VLAN Routing Between Layer 3 and Layer 2 Switch

PGlover

Active Member
Nov 8, 2014
465
53
28
54
I am in the middle of implementing my new network design posted below. I am only implementing the core switch and internal LAN portion of the design right now. The DMZ portion is out of scope of this discussion. In the diagram posted, I have a core switch (LB6M) with vlan 1, 10, and 20. Actually the LB6M is a layer 3 switch capable of inter-vlan routing. The edge/access switches (Juniper EX3300) contain other vlans as well.

I would like to keep all the inter-vlan routing done on 1 switch (either Quanta LB6M or Juniper EX3300).

Please advise on whether you would use the Quanta or Juniper switch for inter-vlan routing for all vlans on the core and edge switches. Based on your feedback, I will ask some follow-up questions.


Glover Home Data Center_New_v1_Layer 3 Routing_Quanta Core Switch_v4.jpg
 
Last edited:
  • Like
Reactions: dawsonkm

aero

Active Member
Apr 27, 2016
312
54
28
50
My opinion, based on the fact that your ex3300 stack will have the greatest number of hosts on it, participating in most of the vlans, that the routing should occur there rather than the lb6m. Why send traffic upstream to route and come right back to the 3300 stack?

I also just personally have a distrust of using any advanced features of the lb6m, which seems to have poor documentation. I trust Juniper (yeah, yeah, they've had a couple security vulnerabilities uncovered recently, but they're fixed).
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
I am having some problems with getting routed Vlan interfaces (RVI) working on my Juniper switch. I have created Vlan 20 on both the Quanta and Juniper switch.
On the Juniper switch, the RVI has been created with an IP address of 10.0.0.1/24. I have assigned the trunk interface ae0 to the RVI on the Juniper switch. The trunk interface is up. The trunk interface ae0 has been assigned to vlan 20.

On the LB6M, I have created Vlan 20 with ports 13-18. I have created a LACP interface (1/3) to the SAN Server. On the SAN Server I have NIC teaming with four 10G ports (Intel X-520). It looks like the Quanta switch is not passing the traffic from Vlan 20 to the Juniper switch. The trunk port to the Juniper switch is interface 1/2.

Below is my configuration from the Quanta and Juniper switch..
 
Last edited:

aero

Active Member
Apr 27, 2016
312
54
28
50
How about first troubleshooting locally to the Juniper? Put something in an access port in vlan 20 on the Juniper and try to hit the vlan 20 IP address.
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
How about first troubleshooting locally to the Juniper? Put something in an access port in vlan 20 on the Juniper and try to hit the vlan 20 IP address.
Currently Vlan 20 on the Juniper switch is assigned to LAG/LACP interface ae0 only which is a trunk port. I can assign Vlan 20 to access port and then connect a PC to the access port.

On the NIC interface on the PC, do I need to enter the Vlan number or can I leave it blank. I will assign an IP address in the IP scope (10.0.0.2) of the subnet (10.0.0.0).
 

aero

Active Member
Apr 27, 2016
312
54
28
50
No, you do not assign a vlan on the PC NIC interface. That would indicate you want the traffic tagged, which you do not, since the port on the juniper will be an access port.
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
No, you do not assign a vlan on the PC NIC interface. That would indicate you want the traffic tagged, which you do not, since the port on the juniper will be an access port.
Currently the LACP trunk port ae0 is assigned to Vlan 20.. Is that my problem?
 

aero

Active Member
Apr 27, 2016
312
54
28
50
No, your trunk port configuration looks good, although it is redundant to specify vlan members "all", as well as "Hypervisors_Servers", etc.

Were you able to test a PC local to the Juniper yet?

ae0 {
description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ all Hypervisors_Servers NAS_SAN_Storage ];
}
native-vlan-id default;
}
 

aero

Active Member
Apr 27, 2016
312
54
28
50
also, provide the output of a "show ethernet-switching interfaces"
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
No, your trunk port configuration looks good, although it is redundant to specify vlan members "all", as well as "Hypervisors_Servers", etc.

Were you able to test a PC local to the Juniper yet?

ae0 {
description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ all Hypervisors_Servers NAS_SAN_Storage ];
}
native-vlan-id default;
}
Yes... The PC IP address is 10.0.0.2. I tried pinging the VRI with the IP address of 10.0.0.1 and no reply...
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
also, provide the output of a "show ethernet-switching interfaces"
root> show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
ae0.0 up default untagged unblocked
Hypervisors_Servers 10 tagged unblocked
NAS_SAN_Storage 20 tagged unblocked
ge-0/0/0.0 up default untagged unblocked
ge-0/0/1.0 up default untagged unblocked
ge-0/0/2.0 down default untagged blocked by STP
ge-0/0/3.0 up default untagged unblocked
ge-0/0/4.0 up default untagged unblocked
ge-0/0/5.0 up default untagged unblocked
ge-0/0/6.0 down default untagged blocked by STP
ge-0/0/7.0 up default untagged unblocked
ge-0/0/8.0 down default untagged blocked by STP
ge-0/0/9.0 up default untagged unblocked
ge-0/0/10.0 up default untagged unblocked
ge-0/0/11.0 up default untagged unblocked
ge-0/0/12.0 up default untagged unblocked
ge-0/0/13.0 down default untagged blocked by STP
ge-0/0/14.0 down default untagged blocked by STP
ge-0/0/15.0 down default untagged blocked by STP
ge-0/0/16.0 up default untagged unblocked
ge-0/0/17.0 down default untagged blocked by STP
ge-0/0/18.0 down default untagged blocked by STP
ge-0/0/19.0 up default untagged unblocked
ge-0/0/20.0 up default untagged unblocked
ge-0/0/21.0 up default untagged unblocked
ge-0/0/22.0 up default untagged unblocked
ge-0/0/23.0 up default untagged unblocked
xe-0/1/2.0 up default untagged unblocked
xe-0/1/3.0 down default untagged blocked by STP
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
No, your trunk port configuration looks good, although it is redundant to specify vlan members "all", as well as "Hypervisors_Servers", etc.

