untagged or tag port configuration for Equallogic DCB

May 30, 2014, 11:01 am

≪ Previous: Just installed Solarwinds NPM - showing high receive discards PC6224 stack

Hi there,

We've used to configure switch ports that are connected to Equallogic as access mode to carry untagged traffic for iscsi vlan. The reason being is EQL didn't support vlan tagging before.

I'm a bit confused with "DCB" configuration. Now on, do we have to tag the iscsi traffic on EQL ports if DCB is configured?

Thanks,

↧

VLAN Assistance Needed

May 30, 2014, 2:38 pm

≫ Next: dell vrtx 1gb switch module o nexus 7k

≪ Previous: untagged or tag port configuration for Equallogic DCB

Greetings! I need to create a network that has 10 separate VLANs (only 3ports/VLAN) that can share one internet connection, but have no inter-VLAN visibility. What would be the best manner in putting this together? Private VLANs? Which PowerConnect Switch would be the best to go with for something like this?

Thank you!

↧

dell vrtx 1gb switch module o nexus 7k

June 1, 2014, 8:03 am

≫ Next: n3048 stacking

≪ Previous: VLAN Assistance Needed

I got the dell vrtx chassis with gb switch module, I have only 1 link atttached from gigabit 0/1 to the 7k

on the nexus 7k

the port config is

interface ethernet 4/33

switchport mode trunk

switchport trunk allowed vlan 50

no shut

---------------------------------------------

on the dell switch module, I have

console#sh run

config-file-header

v1.0.0.62 / RPLASMA_760_221_040

CLI v1.0

vlan database

vlan 50

exit

voice vlan oui-table add 000181 Nortel__________________

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 001049 Shoretel________________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00907a Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 50

name "vlan 50"

interface gigabitethernet0/1

switchport mode trunk

physically the links are up and I see green lights but my blades are not getting any nework from vlan50.

Thee is dhcp on vlan 50 but non of the blades are getting ip. I tried static ips but none of them can get netork access or ping the vlan50 gateway

any idea?

↧

n3048 stacking

June 2, 2014, 6:36 am

≫ Next: 3524P

≪ Previous: dell vrtx 1gb switch module o nexus 7k

Hi i have in my stock 6248 powerconnect, i would like to stack it if possible with the new model: N3048, is it possible? what cables? modules is needed for both models for this particular configuration? thanks lotan

↧

3524P

June 2, 2014, 6:38 am

≫ Next: PC 6248P Ip helper-address dhcp

≪ Previous: n3048 stacking

Hi my customer want to use stacking on this old model: 3524P, the question is if it is possible to stack it to another unit of this model? i seen in the datasheet and technical documents that answer is positive, if yes- what is the cable needed for this? thanks lotan

↧

PC 6248P Ip helper-address dhcp

May 16, 2014, 12:44 pm

≫ Next: Force10 VLT and fast failover

≪ Previous: 3524P

I am working on getting a vlan setup for our new shoretel phones. I have 2 PC 6248p stacked. The first unit is primarily used for desktops servers and our wireless APs. The APs are on a vlan (1001 - which is bound to 192.168.3.0/24) but all the other ports are Access and are set to vlan 1 untagged (vlan 1 is the default vlan). Our DHCP server is on 192.168.1.0/24 which is the subnet for the default vlan and has a scope setup for this subnet. It also has a scope set for 10.1.6.0/24 which is the subnet for vlan 200 Unit 2 of the stack has most of its ports set to general mode pvid 200. Vlan 200 interface is set to 10.1.6.1 and VLAN 200 is bound to 10.1.6.0/24 I have DHCP relay enabled globaly and VLAN 200 set for IP helper-address 192.168.1.185 which is my DHCP server. I have tried having my switches in routing mode and with "no ip routing" either way, when devices are plugged into ports with Switchport general pvid 200 the dhcp server is unavailable. When plugged into a port set as untagged then DHCP is available and the device gets a 192.168.1.0/24 address. I need devices plugged into the ports tagged vlan 200 to get assigned address via DHCP in the 10.1.6.0/24 subnet. What am I missing?

↧

Force10 VLT and fast failover

June 2, 2014, 1:16 pm

≫ Next: Configuration: Port-security on Cisco 2960

≪ Previous: PC 6248P Ip helper-address dhcp

Forgive me if this belongs somewhere else, but I could not find a Force10 forum. We have a 4820T pair configured as a VLT domain. Our "leaves" are Dell 5548s and 6224s connected via LAGs to the 4820T "spines". It seems in a failure scenario we cannot get our paths back up in less than about 7-8 seconds. In one of the white papers they were showing 1.5 sec path recoveries. What is the determining factor in getting a fast recovery? We have RSTP hello times etc dialed as low as they can go on the PowerConnects FWIW. Is there something else in say LACP etc that we have missed causing the path recovery to be slow?

↧

Configuration: Port-security on Cisco 2960

October 22, 2013, 9:09 pm

≫ Next: Applying ACLs to an 8132 switch

≪ Previous: Force10 VLT and fast failover

Hello,

Want the secure server that are connected to the port of Cisco Catalyst 2960.

