Re: VLAN Configuration

razizul · ‎08-22-2016

Hi

i configure VLAN as below config. I enable routing. DHCP control by our firewall and we add routing inside firewall also. Unfortunately VLAN don't give static IP. My config file as below. Anything i miss?.

#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 32
irf member 2 priority 1
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 2
#
vlan 60
#
vlan 70
#
irf-port 1/1
port group interface Ten-GigabitEthernet1/0/25
#
irf-port 2/2
port group interface Ten-GigabitEthernet2/0/26
#
stp global enable
#
interface Bridge-Aggregation1
description Link-to-CoreSwitch
link-aggregation mode dynamic
#
interface Bridge-Aggregation2
description Link-to-Firewall
link-aggregation mode dynamic
#
interface Bridge-Aggregation3
description Link-to-Switch1
port link-type trunk
port trunk permit vlan 1
link-aggregation mode dynamic
#
interface Bridge-Aggregation4
description Link-to-Switch2
port link-type trunk
port trunk permit vlan 1
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
ip address 10.10.5.250 255.255.255.0
dhcp select relay
#
interface Vlan-interface2
description "Management VLAN"
ip address 10.10.6.250 255.255.255.0
dhcp select relay
dhcp relay server-address 10.10.5.254
#
interface Vlan-interface60
ip address 10.10.60.250 255.255.255.0
#
interface Vlan-interface70
ip address 10.10.70.250 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
combo enable copper
port link-aggregation group 1
#
interface GigabitEthernet1/0/18
combo enable copper
port link-aggregation group 2
#
interface GigabitEthernet1/0/19
port link-type trunk
port trunk permit vlan 1
combo enable copper
port link-aggregation group 3
#
interface GigabitEthernet1/0/20
port link-type trunk
port trunk permit vlan 1
combo enable copper
port link-aggregation group 4
#
interface GigabitEthernet1/0/21
port access vlan 2
combo enable copper
#
interface GigabitEthernet1/0/22
port access vlan 2
combo enable copper
#
interface GigabitEthernet1/0/23
combo enable copper
#
interface GigabitEthernet1/0/24
combo enable copper
#
interface GigabitEthernet2/0/1
#
interface GigabitEthernet2/0/2
#
interface GigabitEthernet2/0/3
#
interface GigabitEthernet2/0/4
#
interface GigabitEthernet2/0/5
#
interface GigabitEthernet2/0/6
#
interface GigabitEthernet2/0/7
#
interface GigabitEthernet2/0/8
#
interface GigabitEthernet2/0/9
#
interface GigabitEthernet2/0/10
#
interface GigabitEthernet2/0/11
#
interface GigabitEthernet2/0/12
#
interface GigabitEthernet2/0/13
#
interface GigabitEthernet2/0/14
#
interface GigabitEthernet2/0/15
#
interface GigabitEthernet2/0/16
#
interface GigabitEthernet2/0/17
combo enable copper
port link-aggregation group 1
#
interface GigabitEthernet2/0/18
combo enable copper
port link-aggregation group 2
#
interface GigabitEthernet2/0/19
port link-type trunk
port trunk permit vlan 1
combo enable copper
port link-aggregation group 3
#
interface GigabitEthernet2/0/20
port link-type trunk
port trunk permit vlan 1
combo enable copper
port link-aggregation group 4
#
interface GigabitEthernet2/0/21
port access vlan 2
combo enable copper
#
interface GigabitEthernet2/0/22
port access vlan 2
combo enable copper
#
interface GigabitEthernet2/0/23
combo enable copper
#
interface GigabitEthernet2/0/24
combo enable copper
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
interface Ten-GigabitEthernet2/0/25
#
interface Ten-GigabitEthernet2/0/27
#
interface Ten-GigabitEthernet2/0/28
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet2/0/26
#
scheduler logfile size 16
#
line class aux
authentication-mode password
user-role network-admin
set authentication password hash $h$6$rAUqcpNEOMXvTG8a$Tx9yOrBCRH//rUGNx3GRvR8sl5nIH7eEejELbBQOgHK1PMo1kcMPb/PvFJprlCCg0oHp6cAoL/ntD9fHUO7fog==
#
line class vty
user-role network-admin
user-role network-operator
set authentication password hash $h$6$LDxsS6IYqvb+Bx/7$kH7pnUEPq71jsOszke2vWtHPM+QSOQfeWB8ZbhQeEcqaWdi4ZR/yjgJPfEie6mXDeOYFTGSOctlzRwKFMGkM2A==
#
line aux 0 1
user-role network-admin
#
line vty 0 15
authentication-mode scheme
user-role network-admin
user-role network-operator
set authentication password hash $h$6$9FU1aOVnzdV5OPgb$8WYRg9a1x/pzBYalNxBJ7MAuTxbptR4A4m+AoyxKeGUI+klp2YVO4qplfanf5DCSw43u3djq4bWyo24WSgpOVA==
protocol inbound ssh
idle-timeout 0 0
#
line vty 16 63
user-role network-admin
user-role network-operator
set authentication password hash $h$6$xj13g9p1jQTURn4t$w0LeT20WUN/T2He6cT0XTYpN6+3OfXbEiB9L8goyXDzPJAX64LRh0Q5es5LgPAoftsDCfgm282Njy0+rkHcyng==
#
ip route-static 0.0.0.0 0 10.10.5.254
#
ssh server enable
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$wgFD8B9Yn3/IaxwP$9bWV2gMFdxcjZpjWb8gm0kRlTRnx5keeMJHxIydYHGKumvfCy0lln5Jjb3hvfuZx07DxhJFy2huktkRmOFfgFw==
service-type ftp
service-type pad ssh telnet terminal http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user dhas class manage
password hash $h$6$EPkEF5JQJEuH80q5$/Sf3jS8tWKm+dEO3frYNjNmyqv3MhJlFdLb24qQjgrFtrHia0zvDU6vZUdz7PeGXbwgIdhzZfisSq19dfpKR9w==
service-type ftp
service-type pad ssh telnet terminal http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user srkk class manage
password hash $h$6$qXMzFdZtQ3ei8ez2$xAAahyszwmcCOJrSFmpaMRURCmUQtIQSe90jSYuZm4D69klmEfdFcltT28n0xCabSk10rQ+y9Ow/H7OfWdH8LA==
service-type ftp
service-type pad ssh telnet terminal http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ip http enable
#
return

