VLAN Routing Between Layer 3 and Layer 2 Switch

Discussion in 'Networking' started by PGlover, Aug 16, 2016.

  1. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    I am in the middle of implementing my new network design posted below. I am only implementing the core switch and internal LAN portion of the design right now. The DMZ portion is out of scope of this discussion. In the diagram posted, I have a core switch (LB6M) with vlan 1, 10, and 20. Actually the LB6M is a layer 3 switch capable of inter-vlan routing. The edge/access switches (Juniper EX3300) contain other vlans as well.

    I would like to keep all the inter-vlan routing done on 1 switch (either Quanta LB6M or Juniper EX3300).

    Please advise on whether you would use the Quanta or Juniper switch for inter-vlan routing for all vlans on the core and edge switches. Based on your feedback, I will ask some follow-up questions.


    Glover Home Data Center_New_v1_Layer 3 Routing_Quanta Core Switch_v4.jpg
     
    #1
    Last edited: Aug 16, 2016
    dawsonkm likes this.
  2. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    My opinion, based on the fact that your ex3300 stack will have the greatest number of hosts on it, participating in most of the vlans, that the routing should occur there rather than the lb6m. Why send traffic upstream to route and come right back to the 3300 stack?

    I also just personally have a distrust of using any advanced features of the lb6m, which seems to have poor documentation. I trust Juniper (yeah, yeah, they've had a couple security vulnerabilities uncovered recently, but they're fixed).
     
    #2
  3. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Any other recommendation?
     
    #3
  4. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    I am having some problems with getting routed Vlan interfaces (RVI) working on my Juniper switch. I have created Vlan 20 on both the Quanta and Juniper switch.
    On the Juniper switch, the RVI has been created with an IP address of 10.0.0.1/24. I have assigned the trunk interface ae0 to the RVI on the Juniper switch. The trunk interface is up. The trunk interface ae0 has been assigned to vlan 20.

    On the LB6M, I have created Vlan 20 with ports 13-18. I have created a LACP interface (1/3) to the SAN Server. On the SAN Server I have NIC teaming with four 10G ports (Intel X-520). It looks like the Quanta switch is not passing the traffic from Vlan 20 to the Juniper switch. The trunk port to the Juniper switch is interface 1/2.

    Below is my configuration from the Quanta and Juniper switch..
     
    #4
    Last edited: Aug 20, 2016
  5. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    How about first troubleshooting locally to the Juniper? Put something in an access port in vlan 20 on the Juniper and try to hit the vlan 20 IP address.
     
    #5
  6. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Currently Vlan 20 on the Juniper switch is assigned to LAG/LACP interface ae0 only which is a trunk port. I can assign Vlan 20 to access port and then connect a PC to the access port.

    On the NIC interface on the PC, do I need to enter the Vlan number or can I leave it blank. I will assign an IP address in the IP scope (10.0.0.2) of the subnet (10.0.0.0).
     
    #6
  7. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    No, you do not assign a vlan on the PC NIC interface. That would indicate you want the traffic tagged, which you do not, since the port on the juniper will be an access port.
     
    #7
  8. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Currently the LACP trunk port ae0 is assigned to Vlan 20.. Is that my problem?
     
    #8
  9. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Just tried and not working...
     
    #9
  10. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    No, your trunk port configuration looks good, although it is redundant to specify vlan members "all", as well as "Hypervisors_Servers", etc.

    Were you able to test a PC local to the Juniper yet?

    ae0 {
    description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
    aggregated-ether-options {
    lacp {
    active;
    }
    }
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members [ all Hypervisors_Servers NAS_SAN_Storage ];
    }
    native-vlan-id default;
    }
     
    #10
  11. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    also, provide the output of a "show ethernet-switching interfaces"
     
    #11
  12. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Yes... The PC IP address is 10.0.0.2. I tried pinging the VRI with the IP address of 10.0.0.1 and no reply...
     
    #12
  13. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    root> show ethernet-switching interfaces
    Interface State VLAN members Tag Tagging Blocking
    ae0.0 up default untagged unblocked
    Hypervisors_Servers 10 tagged unblocked
    NAS_SAN_Storage 20 tagged unblocked
    ge-0/0/0.0 up default untagged unblocked
    ge-0/0/1.0 up default untagged unblocked
    ge-0/0/2.0 down default untagged blocked by STP
    ge-0/0/3.0 up default untagged unblocked
    ge-0/0/4.0 up default untagged unblocked
    ge-0/0/5.0 up default untagged unblocked
    ge-0/0/6.0 down default untagged blocked by STP
    ge-0/0/7.0 up default untagged unblocked
    ge-0/0/8.0 down default untagged blocked by STP
    ge-0/0/9.0 up default untagged unblocked
    ge-0/0/10.0 up default untagged unblocked
    ge-0/0/11.0 up default untagged unblocked
    ge-0/0/12.0 up default untagged unblocked
    ge-0/0/13.0 down default untagged blocked by STP
    ge-0/0/14.0 down default untagged blocked by STP
    ge-0/0/15.0 down default untagged blocked by STP
    ge-0/0/16.0 up default untagged unblocked
    ge-0/0/17.0 down default untagged blocked by STP
    ge-0/0/18.0 down default untagged blocked by STP
    ge-0/0/19.0 up default untagged unblocked
    ge-0/0/20.0 up default untagged unblocked
    ge-0/0/21.0 up default untagged unblocked
    ge-0/0/22.0 up default untagged unblocked
    ge-0/0/23.0 up default untagged unblocked
    xe-0/1/2.0 up default untagged unblocked
    xe-0/1/3.0 down default untagged blocked by STP
     
    #13
  14. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Could there be something going on with the "native-vlan-id default" setting on the trunk port?