Were you able to test a PC local to the Juniper yet?

ae0 {
description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ all Hypervisors_Servers NAS_SAN_Storage ];
}
native-vlan-id default;
}
Could there be something going on with the "native-vlan-id default" setting on the trunk port?

Juniper EX Series - Configuring VLANs & Trunking with Native VLAN - eBrahma
 

aero

Active Member
Apr 27, 2016
312
54
28
50
The fact that your PC directly connected to vlan 20 on the Juniper can't reach the layer 3 interface address means there is a problem local to the Juniper. It will have nothing to do with your LAG trunk.

Which port did you configure for access for the test PC? Can you c/p that port config?
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
Ok... Some progress... I assigned vlan 20 to interface ge-0/0/6. So now, vlan 20 is assigned to this interface as well as the trunk port.

My PC has IP address of 10.0.0.25 and no vlan is set in the NIC card. I plugged my PC in port ge-0/0/6 on the switch and now I am able to ping the IP addresses of all the RVIs on the Juniper switch.

Now I'm not sure what this is telling me.. I don't want to plug any PC/server running on vlan 20 into the Juniper switch. All the servers running on vlan 20 will be plugged into the core switch (Quanta LB6M). I want the Juniper switch to perform all the inter-vlan routing between the vlans. The goal is to have the trunk port pass the traffic for vlan 20 from the core switch to the Juniper switch for inter-vlan routing. That is why I have not assigned an access port on the Juniper for vlan 20.



ge-0/0/6 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members NAS_SAN_Storage;
}
}
}
}

ae0 {
description "A LAG interface to Quanta LB6M switch w/802.1q vlan trunking";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Hypervisors_Servers NAS_SAN_Storage ];
}
native-vlan-id default;
}
}
}
 

aero

Active Member
Apr 27, 2016
312
54
28
50
The point of that exercise to make sure that the layer 3 interface on the Juniper was working as expected before looking elsewhere. It is, and the layer 2 configuration of the LAG trunk looks good too.

Now, I don't know anything about LB6M syntax, but something looks fishy to me here... I think you want tagging on your LAG to the ex3300, and not on the interface to the SAN server.

interface 1/2
description 'A LAG interface to Juniper EX3300 Switch w/802.1q vlan trunking'
no port-channel static
vlan participation include 10,20
snmp-server enable traps violation
exit
interface 1/3
description 'A LACP interface to SAN Server'
no port-channel static
vlan participation include 20
vlan tagging 20
exit
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
I will make the change once I get home and post the results... Thank you so much for the help.
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
Got it working.. Here are changes (in red) made on the Quanta LB6M .. What a learning...


interface 1/2
description 'A LAG interface to Juniper EX3300 Switch w/802.1q vlan trunking'
no vlan tagging 1 ** Added 08/19
vlan tagging 10,20 ** Added 08/19

interface 1/3
description 'A LACP interface to SAN Server '
no vlan tagging 20 ** Added 08/19
vlan pvid 20 ** Added 08/19
 

PGlover

Active Member
Nov 8, 2014
465
53
28
54
Still having some problems with routing between vlans on my Juniper switch. For some reason, the default vlan (0) is not routable. I can route between the other vlans with no problems.

Below is some troubleshooting information. The IP address 10.x.x.2 is the ip address assigned to my SAN server. The IP address 192.x.x.207 is assigned to one of my personal PC. For some reason, I am unable to ping this IP address using the RVI gateway of 192.x.x.10.1 and 10.x.x.1 on the Juniper switch.

root> show interfaces vlan terse
Interface Admin Link Proto Local Remote
vlan up up
vlan.0 up up inet 192.x.x.254/24
vlan.10 up up inet 192.x.x.1/24
vlan.20 up up inet 10.x.x.1/24

root> ping 192.x.x.207 source 192.x.x.254 count 3
PING 192.x.x.207 (192.x.x.207): 56 data bytes
64 bytes from 192.x.x.207: icmp_seq=0 ttl=128 time=2.324 ms
64 bytes from 192.x.x.207: icmp_seq=1 ttl=128 time=1.165 ms
64 bytes from 192.x.x.207: icmp_seq=2 ttl=128 time=1.257 ms

root> ping 192.x.x.207 source 192.x.x.1 count 3
PING 192.x.x.207 (192.x.x.207): 56 data bytes

--- 192.x.x.207 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

root> ping 192.x.x.207 source 10.x.x.1 count 3
PING 192.x.x.207 (192.x.x.207): 56 data bytes

--- 192.x.x.207 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
 
Last edited: