Hi Guys, You are right! This was the problem. The WAN Accelerator just forwarded the L2 traffic and therefore one of the ports got blocked.
Does this means I could solve it with MSTP and creating multiple spanning tree instances, one for each VLAN? Bye Tom > -----Original Message----- > From: Andy Middlehurst [mailto:andymiddlehu...@networksfirst.com] > Sent: Friday, January 23, 2009 1:00 PM > To: Enterasys Customer Mailing List > Subject: RE: [enterasys] Question about VLANs > > Tom, > > I agree with Reinhard, after thinking about it, a WAN accelerator (in > my limited experience) would just pass-through any STP frames from the > Enterasys switch back to the switch on another port (albeit in a > different vlan). That would cause the switch to 'block' at least one of > the ports. > > > Regards, > Andy > > > > -----Original Message----- > From: Reinhard.strebler [mailto:reinhard.streb...@rz.uni-karlsruhe.de] > Sent: 23 January 2009 09:36 > To: Enterasys Customer Mailing List > Subject: Re: [enterasys] Question about VLANs > > Hi Thomas, > > Did you have any layer 2 connections between ports? Even if ports are > assigned to different VLANs, STP will cause blocking when those ports > are connected by > - cable > - L2 switch > - "transparent firewall" with L2 forwarding capability > > Kind regards > Reinhard > -- > Dipl.-Ing. Reinhard Strebler > Karlsruhe Institute of Technology (KIT) > Universitaet Karlsruhe (TH) > Steinbuch Centre for Computing (SCC) > Abteilungsleiter Netze und Telekommunikation (NET) > D-76128 Karlsruhe > Tel. +49(0)721 608-2068 > Fax +49(0)721 32550 > reinhard.streb...@kit.edu > > > thomas.hofm...@elektrobit.com schrieb: > > > Hi Reinhard, > > > > Actually I found the reason for the problem this morning. > > It was related to the spanning tree. Even though I am not 100% sure > what the exact problem is. > > If the default spanning tree options are enabled to traffic is > forwarded. Could it be a problem of the two vlans and the rapid > spanning tree? > > > > Best regards > > Tom > > > > -----Original Message----- > > From: Reinhard Strebler [mailto:reinhard.streb...@rz.uni- > karlsruhe.de] > > Sent: Tuesday, January 20, 2009 7:45 AM > > To: Enterasys Customer Mailing List > > Subject: Re: [enterasys] Question about VLANs > > > > Hi Thomas, > > > > What I wolud like to see: > > - Output of "show vlan static 2" > > - Output od "show port status" > > - Output of "show mac vlan 2" > > - Output of "show lacp" > > > > Which type of box is this? Is routing enabled? > > > > Give me the output of "show config router". > > > > Kind regards > > Reinhard > > > > > > thomas.hofm...@elektrobit.com schrieb: > > > > > >>Hi again, > >> > >> > >> > >>I just ran into another interesting problem I actually have no > solution for. > >> > >> > >> > >>We are working with WAN Accelerators and two Firewalls running in > >>active/standby failover mode. > >> > >> > >>Normally we had only one firewall so setup was quite easy. From the > C2 > >>switch to the LAN port of the accelerator and from the wan port to > the > >>inside port of the firewall. > >> > >> > >> > >>Since we now have two firewalls we have to connect I thought of a > simple > >>VLAN. > >> > >> > >> > >>Connecting the switch port fe.1.39 to the lan port of the > accelerator, > >>the wan port to, let's say, fe.1.40 and the two inside interfaces of > the > >>firewalls to fe.1.41 and fe.1.42. > >> > >>For those three ports I have created a vlan > >> > >> > >> > >>set vlan create 2 > >> > >>set vlan name 2 "Transit" > >> > >>set port vlan fe.1.40 2 modify-egress > >> > >>set port vlan fe.1.41 2 modify-egress > >> > >>set port vlan fe.1.42 2 modify-egress > >> > >> > >> > >>set port alias fe.1.39 "LAN Acc" > >> > >>set port alias fe.1.40 "WAN Acc" > >> > >>set port alias fe.1.41 "Inside-Primary FW" > >> > >>set port alias fe.1.42 "Inside-Secondary FW" > >> > >> > >> > >>When I try to ping or send any other packets it always fails. > >> > >>I can see the ARP broadcast, requesting for the inside IP of the FW, > >>coming out of the WAN port of the accelerator, but I don't see it > coming > >>out of either port fe.1.41 or fe.1.42. > >> > >>So the broadcast goes into the VLAN 2 but not exiting it... > >> > >> > >>I am pretty confused about this. Does anybody has an idea about this? > >> > >> > >> > >>BTW, if I use a simple 5 port switch and connect all three "ports" it > >>works like a charm, it only fails with the VLAN configuration... > >> > >> > >> > >>Bye > >> > >>Tom > >> > >> > >> > >>-- > >>Thomas Hofmann, System-/Networkadministrator, IT > >>EB - Discover the Experience > >>Visitors: Am Wolfsmantel 46, 91058 Erlangen, Germany > >> > >>Phone: +49 (9131) 7701 6969, mailto:thomas.hofm...@elektrobit.com > >>Fax: +49 (9131) 7701 6333, http://www.elektrobit.com > >><http://www.elektrobit.com/> > >> > >>PGP-Key: http://keyserver.elektrobit.com > <http://keyserver.elektrobit.com/> > >> > >>Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, > Germany > >>Managing Director Otto Fößel > >>Register Court Fürth HRB 4886 > >> > >>---------------------------------------------------------------- > >>Please note: This e-mail may contain confidential information > >>intended solely for the addressee. If you have received this > >>e-mail in error, please do not disclose it to anyone, notify > >>the sender promptly, and delete the message from your system. > >>Thank you. > >> > >> > >> * --To unsubscribe from enterasys, send email to lists...@unc.edu > >> <mailto:lists...@unc.edu> with the body: unsubscribe enterasys > >> reinhard.streb...@rz.uni-karlsruhe.de > >> > > > > > > > --- > To unsubscribe from enterasys, send email to lists...@unc.edu with the > body: unsubscribe enterasys andymiddlehu...@networksfirst.com > > --- > To unsubscribe from enterasys, send email to lists...@unc.edu with the > body: unsubscribe enterasys thomas.hofm...@elektrobit.com ---------------------------------------------------------------- Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you. --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
