Fwd: VLAN Troubles
-- Forwarded message -- From: david peahi davidpe...@gmail.com Date: Tue, Mar 6, 2012 at 9:47 AM Subject: Re: VLAN Troubles To: Alan Bryant a...@alanbryant.com Why don't you replace the Dell switches with Cisco 3560s, and that way you are working with a single implementation of the IEEE 802.1q trunking standard? I think the very existence of this email thread proves that much time and effort is wasted in the attempt to seamlessly interoperate devices from multiple vendors. In this email thread alone I counted 2 CLI's to be learned, 2 tech support organizations to call, and 2 hardware types to spare. David On Tue, Mar 6, 2012 at 8:07 AM, Alan Bryant a...@alanbryant.com wrote: I hope everyone is having a better workday so far than I am. I am trying to clean up the network for the Hospital I work for, and part of that is creating two VLAN's for two separate subnets on our network. Before, it was not separated by VLANs. We are also replacing our aged Juniper firewall with an ASA. I'm very new to VLAN's, so I am hoping this is something simple that you guys can help me out with. We have two switches that do not seem to be passing VLAN traffic. The two switches are a Dell Powerconnect 5324 a Cisco 3560G. The Cisco switch appears to be functioning fine, but the Dell switch is only passing traffic to the Cisco that is on the default untagged VLAN1. Our second VLAN is not getting passed to the Cisco at all, I am not seeing any packets tagged with the particular vlan in Wireshark. I have Port 1 on the Dell switch connected to port 29 on the Cisco switch, and port 1 on the Cisco switch connected to the ASA. I have the following config on the relevant ports on the Cisco switch: interface GigabitEthernet0/1 description ASA 5505 switchport trunk encapsulation dot1q switchport mode trunk interface GigabitEthernet0/29 description Radiology Switch switchport trunk encapsulation dot1q switchport mode trunk Here is the config for the Dell switch: interface ethernet g1 speed 1000 duplex full exit interface ethernet g2 speed 1000 duplex full exit interface ethernet g3 speed 1000 duplex full exit interface ethernet g4 speed 1000 duplex full exit interface ethernet g5 speed 1000 duplex full exit interface ethernet g7 speed 1000 duplex full exit interface ethernet g9 speed 1000 duplex full exit interface ethernet g10 speed 1000 duplex full exit interface ethernet g12 speed 1000 duplex full exit interface ethernet g14 speed 1000 duplex full exit interface ethernet g15 speed 1000 duplex full exit port jumbo-frame interface ethernet g1 switchport mode trunk exit interface ethernet g24 switchport mode trunk exit vlan database vlan 12,22 exit interface range ethernet g(2,4,7,12,14-15) switchport access vlan 12 exit interface vlan 12 name Radiology exit interface vlan 22 name Guest exit interface vlan 1 exit Anyone have any ideas or pointers? Is there more information that I need to provide? Vlan1 works just fine, of course. It is Vlan 12 that is not working. Everything on the Dell switch is communicating with each other just fine on the same subnet.
