead of 162.30.13.132)
Try to ping
Check arp entry on the switch
Code: Select all
KPA-Test01>> show arp
Total 4 arp entries
Flags (P=Proxy, A=Authentication, V=VRRP)
IP Addr Hardware Addr Type Flags Port Interface Name
-----------------+-------------------+----------+-------+--------+-----------+----------
162.30.13.1 00:00:5e:10:a1:64 STATIC PV UNKNOWN vlan 100
162.30.13.10 00:12:29:51:11:eb DYNAMIC 1/2 vlan 100
162.30.13.129 00:00:5e:10:a1:32 STATIC PV UNKNOWN vlan 50
162.30.13.150 00:0d:51:32:5d:31 DYNAMIC 1/1 vlan 50-
tadgeobrien
Re: VLANs connecting to each other
one6f
Thanks this helped alot. It was good to know that my config was correct for the most part. Breaking this down into smaller chuncks was helpful for me in general.
Thanks
Thanks this helped alot. It was good to know that my config was correct for the most part. Breaking this down into smaller chuncks was helpful for me in general.
Thanks
