Actually no lag has been enabled. The switch shows no singleport lag or something similar.
It “should” behave like a simple piece of cable… Ok, I found the problem… first of all spanguard put the LAN and WAN ports fe.1.38 and 39 into blocking mode. And then I also had some other spanning tree issue which prevented the forwarding of the packets. I am just not sure what exactly the problem is. Simply disabling SpanningTree at least allows the ping to go through the WAN Accelerator and reach the Firewall. Tom From: Volker Kull [mailto:[email protected]] Sent: Monday, January 19, 2009 8:52 PM To: Enterasys Customer Mailing List Subject: AW: [enterasys] Question about VLANs Could it be that you have singleport lag enabled and the WAN Accelerators are using this? If you see the port 1.40 as lag.0.x in 'sh lacp' you need to disable this feature or add the lag into vlan 2. Volker Volker Kull BELL Computer-Netzwerke GmbH Ohmstr. 6 - 76229 Karlsruhe (Germany) Tel: +49 721/6624993-0 Fax: +49 721/6624993-30 Email: [email protected] ________________________________ Von: [email protected] An: Enterasys Customer Mailing List Gesendet: Mon Jan 19 17:57:32 2009 Betreff: [enterasys] Question about VLANs Hi again, I just ran into another interesting problem I actually have no solution for. We are working with WAN Accelerators and two Firewalls running in active/standby failover mode. Normally we had only one firewall so setup was quite easy. From the C2 switch to the LAN port of the accelerator and from the wan port to the inside port of the firewall. Since we now have two firewalls we have to connect I thought of a simple VLAN. Connecting the switch port fe.1.39 to the lan port of the accelerator, the wan port to, let’s say, fe.1.40 and the two inside interfaces of the firewalls to fe.1.41 and fe.1.42. For those three ports I have created a vlan set vlan create 2 set vlan name 2 "Transit" set port vlan fe.1.40 2 modify-egress set port vlan fe.1.41 2 modify-egress set port vlan fe.1.42 2 modify-egress set port alias fe.1.39 "LAN Acc" set port alias fe.1.40 "WAN Acc" set port alias fe.1.41 "Inside-Primary FW" set port alias fe.1.42 "Inside-Secondary FW" When I try to ping or send any other packets it always fails. I can see the ARP broadcast, requesting for the inside IP of the FW, coming out of the WAN port of the accelerator, but I don’t see it coming out of either port fe.1.41 or fe.1.42. So the broadcast goes into the VLAN 2 but not exiting it… I am pretty confused about this. Does anybody has an idea about this? BTW, if I use a simple 5 port switch and connect all three “ports” it works like a charm, it only fails with the VLAN configuration… Bye Tom -- Thomas Hofmann, System-/Networkadministrator, IT EB - Discover the Experience Visitors: Am Wolfsmantel 46, 91058 Erlangen, Germany Phone: +49 (9131) 7701 6969, mailto:[email protected] Fax: +49 (9131) 7701 6333, http://www.elektrobit.com <http://www.elektrobit.com/> PGP-Key: http://keyserver.elektrobit.com <http://keyserver.elektrobit.com/> Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, Germany Managing Director Otto Fößel Register Court Fürth HRB 4886 ---------------------------------------------------------------- Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you. · --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] · --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] ---------------------------------------------------------------- Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
