HPE Community
LAN Routing
1826485 Members
4375 Online
109692 Solutions
New Discussion

Re: VLAN not working between two HPE 5130 El switches

 
rustyc53
Occasional Advisor

‎10-05-2021 09:10 AM - last edited on ‎10-06-2021 02:21 AM by

‎10-05-2021 09:10 AM - last edited on ‎10-06-2021 02:21 AM by

VLAN not working between two HPE 5130 El switches

I have a number of HPE 5130 switches as the backbone to our network.  These use Fibre connections, in a Dynamic Bridge-Aggregated (LACP) trunk.

Currently our network is a flat VLAN 1 network (on 10.0.0.0/16 range), but I want to create a VLAN (VID 615) to segregate 172.16.20.0/24 IP.  VLAN 615 will go to our backup firewall (Sonicwall TZ370) that has a virtual interface (172.16.20.1) on X0 port (10.0.0.2) that also has DHCP enabled for 172.16.20.0/24 range.

On the HPE 5130 switch that has the Sonicwall connected to, I have added the VLAN's to the switch (but no VLAN interface exists) and configured the port it's connected on as a trunk with VLAN 1 and 615 permitted.  If I then connect my laptop to this switch, and configure it as an access port on VLAN 615, it works great.

However, if I add VLAN 615 to the uplinks to another HPE 5130 switch (and also add the VLAN to this switch), and then connect my laptop to the second switch, I lose connectivity to the network (on VLAN 1) and also nothing is permitted over the uplink trunks until I remove VLAN 615 from the BAGG interface then network connectivity resumes.

Some of the configuration of the switches, which is the same on all of them (apart from different port numbers):

  1. vlan 1
  2. #
  3. vlan 615
  4. #
  5. stp region-configuration
  6. instance 1 vlan 1 to 8 
  7. active region-configuration
  8. #
  9. stp global enable
  10. #
  11. interface Bridge-Aggregation25
  12. description BAGG25 Interface 
  13. port link-type trunk
  14. port trunk permit vlan 1 615
  15. link-aggregation mode dynamic
  16. #
  17. interface Ten-GigabitEthernet1/0/25
  18. description XGE1/0/25 Interface
  19. port link-type trunk
  20. port trunk permit vlan 1 615
  21. port link-aggregation group 25
  22. #
  23. interface Ten-GigabitEthernet2/0/25
  24. description XGE2/0/25 Interface
  25. port link-type trunk
  26. port trunk permit vlan 1 615
  27. port link-aggregation group 25
  28. #
  29. ip route-static 0.0.0.0 0 10.0.0.1
  30. ip route-static 172.16.20.0 24 172.16.20.1 preference 50

Please can someone see any problems with the configuration?

0 Kudos
13 REPLIES 13
akg7
HPE Pro

‎10-05-2021 09:48 AM

‎10-05-2021 09:48 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53 ,

You mean to say that the issue si while connecting Laptop on switch 2 when it is in Bagg 25?

Is this switch part of IRF?

What is the status Bagg 25 during issue?

indly share below outout:

[HPE] display link-aggregation verbose

Can you share config from switch 2 port connecting Laptop?

Can you add below comamnd into port connecting to LAptop?

[H3C-GigabitEthernet1/0/1]stp edged-port

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-06-2021 02:16 AM - edited ‎10-06-2021 04:30 AM

‎10-06-2021 02:16 AM - edited ‎10-06-2021 04:30 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @akg7 

Yes the issue is that when I connect from another switch, using the 615 VLAN, I cannot ping the firewall on IP 172.16.20.1 and VLAN 1 traffic is blocked.  I have to remove the tagging of VLAN 615 from the uplinks before VLAN 1 traffic resumes.

BAGG25 remains UP throughout.

The switches are IRF'ed (but not together).  The 2nd switch (IP = 10.0.0.11) is separate from the 1st switch (IP = 10.0.0.22, from which the firewall is connected to).  When my laptop is connected to 10.0.0.22 VLAN 615 works perfect (as it's all directly connected), but when connecting my laptop on 10.0.0.11, the problems happen.

BAGG25 verbose info:

Aggregate Interface: Bridge-Aggregation25
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 4cae-a31f-106e
Local:
Port Status Priority Index Oper-Key Flag
XGE1/0/25(R) S 32768 7 7 {ACDEF}
XGE2/0/25 S 32768 14 7 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
XGE1/0/25 32768 1 1 0x8000, ec9b-8bb3-890c {ACDEF}
XGE2/0/25 32768 4 1 0x8000, ec9b-8bb3-890c {ACDEF}

Confg of the port my laptop is connecting on:

#
interface GigabitEthernet1/0/16
description GE1/0/16 Interface - PC TEST VLAN615
port access vlan 615
#

Do all the HPE 5130 switches need the static routes defined?  10.0.0.1 is our main Sonicwall firewall, and the default gateway to VLAN 1.  I would upload a network diagram of the switches so you can visually see it, but it's not obvious (to me) how to upload files for you to view.

0 Kudos
akg7
HPE Pro

‎10-06-2021 04:32 AM

‎10-06-2021 04:32 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53,

I believe you will get same issue if you configure any other VLAN. This seems to be a design issue.

