• November 29, 2020, 05:49:44 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Need help in configuring VLAN's on Nortel 5510-48T  (Read 9679 times)

0 Members and 1 Guest are viewing this topic.

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Need help in configuring VLAN's on Nortel 5510-48T
« on: June 17, 2013, 04:44:46 PM »
Hi All,

I recently got a Nortel 5510-48T switch and am trying to configure VLAN's on it. I followed the instructions in blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/

and configured 2 VLAN's on it.

I can ping the external world using the VLAN 1 but cannot go to the internet or ping other VLAN's.

ip routing is enabled.

sysDescr:         Ethernet Routing Switch 5510-48T                           
                  HW:34       FW:5.0.0.3   SW:v5.0.4.010

I have attached the output from show running-config.

Any help is appreciated.

regards
yashodhan


Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #1 on: June 17, 2013, 06:19:26 PM »
Hello Yashodhan,

I took a quick look inside the config and think it is ok, so you should be able to ping the other vlan interfaces.

Can you ping the local interface of the vlan you are in? In that case, what do you notice if you perform a traceroute either to a different vlan interface, or to a system on the internet?
Kind regards,

Johan Witters

Network Engineer
BKM NV

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #2 on: June 17, 2013, 06:35:37 PM »
Hi Johan,

I can ping a system on the internet from VLAN 1 i.e. 192.168.200.x
I cannot ping the other VLAN's at all from there.

When I put my laptop on VLAN 2 (with a static ip), I can ping the switch VLAN 2 interface i.e. 192.168.2.50 but cannot ping 192.168.2.1 (this is VLAN 2 interface defined in the firewall) or 192.168.200.1

I will post the traceroute's tomorrow.. What else do you suggest I can test?

Thanks for taking a look

regards
yashodhan

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #3 on: June 18, 2013, 11:01:28 AM »
Hi All,

I am missing something very simple in the config. I can ping the VLAN ip but cannot ping the gateway IP from the switch. I have attached the output.

5510-48T>ping 192.168.200.1
Host is not reachable
5510-48T>ping 192.168.200.50
Host is reachable. time=1 ms

5510-48T>ping 192.168.2.1   
Host is not reachable
5510-48T>ping 192.168.2.50
Host is not reachable
5510-48T>ping 192.168.3.50   
Host is not reachable

5510-48T#show ip route
===============================================================================
                                        Ip Route
===============================================================================
DST             MASK            NEXT            COST    VLAN PORT PROT TYPE PRF
-------------------------------------------------------------------------------
0.0.0.0         0.0.0.0         192.168.200.1   1        1    47    S  IB     5
192.168.200.0   255.255.255.0   192.168.200.50  1        1    ----  C  DB     0
Total Routes: 2
-------------------------------------------------------------------------------

5510-48T#show ip
BootP Mode: BootP When Needed

                     Configured        In Use        Last BootP
                   --------------- --------------- ---------------
Stack IP Address:  0.0.0.0                         0.0.0.0       
Switch IP Address: 192.168.200.50  192.168.200.50  0.0.0.0       
Subnet Mask:       255.255.255.0   255.255.255.0   0.0.0.0       
Default Gateway:   192.168.200.1                   0.0.0.0       


5510-48T#show vlan
Id  Name                 Type     Protocol         User PID Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   192-168-200-0/24     Port     None             0x0000   Yes    IVL     Yes
        Port Members: 1-12,37-48
200 192-168-2-0/24       Port     None             0x0000   Yes    IVL     No
        Port Members: 13-24
300 192-168-3-0/24       Port     None             0x0000   Yes    IVL     No
        Port Members: 25-36

I am going to try the same config on another 5510-48T and will post the results.

regards
yashodhan

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #4 on: June 18, 2013, 11:29:33 AM »
I reset the switch to factory settings and reapplied all the settings.

Now I can ping everything from VLAN 1 but cannot ping the VLAN 2 and 3 switch IP's.

MacBook-Pro-4% ping 192.168.200.1
PING 192.168.200.1 (192.168.200.1): 56 data bytes
64 bytes from 192.168.200.1: icmp_seq=0 ttl=255 time=0.623 ms
64 bytes from 192.168.200.1: icmp_seq=1 ttl=255 time=0.570 ms

ping google works.
MacBook-Pro-4% ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=31.669 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=31.692 ms

MacBook-Pro-4% ping 192.168.2.50
PING 192.168.2.1 (192.168.2.50): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

MacBook-Pro-4% ping 192.168.3.50
PING 192.168.2.1 (192.168.3.50): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2



Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #5 on: June 18, 2013, 03:18:52 PM »
You won't be able to ping anything in those VLANs unless there is at least 1 port in that VLAN up and operational.

So even with everything configured properly you need at least one port in that VLAN to be up and running in order for the Layer 3 interface for that VLAN to be operational. Plug a printer or something into one of the ports (doesn't have to be configured properly) and re-test.

Good Luck!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #6 on: June 18, 2013, 04:39:46 PM »
Thanks Michael.

Here's an update..

Plugged a windows laptop in VLAN 200 ip 192.168.2.21

The windows laptop can
- ping 192.168.200.50 which is VLAN 1 switch IP
- CANNOT ping 192.168.200.1 (which is the default switch GW)
- Cannot ping 192.168.200.7 (macbook plugged in VLAN 1)
- cannot browse the net (static routes for the VLAN subnets added to fortinet firewall)

Macbook plugged in VLAN 1 with IP 192.168.200.7
- Cannot ping 192.168.2.50 (VLAN 200 switch IP)
- Cannot ping windows laptop at 192.168.2.21

now how I can find out what the issue is?