Ian Vaughan · ‎08-22-2016

Howdy,

You may wish to repost this question in the "Home -> Networking -> Switching and Routing -> Comware based" forum as your configuration must be from a Comware based switch.

In the meantime some things to think about and let us know more detail in order to help-

1) What configuration has been added recently?

2) Which parts of the configuration are working?

3) Which traffic flows (think about source and destination) are not working?

4) A diagram, even a photo of a sketch or a whiteboard,, is very useful in these scenarios.

I can see that some of the VLANs have DHCP relay settings or are on the same vlan as the DHCP server. Some vlans maybe need this setting adding to pass the DHCP requests over to the dhcp server?

Your bridge aggregation interfaces are only passing vlan1 - maybe the other vlans need to be added to the "permit" list on those links to allow the tagged traffic through?

Thanks

ian

(Hope that helps - Please give kudos if it does)

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me

Ian Vaughan · ‎08-22-2016

Howdy,

Just one more thing I was just reminded of

When posting your configuration to an online forum, such as ours, you may wish to replace your password hashes with a string of XXXXXXXX or suchlike as a matter of good practice.

Yes they are encrypted but why give someone with bad intentions a headstart.

Removing or obscuring them from the online post will ensure that no-one attempts to either reverse engineer them (depending upon the device & OS ) or perform offline brute force attacks against them .

thanks

Ian

(Hope that helps - please give kudos if it does)

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: VLAN Configuration

VLAN Configuration

Re: VLAN Configuration

Re: VLAN Configuration