Is it possible to have FW connectivity with both switches?

For testing purpose you can give default route towards Sonic FW on other 5130 switch but I dont believe it will resolve issue.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-06-2021 04:41 AM - edited ‎10-06-2021 04:43 AM

‎10-06-2021 04:41 AM - edited ‎10-06-2021 04:43 AM

Re: VLAN not working between two HPE 5130 El switches

How is our VLAN design going to work in that case?

What we want to achieve is to have our default network VLAN (VLAN 1) routed from our main Sonicwall (10.0.0.1) which is connected to switch IP 10.0.0.11 (our "main switch"), and VLAN 615 routed to our backup Sonicwall (10.0.0.2) on VLAN 615 for segregation (connected to switch IP 10.0.0.22).

10.0.0.11 is our "main" switch, in that all other switches are connected to it (as the "main" firewall is connected to it directly).  Do I remove all of the static routes on all other 5130 switches, except the 10.0.0.11 switch (or the other way around)? Then have a static route for the 172.16.20.0/24 range for VLAN 615 on the 10.0.0.22 switch?

I thought this was going to be very simple in that you tagg the VLAN's on all the uplinks to the switches, and the port that the backup firewall is connected on and bingo it works.  Do I need to create a VLAN interface on any of the switches with an IP in that range (i.e. 172.16.20.5)?  We manage the switch on VLAN 1, and not VLAN 615 so didn't think any of the switches needed it.  Or do I create a static route pointing 172.16.20.0/24 range to 10.0.0.22 switch rather than 172.16.20.1 on all the other switches in the network, as that's the switch the firewall is connected to?

0 Kudos
akg7
HPE Pro

‎10-06-2021 05:06 AM

‎10-06-2021 05:06 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53 ,

No, interface vlan is not needed here.

Static/Default route might be needed.

Can you share a topology/network diagram so I will test in LAB?

Hand drwan is also fine.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-06-2021 05:08 AM

‎10-06-2021 05:08 AM

Re: VLAN not working between two HPE 5130 El switches

Sure but how do I upload a file to this forum?  (Sorry a newb question I know :D)

0 Kudos
akg7
HPE Pro

‎10-06-2021 05:17 AM

‎10-06-2021 05:17 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53,

There will be a 'Insert Photos' option you will see while replying to a post else you can upload into a FTP and share the link.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-06-2021 05:23 AM - edited ‎10-06-2021 05:24 AM

‎10-06-2021 05:23 AM - edited ‎10-06-2021 05:24 AM

Re: VLAN not working between two HPE 5130 El switches

https://imgur.com/a/q3ZvUSq 

The switch labelled as "10.0.22.10" is the 10.0.0.22 switch, I just haven't updated the diagram!

0 Kudos
akg7
HPE Pro

‎10-06-2021 06:43 AM

‎10-06-2021 06:43 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53 ,

Thank You for sharing the diagram.

I will check and come back to you shortly.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-07-2021 06:07 AM

‎10-07-2021 06:07 AM

Re: VLAN not working between two HPE 5130 El switches

Hi @akg7 

I don't want any of the switches doing any routing, so are the ip-static routes required?

Would I also need to use PBR to define which VLAN goes to which gateway?  I want all default-vlan traffic (VLAN 1) to go to 10.0.0.1, and all traffic on VLAN 615 to go to 172.16.20.1.

Please advise what config I need to do to accomplish this?

0 Kudos
rustyc53
Occasional Advisor

‎10-11-2021 03:48 AM

‎10-11-2021 03:48 AM

Re: VLAN not working between two HPE 5130 El switches

Hi @akg7 

Do you have any further information on a resolution to this problem? 

Please can you advise what configuration is needed on the 5130 switches to be able to setup VLAN 1 to route to 10.0.0.1 gateway (Sonicwall NSA 4600) and VLAN 615 to route to another gateway (172.16.20.1) which is another Sonicwall device?

If this cannot be fixed on the 5130 switches, what HPE switches do you recommend that will?

0 Kudos
akg7
HPE Pro

‎10-12-2021 01:45 AM

‎10-12-2021 01:45 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @rustyc53,

Apologies for delayed response.

I replicated the issue. Need one more info:  Where is  interface VLAN 1 & 615 configured? Is it at 10.0.0.11 or at 10.0.0.22 or in both?

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
rustyc53
Occasional Advisor

‎10-12-2021 02:21 AM

‎10-12-2021 02:21 AM

Re: VLAN not working between two HPE 5130 El switches

Hello @akg7 

VLAN 1 interfaces are configured on all the switches (as we manage the switches via these IP's).

VLAN 615 doesn't have an interface on any of the switches, and routes via the Sonicwall interface on 10.0.0.2/172.16.20.1 (the VLAN's gateway address).

Also some more info for you, I managed to work out why the VLAN 1 connection was dropping.  When anything connected on VLAN 615, DLDP (on the smart-link connections between the 5130 switches) would block the access and drop the connection.  Once DLDP was removed, I could then ping the gateway from another switch and get an IP address.  If you have any further info on your findings, I would very much like to receive more feedback.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.