Tom, You can simply shut STP admin state at ge.1.40 to avoid blocking state.
->set spantree portadmin ge.1.140 disable Yoram. ________________________________________ From: [email protected] [[email protected]] Sent: Monday, January 26, 2009 11:21 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Question about VLANs Hi Guys, You are right! This was the problem. The WAN Accelerator just forwarded the L2 traffic and therefore one of the ports got blocked. Does this means I could solve it with MSTP and creating multiple spanning tree instances, one for each VLAN? Bye Tom > -----Original Message----- > From: Andy Middlehurst [mailto:[email protected]] > Sent: Friday, January 23, 2009 1:00 PM > To: Enterasys Customer Mailing List > Subject: RE: [enterasys] Question about VLANs > > Tom, > > I agree with Reinhard, after thinking about it, a WAN accelerator (in > my limited experience) would just pass-through any STP frames from the > Enterasys switch back to the switch on another port (albeit in a > different vlan). That would cause the switch to 'block' at least one of > the ports. > > > Regards, > Andy > > > > -----Original Message----- > From: Reinhard.strebler [mailto:[email protected]] > Sent: 23 January 2009 09:36 > To: Enterasys Customer Mailing List > Subject: Re: [enterasys] Question about VLANs > > Hi Thomas, > > Did you have any layer 2 connections between ports? Even if ports are > assigned to different VLANs, STP will cause blocking when those ports > are connected by > - cable > - L2 switch > - "transparent firewall" with L2 forwarding capability > > Kind regards > Reinhard > -- > Dipl.-Ing. Reinhard Strebler > Karlsruhe Institute of Technology (KIT) > Universitaet Karlsruhe (TH) > Steinbuch Centre for Computing (SCC) > Abteilungsleiter Netze und Telekommunikation (NET) > D-76128 Karlsruhe > Tel. +49(0)721 608-2068 > Fax +49(0)721 32550 > [email protected] > > > [email protected] schrieb: > > > Hi Reinhard, > > > > Actually I found the reason for the problem this morning. > > It was related to the spanning tree. Even though I am not 100% sure > what the exact problem is. > > If the default spanning tree options are enabled to traffic is > forwarded. Could it be a problem of the two vlans and the rapid > spanning tree? > > > > Best regards > > Tom > > > > -----Original Message----- > > From: Reinhard Strebler [mailto:[email protected] > karlsruhe.de] > > Sent: Tuesday, January 20, 2009 7:45 AM > > To: Enterasys Customer Mailing List > > Subject: Re: [enterasys] Question about VLANs > > > > Hi Thomas, > > > > What I wolud like to see: > > - Output of "show vlan static 2" > > - Output od "show port status" > > - Output of "show mac vlan 2" > > - Output of "show lacp" > > > > Which type of box is this? Is routing enabled? > > > > Give me the output of "show config router". > > > > Kind regards > > Reinhard > > > > > > [email protected] schrieb: > > > > > >>Hi again, > >> > >> > >> > >>I just ran into another interesting problem I actually have no > solution for. > >> > >> > >> > >>We are working with WAN Accelerators and two Firewalls running in > >>active/standby failover mode. > >> > >> > >>Normally we had only one firewall so setup was quite easy. From the > C2 > >>switch to the LAN port of the accelerator and from the wan port to > the > >>inside port of the firewall. > >> > >> > >> > >>Since we now have two firewalls we have to connect I thought of a > simple > >>VLAN. > >> > >> > >> > >>Connecting the switch port fe.1.39 to the lan port of the > accelerator, > >>the wan port to, let's say, fe.1.40 and the two inside interfaces of > the > >>firewalls to fe.1.41 and fe.1.42. > >> > >>For those three ports I have created a vlan > >> > >> > >> > >>set vlan create 2 > >> > >>set vlan name 2 "Transit" > >> > >>set port vlan fe.1.40 2 modify-egress > >> > >>set port vlan fe.1.41 2 modify-egress > >> > >>set port vlan fe.1.42 2 modify-egress > >> > >> > >> > >>set port alias fe.1.39 "LAN Acc" > >> > >>set port alias fe.1.40 "WAN Acc" > >> > >>set port alias fe.1.41 "Inside-Primary FW" > >> > >>set port alias fe.1.42 "Inside-Secondary FW" > >> > >> > >> > >>When I try to ping or send any other packets it always fails. > >> > >>I can see the ARP broadcast, requesting for the inside IP of the FW, > >>coming out of the WAN port of the accelerator, but I don't see it > coming > >>out of either port fe.1.41 or fe.1.42. > >> > >>So the broadcast goes into the VLAN 2 but not exiting it... > >> > >> > >>I am pretty confused about this. Does anybody has an idea about this? > >> > >> > >> > >>BTW, if I use a simple 5 port switch and connect all three "ports" it > >>works like a charm, it only fails with the VLAN configuration... > >> > >> > >> > >>Bye > >> > >>Tom > >> > >> > >> > >>-- > >>Thomas Hofmann, System-/Networkadministrator, IT > >>EB - Discover the Experience > >>Visitors: Am Wolfsmantel 46, 91058 Erlangen, Germany > >> > >>Phone: +49 (9131) 7701 6969, mailto:[email protected] > >>Fax: +49 (9131) 7701 6333, http://www.elektrobit.com > >><http://www.elektrobit.com/> > >> > >>PGP-Key: http://keyserver.elektrobit.com > <http://keyserver.elektrobit.com/> > >> > >>Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, > Germany > >>Managing Director Otto Fößel > >>Register Court Fürth HRB 4886 > >> > >>---------------------------------------------------------------- > >>Please note: This e-mail may contain confidential information > >>intended solely for the addressee. If you have received this > >>e-mail in error, please do not disclose it to anyone, notify > >>the sender promptly, and delete the message from your system. > >>Thank you. > >> > >> > >> * --To unsubscribe from enterasys, send email to [email protected] > >> <mailto:[email protected]> with the body: unsubscribe enterasys > >> [email protected] > >> > > > > > > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] ---------------------------------------------------------------- Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