The following configuration, any mistake?

Global :
ip dhcp snooping
ip dhcp snooping vlan X
ip arp inspection vlan X
ip source binding AAAA:BBBB:CCCC vlan X X.X.X.X interface fa0/1

On fa0/1 port :
switchport access vlan 85
switchport mode access
switchport port-security
switchport-security maximum 1
switchport port-security violation protect
switchport block multicast
switchport block unicast
ip verify source
spanning-tree bpduguard enable

That advise me on setting up storm-control broadcast/multicast/unicast (storm-control action shutdown) ?

Thank you very much!

↧

Applying ACLs to an 8132 switch

June 2, 2014, 11:22 pm

≫ Next: Access port versus general untagged

≪ Previous: Configuration: Port-security on Cisco 2960

I have a PC8132F switch configured with two VLANs;

VLAN 10 - 10.0.0.0/24
VLAN 20 - 192.168.0.0/24

IP routing is enabled on the switch and devices on each VLAN communicate with each other as expected. I would like to apply IP ACLs so that VLAN 10 cannot access VLAN 20, but VLAN 20 can access VLAN 10. I've applied an ACL to the switch using the following commands:

access-list vl10 deny ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list vl10 permit ip any any
interface vlan 10
ip access-group vl10

After applying, VLAN 10 is blocked from accessing VLAN 20 as intended, but VLAN 20 also loses access to VLAN 10 because the reply traffic from VLAN 10 is being blocked on return.

I've looked over the CLI Reference Guide, but can't see anything about ACLs supporting stateful/established connections to support reply traffic. Can it be done, and if so, how would I go about achieving it?

Thanks

↧

Access port versus general untagged

June 2, 2014, 2:20 pm

≫ Next: Dell 2824 / Ubiquiti UniFI / Guest WIFI VLAN tag

≪ Previous: Applying ACLs to an 8132 switch

If I set a port to access and the port belongs to the vlan that contains my DHCP server, my device acquires and address instantly. If the port is set to General and is an untagged member of the same vlan then I don't get an address from my DHCP server. Why would this be?

↧

Dell 2824 / Ubiquiti UniFI / Guest WIFI VLAN tag

June 2, 2014, 2:36 pm

≫ Next: Critical Scan: A VxWorks WDB Debug Agent is running on this host.

≪ Previous: Access port versus general untagged

Hi,

I have a 2824 PowerConnect and two Ubiquiti UniFI APs each of which is wired into a port on the 2824.

The UniFi APs create wireless networks and share the configuration among all radios. These two APs are publishing two SSIDs, one protected wireless network for staff, another unprotected wireless network for guests. I have the ability to tag either wireless network as I want.

I want to use a VLAN to push traffic through the Dell switch onto a DMZ port in our firewall.

My initial idea was to:

1. Tag the Guest wireless network with VLAN 11.

2. Leave the Staff wireless network un-tagged.

3. Set trunks on the two ports which terminate the APs to allow untagged and 11.

4. Add an additional port on the 2824 to membership in 11 only.

5. Wire the 11-only port to the DMZ port of my firewall.

Here are my questions:

1. Can a trunk port allow both un-tagged and ID packets?

2. If so, can I specify a port REJECT untagged packets? (I want to prevent untagged stuff from reaching the DMZ port on the firewall.)

3. Does anyone see a flaw in my set up?

Thanks,

↧

Critical Scan: A VxWorks WDB Debug Agent is running on this host.

June 3, 2014, 12:59 pm

≫ Next: Finding an IP address using a mac address on Dell 5424 switch

≪ Previous: Dell 2824 / Ubiquiti UniFI / Guest WIFI VLAN tag

Received a Critical alert from a Nessus scan today that one of our Dell 6248 PowerConnect switches is running A VxWorks WDB Debug Agent, and is therefore vulnerable. Is there any way to simply disable this service/agent? (VU#362332) refers to an exposed VxWorks debug service (WDB Agent). This service runs over UDP port 17185 and allows complete access to the device, including the ability to manipulate memory, steal data, and ultimately hijack the entire operating system. Solution: Disable the debug agent Description: "Synopsis: Arbitrary commands can be run on this port. Description: A VxWorks WDB Debug Agent is running on this host. Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device. Solution: Disable the debug agent Risk Factor: Critical

↧

Finding an IP address using a mac address on Dell 5424 switch

June 3, 2014, 1:16 pm

≫ Next: Configuration of Dell M8024K & M6220 switches

≪ Previous: Critical Scan: A VxWorks WDB Debug Agent is running on this host.

We deployed a Dell 5424 Switch without proper config documentation.

It is picking up an DHCP and active on the network.

How do I find out what IP it is getting if I know the mac address for the switch?

Thank you.

