Hello Minh,
you have to tag the vlan 210 and 220 on the switch port where
packetfence has been plugged on the vswitch.
I don't have the exact way to do it but it look like there is
documentation on internet to do that.
Regards
Fabrice
Le 2015-03-31 23:11, Minh Trung a écrit :
Hello Fabrice,
You are right, my VMware connected 4500 via gi7/6, here is the
spaning-tree command:
/VLAN0210
Spanning tree enabled protocol ieee
Root ID Priority 32978
Address 5475.d0c3.e100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32978 (priority 32768 sys-id-ext 210)
Address 5475.d0c3.e100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Gi2/4 Desg FWD 4 128.68 P2p
Gi7/3 Desg FWD 4 128.387 P2p
Gi7/6 Desg FWD 4 128.390 P2p
Po1 Desg FWD 3 128.641 P2p
VLAN0220
Spanning tree enabled protocol ieee
Root ID Priority 32988
Address 5475.d0c3.e100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32988 (priority 32768 sys-id-ext 220)
Address 5475.d0c3.e100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Gi2/4 Desg FWD 4 128.68 P2p
Gi7/3 Desg FWD 4 128.387 P2p
Gi7/6 Desg FWD 4 128.390 P2p
Po1 Desg FWD 3 128.641 P2p
/
Also, Vlan122 is native, new Vlan210,220 is created for PF.
The picture will show where is the PF connection(Serverfarm_A is one
of Vlan122.). Do i need reconfigure vmware? How it look like?
Thanks and Best regards,
On 31 March 2015 at 20:48, Durand fabrice <[email protected]
<mailto:[email protected]>> wrote:
Hello Minh,
based on what i can see and suppose packetfence has been plugged
on Gi7/6 (vmware).
So check :
'show spanning-tree' if vlan 210 and 220 are forwarded to gi7/6
Where packetfence is connected on vmware ? is it connected to a
trunk port where the vlan 220 and 230 are allowed and the vlan
122 is the native one ?
Also HSRP is a layer 3 protocol and we talk about a layer 2 network.
Check all these items and from the laptop connected on the vlan
210, retry a ping, check the arp table.
Regards
Fabrice
Le 2015-03-31 03:38, Minh Trung a écrit :
Hello Fabrice,
I changed reg and iso interface back to 10.126.210.1,
10.126.220.1 but still no luck.
As you comment could we call PF as a switch L2? Then after plug a
device to 4500 i am not able ping to 10.126.210.1 even from 4500
can not ping 10.126.210.1 also.
Do i misconfiguration on vmware? But other vlan are still fine
excluded some new vlan for PF.
Here is the interface configured on 4500 to vmware:
*The first 4500:*
/interface GigabitEthernet7/4
description ### To KFVNVM02_NIC1 ###
switchport access vlan 122
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet7/5
description ### To KFVNVM02_NIC3 ###
switchport access vlan 122
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet7/6
description ### To KFVNVM02_NIC4 ###
switchport trunk allowed vlan 122,126,127,210,220,230
switchport mode trunk
speed 1000
duplex full /
*The second 4500:( I has 2 switches 4500 and HSRP configured)*
/interface GigabitEthernet7/4
description ### To KFVNVM02_NIC2 ###
switchport access vlan 122
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet7/5
description ### To KFVNVM02_NIC5 ###
switchport access vlan 122
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet7/6
description ### To KFVNVM02_NIC6 ###
switchport trunk allowed vlan 122,126,127,210,220,230
switchport mode trunk
speed 1000
duplex full/
Any help is appreciated,
Best regards,
On 30 March 2015 at 23:01, Durand fabrice <[email protected]
<mailto:[email protected]>> wrote:
Hi Minh,
Keep in mind that reg and isol vlan are layer 2 networks, so
you don't have to assign an ip address for these 2 vlan on
the cisco config (packetfence is the only one who manage what
happen on these 2 networks).
So the the ip address of the reg interface is 10.126.210.1
(ifconfig) not 10.126.210.5 so change that in pf.conf and
networks.conf and restart packetfence (same thing for isol).
Now plug a device in a port on the 4500 configured like that:
switchport mode access
switch port access vlan 210
with a device with a static ip :
10.126.210.33
and try to ping 10.126.210.1.
If this doesn't work then fix the vmware/cisco config to make
it work (trunk, allowed vlan...).
Regards
Fabrice
Le 2015-03-30 03:06, Minh Trung a écrit :
Hello Fabrice,
I already check trunk port but still problem as previously posted.
My PF as below:
PC ---+ --> Switch_L2(2960- Cisco) ---trunk--> Switch_L3(4500)
---trunk--->
PF(VMware- ESX)
Here is the config interface that L2 connected on Core switch:
i
*nterface GigabitEthernet2/4 description ### Testing Network Security
### switchport trunk allowed vlan
110,123,124,127,128,135,210,220,230 switchport mode trunk*
I has 2 core switches and configured HSRP so all Vlan will be take 3 ip
addresses for HSRP eg:
Vlan123: x.x.x.1, x.x.x.2, x.x.x..3 are assign for core switches, other
Vlan will be same.
So i changed 2 interface Vlan on PF as below:
*networks.conf*
[10.126.210.0]
dns=10.126.210.5
dhcp_start=10.126.210.10
*gateway=10.126.210.5*
domain-name=vlan-registration.global
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=10.126.210.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
[10.126.220.0]
dns=10.126.220.5
dhcp_start=10.126.220.10
*gateway=10.126.220.5*
domain-name=vlan-isolation.global
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=10.126.220.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30
But still no luck
Do i misconfiguration of any parts?
Any help is appreciated,
Regards,
On 28 March 2015 at 23:17, Durand fabrice<[email protected]>
<mailto:[email protected]> wrote:
Hello Minh,
has you probably notice there is no RX traffic on eth0.210 and eth0.220
and eth0.230 so it's probably a switch configuration issue.
Check on the switch port where packetfence's eth0 has been plugged that
'switch port mode trunk' (cisco syntax) has been configured and check in
all uplink port that the vlan 210 and 220 are allowed.
Regards
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub
for all
things parallel software development, from weekly thought leadership
blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now.http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel
Website, sponsored
by Intel and developed in partnership with Slashdot Media, is
your hub for all
things parallel software development, from weekly thought
leadership blogs to
news, videos, case studies, tutorials and more. Take a look
and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for
all
things parallel software development, from weekly thought leadership blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now.http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel
Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your
hub for all
things parallel software development, from weekly thought
leadership blogs to
news, videos, case studies, tutorials and more. Take a look and
join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
