Announcement

Collapse
No announcement yet.

Problem with inter-vlan routing on Dell 6224 switches

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with inter-vlan routing on Dell 6224 switches

    *** FIXED ***

    Ok, I'm having a problem with some inter-vlan routing, and I think my brain has just frazzled today from trying to resolve it...if anyone has any advice on solving this, or can point out my schoolboy errors, I'd be greatly appreciative!

    Here's the configuration:

    *** Old System ***
    The school has a Dell based network, with 5200 and 6200 switches located in multiple cabinets.

    In the main server room, there is a 48 port 6200 switch, which we'll refer to as "OLD" for ease.

    This connects to several VMware hosts, a SAN, a few workstations etc, and has a 10Gb module in that then connects onto a fiber backbone for distribution to other cabinets.

    All production traffic is on vLAN 10, on the network 10.11.48.0/20
    The switch has an IP assigned of 10.11.55.202, with a gateway of 10.11.55.254
    IP routing is enabled.

    *** New system ***
    We've just added 2 X Dell 6224 switches, with stacking modules connected in a ring.
    These are connected to new VMware hosts, SAN, NAS, UPSs etc - referred to as "NEW"

    This is connected to the OLD switch via a 4 port LAG
    The new switch currently has an IP of 10.11.56.250 / 20, with a gateway of 10.11.55.254

    As part of the new kit install, we wanted to separate off different functions into some new vLANS.

    Here was the plan:
    vLAN setup Role IP assigned Mask
    10 Production 10.11.56.250 20
    11 iSCSI 10.11.64.250 24
    12 vMotion 10.11.65.250 24
    13 Management 10.11.66.250 24
    14 Trunk 10.11.67.250 24
    15 VoIP 10.11.68.250 24

    The idea being that we would use vLAN 14 for all inter-switch trunk ports, and separating all other traffic off as needed. To do this, we're setting up distributed vSwitches on the 3 VMware hosts, also in vLAN14, each with 8 X ethernet connections into the pair of switches, equally split to give some resiliency.

    *** The problem ***
    I've got the vLAN 14 set up and running on both OLD and NEW switches. Each can ping it's own address on the .67 network, and also the partner switch - so I know the LAG is up and running, and data is being passed through.

    But - I can't ping from the 10.11.55.202 address through to the 10.11.56.250 address or vice versa

    Here's a partial config from OLD
    !
    interface vlan 10
    name "Data"
    routing
    ip address 10.11.55.202 255.255.240.0
    !
    interface vlan 14
    name "Trunk"
    routing
    ip address 10.11.67.249 255.255.255.0
    exit
    !
    interface port-channel 4
    description 'LAG_New_Rack'
    spanning-tree disable
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    !
    interface ethernet 1/g1
    channel-group 4 mode auto
    description 'New_rack'
    spanning-tree disable
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    interface ethernet 1/g2
    channel-group 4 mode auto
    description 'New_rack'
    spanning-tree disable
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    interface ethernet 1/g3
    channel-group 4 mode auto
    description 'New_rack'
    spanning-tree disable
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    interface ethernet 1/g4
    channel-group 4 mode auto
    description 'New_rack'
    spanning-tree disable
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    ip route 0.0.0.0 0.0.0.0 10.11.55.254
    ip route 10.11.56.0 255.255.255.0 10.11.67.250

    And from NEW
    vlan database
    vlan 10-15
    vlan routing 10 1
    vlan routing 11 2
    vlan routing 12 3
    vlan routing 13 4
    vlan routing 14 5
    vlan routing 15 6
    vlan association subnet 10.11.48.0 255.255.240.0 10
    vlan association subnet 10.11.64.0 255.255.255.0 11
    vlan association subnet 10.11.65.0 255.255.255.0 12
    vlan association subnet 10.11.66.0 255.255.255.0 13
    vlan association subnet 10.11.67.0 255.255.255.0 14
    vlan association subnet 10.11.68.0 255.255.255.0 15
    exit
    !
    ip address 10.11.56.250 255.255.240.0
    ip default-gateway 10.11.55.254
    ip routing
    ip route 10.11.48.0 255.255.240.0 10.11.67.249
    interface vlan 10
    name "Production"
    routing
    ip vrrp 10
    ip vrrp 10 mode
    ip vrrp 10 priority 50
    no ip vrrp 10 preempt
    exit
    interface vlan 11
    name "iSCSI"
    routing
    ip address 10.11.64.250 255.255.255.0
    exit
    interface vlan 12
    name "vMotion"
    routing
    ip address 10.11.65.250 255.255.255.0
    exit
    interface vlan 13
    name "Management"
    routing
    ip address 10.11.66.250 255.255.255.0
    exit
    interface vlan 14
    name "Trunk"
    routing
    ip address 10.11.67.250 255.255.255.0
    exit
    interface vlan 15
    name "VoIP"
    routing
    ip address 10.11.68.250 255.255.255.0
    exit
    !
    interface port-channel 4
    description 'LAG_old_cabinet'
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    !
    interface ethernet 1/g23
    channel-group 4 mode auto
    description 'LAG link to old cabinet'
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    !
    interface ethernet 1/g24
    channel-group 4 mode auto
    description 'LAG link to old cabinet'
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    !
    interface ethernet 2/g23
    channel-group 4 mode auto
    description 'LAG link to old cabinet'
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit
    !
    interface ethernet 2/g24
    channel-group 4 mode auto
    description 'LAG link to old cabinet'
    switchport mode trunk
    switchport trunk allowed vlan add 10,14
    exit

    After bashing my head on this for half a day, I'm wondering if I just need to simplify this, and have the LAG group on vLAN10, scrap the idea of vLAN14 and have the new subnets routed via 10.11.56.250, and just located on the NEW switch stack.

    However, the goal was to eventually move over all the other switches, servers etc into the new vLANs, and segregate out and control the data flow around the school.

    Any advice / help will be most welcome!
    Last edited by kren; 10th April 2014, 22:05. Reason: added *** fixed ***

  • #2
    Re: Problem with inter-vlan routing on Dell 6224 switches

    You're referring to the switches as having this or that IP address, but that's not really correct for Layer 3 switches. These devices are both switches and routers, and can have (at least) one IP address assigned to each VLAN interface.

    Communication between VLANs have to go via a router of some sort. For instance, you mention that the on the 10.11.48.0/20 network (VLAN 10), the gateway is 10.11.55.254. That's where all non-local IP traffic gets sent, and the question is whether that router knows how to reach the other subnets (probably not).

    Why not use the L3 switch as the inter-VLAN router? After all, that's basically the whole point of having an L3 switch in the first place.

    Comment


    • #3
      (FIXED) Re: Problem with inter-vlan routing on Dell 6224 switches

      Removed vLAN 14 from the inter-switch link. Moved the NEW switch back to a management IP of 10.11.66.250. Assigned 10.11.56.250 back to vLAN 10 interface.
      Added a route on OLD switch - 10.11.64.0/22 via 10.11.56.250.

      Pings and traffic now flowing fine both directions. No external access to the internet from the new switch, but that's because of a lack of route on the firewall / gateway - sorting that tomorrow.

      Comment

      Working...
      X