Re: Fwd: VLAN Troubles
There's Heaven, where IT has an unlimited budget and management understands the reasoning you state below. And there's reality, where IT is a cost center, has to beg for every penny spent, and often times has to make do with what they have. Besides, how much fun would it be if everything was clear-cut and easy? Jason On 3/6/2012 11:53 AM, david peahi wrote: -- Forwarded message -- From: david peahidavidpe...@gmail.com Date: Tue, Mar 6, 2012 at 9:47 AM Subject: Re: VLAN Troubles To: Alan Bryanta...@alanbryant.com Why don't you replace the Dell switches with Cisco 3560s, and that way you are working with a single implementation of the IEEE 802.1q trunking standard? I think the very existence of this email thread proves that much time and effort is wasted in the attempt to seamlessly interoperate devices from multiple vendors. In this email thread alone I counted 2 CLI's to be learned, 2 tech support organizations to call, and 2 hardware types to spare. David On Tue, Mar 6, 2012 at 8:07 AM, Alan Bryanta...@alanbryant.com wrote: I hope everyone is having a better workday so far than I am. I am trying to clean up the network for the Hospital I work for, and part of that is creating two VLAN's for two separate subnets on our network. Before, it was not separated by VLANs. We are also replacing our aged Juniper firewall with an ASA. I'm very new to VLAN's, so I am hoping this is something simple that you guys can help me out with. We have two switches that do not seem to be passing VLAN traffic. The two switches are a Dell Powerconnect 5324 a Cisco 3560G. The Cisco switch appears to be functioning fine, but the Dell switch is only passing traffic to the Cisco that is on the default untagged VLAN1. Our second VLAN is not getting passed to the Cisco at all, I am not seeing any packets tagged with the particular vlan in Wireshark. I have Port 1 on the Dell switch connected to port 29 on the Cisco switch, and port 1 on the Cisco switch connected to the ASA. I have the following config on the relevant ports on the Cisco switch: interface GigabitEthernet0/1 description ASA 5505 switchport trunk encapsulation dot1q switchport mode trunk interface GigabitEthernet0/29 description Radiology Switch switchport trunk encapsulation dot1q switchport mode trunk Here is the config for the Dell switch: interface ethernet g1 speed 1000 duplex full exit interface ethernet g2 speed 1000 duplex full exit interface ethernet g3 speed 1000 duplex full exit interface ethernet g4 speed 1000 duplex full exit interface ethernet g5 speed 1000 duplex full exit interface ethernet g7 speed 1000 duplex full exit interface ethernet g9 speed 1000 duplex full exit interface ethernet g10 speed 1000 duplex full exit interface ethernet g12 speed 1000 duplex full exit interface ethernet g14 speed 1000 duplex full exit interface ethernet g15 speed 1000 duplex full exit port jumbo-frame interface ethernet g1 switchport mode trunk exit interface ethernet g24 switchport mode trunk exit vlan database vlan 12,22 exit interface range ethernet g(2,4,7,12,14-15) switchport access vlan 12 exit interface vlan 12 name Radiology exit interface vlan 22 name Guest exit interface vlan 1 exit Anyone have any ideas or pointers? Is there more information that I need to provide? Vlan1 works just fine, of course. It is Vlan 12 that is not working. Everything on the Dell switch is communicating with each other just fine on the same subnet.
Re: Fwd: VLAN Troubles
On Mar 6, 11:53 am, david peahi davidpe...@gmail.com wrote: Why don't you replace the Dell switches with Cisco 3560s, and that way you are working with a single implementation of the IEEE 802.1q trunking standard? I think the very existence of this email thread proves that much time and effort is wasted in the attempt to seamlessly interoperate devices from multiple vendors. In this email thread alone I counted 2 CLI's to be learned, 2 tech support organizations to call, and 2 hardware types to spare. David Funny, it's always the Cisco devices that seem to be the cause of interop problems in my network. They're the only vendor that seems to think defaulting proprietary protocols is reasonable. Cat 3ks default to proprietary Rapid-PVST+, proprietary VTP, proprietary DTP, proprietary HSRP, and proprietary ISL tagging. And Cisco documentation generally recommends these proprietary protocols or at least documents them *before* the standard equivalents (wonder why?). Cisco does of course generally support the IEEE or IETF protocols, but not without configuration that often requires downtime or at least a spanning-tree/ OSPF event if it was missed before deployment. We can lash together Dell/HP/other switches all day long with near- default configurations, but every time we have a new Cisco box to configure it's required to wade though IOS release notes to see what new proprietary protocol we have to disable. Cisco makes good gear with lots of features, but can be a royal pain if you use *anything* non-Cisco. It's not prudent to rely on a single vendor for anything, and it's not as though IOS is a magically bug- free bit of code. I've been told that in at least some high-frequency trading networks, the redundant switches/routers at each tier are intentionally from different vendors, so that a software issue in one won't take everything down. That seems like a good idea at first, but it wouldn't surprise me to have an interop issue or mis-configuration caused by unfamiliarity take down both devices. Does anybody out there do this?