The config is the same. Pasting it just in case.

vlan name 1 "192-168-200-0/24"
interface vlan 1
ip address 192.168.200.50 255.255.255.0 1
exit
vlan create 200 name "192-168-2-0/24" type port
vlan members remove 1 13-24
vlan members add 200 13-24
vlan port 13-24 pvid 200
interface vlan 200
ip address 192.168.2.50 255.255.255.0 2
exit
vlan create 300 name "192-168-3-0/24" type port
vlan members remove 1 25-36
vlan members add 300 25-36
vlan port 25-36 pvid 300
interface vlan 300
ip address 192.168.3.50 255.255.255.0 3
exit
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
interface fastEthernet All
spanning-tree learning fast
rate-limit both 10
exit


Thanks for all the help.
yashodhan
« Last Edit: June 19, 2013, 11:35:07 AM by Yashodhan Barve »

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #7 on: June 18, 2013, 04:42:30 PM »
One more thing.

I am able to browse the net when the laptop is plugged in VLAN 1.
Why can't I not browse the internet when I plug-in my laptop in VLAN 2 and give it a proper IP?

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #8 on: June 18, 2013, 05:34:35 PM »
Your PC knows it's default route, as well as the 5510 - your ISP router.  Unfortunately, the ISP router doesn't know about those other routes handled by the 5510.
You need to build new static routes for those other networks pointing to the 5510's VLAN 1 IP address.

TankII

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #9 on: June 19, 2013, 11:51:17 AM »
Here's an update..

Plugged a windows laptop in VLAN 200 ip 192.168.2.21

The windows laptop can
- ping 192.168.200.50 which is VLAN 1 switch IP
- CANNOT ping 192.168.200.1 (which is the default switch GW)
- Cannot ping 192.168.200.7 (macbook plugged in VLAN 1)
- cannot browse the net (static routes for the VLAN subnets added to fortinet firewall)

Macbook plugged in VLAN 1 with IP 192.168.200.7
- Cannot ping 192.168.2.50 (VLAN 200 switch IP)
- Cannot ping windows laptop at 192.168.2.21

now how I can find out what the issue is?

The config is the same. Pasting it just in case.

vlan name 1 "192-168-200-0/24"
interface vlan 1
ip address 192.168.200.50 255.255.255.0 1
exit
vlan create 200 name "192-168-2-0/24" type port
vlan members remove 1 13-24
vlan members add 200 13-24
vlan port 13-24 pvid 200
interface vlan 200
ip address 192.168.2.50 255.255.255.0 2
exit
vlan create 300 name "192-168-3-0/24" type port
vlan members remove 1 25-36
vlan members add 300 25-36
vlan port 25-36 pvid 300
interface vlan 300
ip address 192.168.3.50 255.255.255.0 3
exit
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
interface fastEthernet All
spanning-tree learning fast
rate-limit both 10
exit


Thanks for all the help.
yashodhan

Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #10 on: June 19, 2013, 05:33:33 PM »
It sounds as if there is still an issue with the routing table on the Fortigate..

Did you configure vlan interfaces on the FG, or did you assign physical interfaces? Am I correct to conclude your Fortigate only has an interface in vlan 1?

In that case you should have static routes on the FG for the other subnets pointing to the vlan 1 address of the switch.

Try to do:
- a traceroute from the laptop in vlan 200 to the 192.168.200.1 address of the FG
- a traceroute from the laptop in vlan 200 to the macbook
- a traceroute from the macbook to the laptop in vlan 200
- a traceroute from the Fortigate to the laptop in vlan 200 (under cli: exec traceroute 192.168.2.21)

check the results.. if these fail, try to change the gateway ip on the macbook and ping/traceroute again.

Also note that on the Fortigate, in order to be able to surf, you would need to have a policy for traffic with source interface internal, source ip "all" or the subnets of vlans 1, 200 etc...

« Last Edit: June 19, 2013, 05:49:19 PM by Johan Witters »
Kind regards,

Johan Witters

Network Engineer
BKM NV

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #11 on: June 19, 2013, 09:07:36 PM »
Johan,

You hit the nail on the head..

>Did you configure vlan interfaces on the FG, or did you assign physical interfaces? Am I correct to conclude >your Fortigate only has an interface in vlan 1?

I had configured VLAN interfaces on the fortiget (as per their VLAN/VDOM guide) and had done the proper routes.

I deleted the VLAN interfaces and just kept the routes and now everything works.

I can ping other VLAN IP's and PC's..

Thanks for all your help.

Now I have to figure out how to redirect traffic to different VLAN's from External IP's but I think that will be easy.. Just pass the traffic to the interface and it will send it to the switch and switch wil redirect it as per the VLAN tag..

Thank you..
yashodhan

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #12 on: June 19, 2013, 09:24:02 PM »
External redirection worked perfectly.

Thanks to all who helped.

regards
yashodhan

Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #13 on: June 20, 2013, 06:17:20 AM »
Hello Yashodhan,

I'm glad I have been able to help...

You could connect each vlan directly to the fortigate: in that case you would either need to make vlan interfaces, and put the switchport in tagging, or "break" the internal switch of the Fortigate and put the device in interface mode so you can use separate ports. In that case you could disable routing on the switch.

But if you do not need security between the vlans, I would leave it as it is and let the switch do the routing between the vlans, and let the Fortigate secure the WAN access
Kind regards,

Johan Witters

Network Engineer
BKM NV

Offline Yashodhan Barve

  • Rookie
  • **
  • Posts: 11
Re: Need help in configuring VLAN's on Nortel 5510-48T
« Reply #14 on: June 20, 2013, 12:03:05 PM »
That makes perfect sense now that you explained it :)

I had the VLAN interfaces created on the Fortigate but the switch ports were NOT in tagging mode.

Thanks for your help and you have a nice day..

regards
yashodhan