    Juniper EX Series - Configuring VLANs & Trunking with Native VLAN - eBrahma
     
    #14
  15. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    The fact that your PC directly connected to vlan 20 on the Juniper can't reach the layer 3 interface address means there is a problem local to the Juniper. It will have nothing to do with your LAG trunk.

    Which port did you configure for access for the test PC? Can you c/p that port config?
     
    #15
  16. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Ok... Some progress... I assigned vlan 20 to interface ge-0/0/6. So now, vlan 20 is assigned to this interface as well as the trunk port.

    My PC has IP address of 10.0.0.25 and no vlan is set in the NIC card. I plugged my PC in port ge-0/0/6 on the switch and now I am able to ping the IP addresses of all the RVIs on the Juniper switch.

    Now I'm not sure what this is telling me.. I don't want to plug any PC/server running on vlan 20 into the Juniper switch. All the servers running on vlan 20 will be plugged into the core switch (Quanta LB6M). I want the Juniper switch to perform all the inter-vlan routing between the vlans. The goal is to have the trunk port pass the traffic for vlan 20 from the core switch to the Juniper switch for inter-vlan routing. That is why I have not assigned an access port on the Juniper for vlan 20.



    ge-0/0/6 {
    unit 0 {
    family ethernet-switching {
    port-mode access;
    vlan {
    members NAS_SAN_Storage;
    }
    }
    }
    }

    ae0 {
    description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
    aggregated-ether-options {
    lacp {
    active;
    }
    }
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members [ Hypervisors_Servers NAS_SAN_Storage ];
    }
    native-vlan-id default;
    }
    }
    }
     
    #16
  17. aero

    aero Active Member

    Joined:
    Apr 27, 2016
    Messages:
    309
    Likes Received:
    51
    The point of that exercise to make sure that the layer 3 interface on the Juniper was working as expected before looking elsewhere. It is, and the layer 2 configuration of the LAG trunk looks good too.

    Now, I don't know anything about LB6M syntax, but something looks fishy to me here... I think you want tagging on your LAG to the ex3300, and not on the interface to the SAN server.

    interface 1/2
    description 'A LAG interface to Juniper EX3300 Switch w/802.1q vlan trunking'
    no port-channel static
    vlan participation include 10,20
    snmp-server enable traps violation
    exit
    interface 1/3
    description 'A LACP interface to SAN Server'
    no port-channel static
    vlan participation include 20
    vlan tagging 20
    exit
     
    #17
  18. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    I will make the change once I get home and post the results... Thank you so much for the help.
     
    #18
  19. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Got it working.. Here are changes (in red) made on the Quanta LB6M .. What a learning...


    interface 1/2
    description 'A LAG interface to Juniper EX3300 Switch w/802.1q vlan trunking'
    no vlan tagging 1 ** Added 08/19
    vlan tagging 10,20 ** Added 08/19

    interface 1/3
    description 'A LACP interface to SAN Server '
    no vlan tagging 20 ** Added 08/19
    vlan pvid 20 ** Added 08/19
     
    #19
  20. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    446
    Likes Received:
    48
    Still having some problems with routing between vlans on my Juniper switch. For some reason, the default vlan (0) is not routable. I can route between the other vlans with no problems.

    Below is some troubleshooting information. The IP address 10.x.x.2 is the ip address assigned to my SAN server. The IP address 192.x.x.207 is assigned to one of my personal PC. For some reason, I am unable to ping this IP address using the RVI gateway of 192.x.x.10.1 and 10.x.x.1 on the Juniper switch.

    root> show interfaces vlan terse
    Interface Admin Link Proto Local Remote
    vlan up up
    vlan.0 up up inet 192.x.x.254/24
    vlan.10 up up inet 192.x.x.1/24
    vlan.20 up up inet 10.x.x.1/24

    root> ping 192.x.x.207 source 192.x.x.254 count 3
    PING 192.x.x.207 (192.x.x.207): 56 data bytes
    64 bytes from 192.x.x.207: icmp_seq=0 ttl=128 time=2.324 ms
    64 bytes from 192.x.x.207: icmp_seq=1 ttl=128 time=1.165 ms
    64 bytes from 192.x.x.207: icmp_seq=2 ttl=128 time=1.257 ms

    root> ping 192.x.x.207 source 192.x.x.1 count 3
    PING 192.x.x.207 (192.x.x.207): 56 data bytes

    --- 192.x.x.207 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

    root> ping 192.x.x.207 source 10.x.x.1 count 3
    PING 192.x.x.207 (192.x.x.207): 56 data bytes

    --- 192.x.x.207 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss
     
    #20
    Last edited: Aug 20, 2016
Similar Threads: VLAN Routing
Forum Title Date
Networking Aruba VLAN/routing help! Nov 18, 2019
Networking LB6M (brocade firmware) Trouble Routing Vlans Jul 13, 2018
Networking LB6M and PfSense vlan routing issue Aug 2, 2017
Networking VLANs, Bridges, Routing, oh my... Feb 24, 2017
Networking Cisco NXOS Layer 3 Switch, DHCP Relay, Intervlan Routing - How to make it work Feb 13, 2015

Share This Page