↧

Configuration of Dell M8024K & M6220 switches

June 4, 2014, 12:06 am

≫ Next: Slave switch keeps rebooting after unstacking- Dell PowerConnect 6224

≪ Previous: Finding an IP address using a mac address on Dell 5424 switch

I need the best confguration steps, the scenario is M620 server are having 10G dual port LOM and Quad Port Gigabit CNA on Mezzanine 1 (B), want to connect 10G dual Port to Dell M8024-K (A1 & A2) and Quad Port Gigabit CNA to Dell M6220 (B1 & B2).

Currently 10G Dual Pot NIC in OS are not showing the connectivit with 8024K and only 2 Gigabit NIC instead of Quad Port are showing te connectivity with M6220 (NIC 1 is connected with B2 and NIC 4 with B1.

↧

Slave switch keeps rebooting after unstacking- Dell PowerConnect 6224

June 4, 2014, 6:07 am

≫ Next: High CPU for ipMapForwardingTask

≪ Previous: Configuration of Dell M8024K & M6220 switches

Hello Everyone;

I have 2 switches (PowerConnect 6224) stacked together. Since we no longer need them stacked as we got new switches we decided to take the stack cables away and use them as individual switches.

So I tried unstacking the switches first using via CLI but it did not work, simply nothing happens. So I took the stacking cards away from both switches and removed the stacking cables.

Master switch works fine, but the slave keeps rebooting.

I trued the following:

From boot options, I tried reset, restore manufacture settings, format ... They look successful as the config seems like it's gone and once the switch boots it ask me if I want to run configuration wizard but it will just freeze and reboot.

is there way to fix it? or the switch is dead?

All ideas are welcomed

thank you

↧

High CPU for ipMapForwardingTask

December 10, 2013, 5:42 am

≫ Next: PowerConnect 3524p (The MAC address is not valid. You must set it now! )Error

≪ Previous: Slave switch keeps rebooting after unstacking- Dell PowerConnect 6224

I have a problem with Powerconnect 6248, which appeared recently. Time from time CPU for ipMapForwardingTask rises up to 30-40% instead of normal operation (average 6%) and PINGs to switch raises from 1ms to 50-100ms. Logs show nothing. It last from several dozens seconds to minutes. Then it goes back to its normal stage, but after few hours (or less) repeats again. What could be the reason? Current FW 3.3.1.10

↧

PowerConnect 3524p (The MAC address is not valid. You must set it now! )Error

July 18, 2012, 3:37 pm

≫ Next: Dell Power Connect 5548 DHCP Relay Not Working

≪ Previous: High CPU for ipMapForwardingTask

Hi, i have a dell 3524p. It powers up fine but promp message asking for mac address and keep asking password which i can't figure out. Please let me know if you can help. Much appreciate.

Boot1 Checksum Test...............................PASS

Boot2 Checksum Test...............................PASS

Flash Image Validation Test.......................PASS



BOOT Software Version 1.0.0.08 Built  29-Nov-2007  16:38:01

                          ##
 ###########            #####        ######        ######
 ##############       #########      ######        ######
 ###############     #########       ######        ######
 ################  ########## ####   ######        ######
 ################ #########  ######  ######        ######
 ########################  ######### ######        ######
 ######   ##############  ########  #######        ######
 ######    ###################### #########        ######
 ######    ####################  ##########        ######
 ######    ###################  ###########        ######
 ######    ################## #############        ######
 ######   #################################        ######
 ################################################# ############
 ################  ################  ############# ############
 ################   ##############   ############# ############
 ###############      ##########     ############# ############
 ##############        ########      ############# ############
 ###########             ####        ############# ############
                          ##
 PowerConnect 3524 board based on Orion 88F5181 ARM926EJ processor
 64 MByte SDRAM. I-Cache 8 KB. D-Cache 8 KB. Cache Enabled.

Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom.

The MAC address is not valid. You must set it now!

Enter password :
invalid password !!
Enter password :
invalid password !!
Enter password :

↧

Dell Power Connect 5548 DHCP Relay Not Working

June 3, 2014, 1:33 pm

≫ Next: N4032 UNROUTED VLAN1...?

≪ Previous: PowerConnect 3524p (The MAC address is not valid. You must set it now! )Error

Guys,

Ok, so i have a Windows DHCP server. I have setup a new VLAN Scope.

I then assign on my 5548 an IP address for each VLAN, enable DHCP Globally and specify the Windows DHCP server's IP. However none of the Clients connected to the other VLANS besides the one the DHCP server is on, are pulling addresses.

Any ideas?

Here are the configs shown on the switch

ip dhcp relay address 192.168.10.5
ip dhcp relay enable

!
interface vlan 1
ip address 192.168.10.230 255.255.255.0
ip dhcp relay enable
!
interface vlan 5
name Management
ip address 192.168.5.230 255.255.255.0
!
interface vlan 20
name Voice
ip address 192.168.20.230 255.255.255.0
ip dhcp relay enable
!
interface vlan 30
name Wireless
ip address 192.168.30.230 255.255.255.0
ip dhcp relay enable
!
interface vlan 40
name Guestnet
ip address 192.168.40.230 255.255.255.0
ip dhcp relay enable