I'm trying to enable BPDUGuard on ports that are currently setup as Portfast on an N2048P switch.  How might I be able to enable this?

Regards.

Hey everyone - very long time Dell customer first time poster (always seemed to be able to find answers until now).

I just got a Dell X1052p Switch and it comes with a Micro USB to USB Console Cable, I connect it to a Windows 7 Laptop and it is asking for drivers. One would think that the drivers would be right in the Download Section but there isn't any mention of drivers. Anyone know where I can find the drivers?

Also anyone know how I can connect this switch to a Terminal Server? This is the fist switch I've ever seen with a USB Port for Console and of course our Term Server is RJ45 to serial adapters.

I have to say that I've been using Dell Switches for years and this has been by far the most painful experience ever with this new GUI and lack of any substantial documentation.

Hi,

We recently upgraded our network switches in M1000E enclosure to DELL MXL, but switch display port speed for internal ports as 1G not 10G

• nl-sw5#sh int status
• Port     Description  Status Speed     Duplex Vlan  
• Te 0/1   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/2   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/3   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/4   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/5   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/6   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/7   d5166 DELL   Up     1000 Mbit Full   65
• Te 0/8   d5166 DELL   Up     1000 Mbit Full   65

Switch version:

Dell Real Time Operating System Software

Dell Operating System Version:  2.0

Dell Application Software Version:  9.5(0.1)

Copyright (c) 1999-2014 by Dell Inc. All Rights Reserved.

Build Time: Thu Jul 31 21:20:08 2014

Build Path: /sites/eqx/work/swbuild01_1/build01/E9-5-0/SW/SRC

Dell Networking OS uptime is 1 day(s), 15 hour(s), 58 minute(s)

System image file is "system://A"

System Type: MXL-10/40GbE 

Control Processor: MIPS RMI XLP with 2 Gbytes (2147483648 bytes) of memory, cores(s) 1.

256M bytes of boot flash memory.

  2 34-port GE/TE/FG (XL)

 88 Ten GigabitEthernet/IEEE 802.3 interface(s)

  4 Forty GigabitEthernet/IEEE 802.3 interface(s)

M620 Blade FW versions:

Integrated Dell Remote Access Controller 2.21.21.21
Intel(R) Ethernet 10G 2P X520-k bNDC - 15.0.28
Intel(R) Ethernet 10G 2P X520-k bNDC - 15.0.28
BIOS 2.5.2
PERC H310 Mini 20.13.1-0002
BP12G+ 0:1 1.00
Lifecycle Controller 2.21.21.21
Dell 64 Bit uEFI Diagnostics, version 4247, 4247A1, 4247.2 4247A1
Dell OS Driver Pack, 15.07.07, A00 15.07.07
OS COLLECTOR 1.1, OSC_1.1, X10-00 OSC_1.1
System CPLD 1.0.7

Please help to change port speed to 10G.

Thank you.

Kind regards,

Aytugan.

We running spanning tree mst. Our typical access layer port config looks like this:

spanning-tree portfast
spanning-tree guard root
switchport access vlan 10

However, when a cable was plugged into two access-layer ports, a loop was created and neither port went into shutdown mode.

What is considered a best practice config for an access port in a spanning tree mst network?

Hi, I have 2 N4032 switches installed on separate server racks.

They are inter-connected on Port 23 and 24. Servers in Rack1 can ping Switch1, Servers in Rack2 can ping Switch2. However, they cannot inter-ping, i.e., Servers in Rack1 cannot ping Servers in Rack2 ...

How can I make them inter-connected? Any ideas will be highly appreciated. Thanks in advance!

Switch 1 

vlan 201
name "DMZ"
exit
vlan 202
name "DEV"
exit
vlan 203
name "INT"
exit
vlan 204
name "MGT"
exit
vlan 201-204
exit

...

interface Te1/0/23
channel-group 1 mode active
exit
!
interface Te1/0/24
channel-group 1 mode active
exit
!
interface port-channel 1
switchport mode trunk
switchport trunk native vlan 204
switchport trunk allowed vlan 202-204
exit

Switch 2

vlan 202
name "DEV"
exit
vlan 203
name "INT"
exit
vlan 204
name "MGT"
exit
vlan 202-204
exit

...

interface Te1/0/23
channel-group 1 mode active
exit
!
interface Te1/0/24
channel-group 1 mode active
exit
!
interface port-channel 1
spanning-tree guard root
switchport mode trunk
switchport trunk native vlan 204
switchport trunk allowed vlan 202-204
exit

We have a N4032 switch used for a vSAN environment. Right now we only have 4 ESXi host connected to it ( 8 ports ). all the switch ports are configured as auto:

show interfaces status

Port Description Vlan Duplex Speed Neg Link Flow Ctrl
State Status
--------- ------------------------- ----- ------ ------- ---- ------ ---------
Te1/0/1 95 Full 10000 Auto Up Active
Te1/0/2 95 Full 10000 Auto Up Active
Te1/0/3 95 Full 10000 Auto Up Active
Te1/0/4 95 Full 10000 Auto Up Active
Te1/0/5 95 Full 10000 Auto Up Active
Te1/0/6 95 Full 10000 Auto Up Active
Te1/0/7 95 Full 10000 Auto Up Active
Te1/0/8 95 Full 10000 Auto Up Active
Te1/0/9 95 N/A Unknown Auto Down Inactive
Te1/0/10 95 N/A Unknown Auto Down Inactive

On the ESXi side, each host has two NIC configured as auto mode.

the NIC teaming is configured as :

Both adapter active; 

load balancing : route based on the originating virtual port ID

failover detection: Link status only

Notify switches: Yes

Failback: Yes

The physical NIC are QLogic :

vmnic6 0000:43:00.0 bnx2x Up 10000Mbps Full 00:0e:1e:9e:c2:80 9000 QLogic Corporation NetXtreme II BCM57810 10 Gigabit Ethernet
vmnic7 0000:43:00.1 bnx2x Up 10000Mbps Full 00:0e:1e:9e:c2:82 9000 QLogic Corporation NetXtreme II BCM57810 10 Gigabit Ethernet

I found occasionally some of the NICs will go "link down", and come back in 5/6 seconds:

<189> Dec 13 19:17:59 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 6043 %% Link Up: Te1/0/5
<189> Dec 13 19:17:54 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 6041 %% Link on Te1/0/5 is failed
<189> Dec 13 19:17:54 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 6040 %% Link Down: Te1/0/5

<189> Dec 12 07:51:34 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5869 %% Link Up: Te1/0/5
<189> Dec 12 07:51:29 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5867 %% Link on Te1/0/5 is failed
<189> Dec 12 07:51:29 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5866 %% Link Down: Te1/0/5

189> Dec 9 22:12:08 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5732 %% Link Up: Te1/0/7
<189> Dec 9 22:12:02 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5730 %% Link on Te1/0/7 is failed
<189> Dec 9 22:12:02 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5729 %% Link Down: Te1/0/7

<189> Dec 9 11:39:41 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5726 %% Link Up: Te1/0/3
<189> Dec 9 11:39:36 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5724 %% Link on Te1/0/3 is failed
<189> Dec 9 11:39:36 10.4.101.83-1 TRAPMGR[1221624372]: traputil.c(697) 5723 %% Link Down: Te1/0/3

Te1/0/3,Te1/0/5,Te1/0/7 belong to 3 different hosts, doesn't look like it's a cable/switch port/nic hardware problem. since it's happening on 3 ports.

on my test N2048P I have update the os to 6.2.2.6 and 6.2.7.2 and when I try to add it to OMNM I get issues with both ssh and https authentication. All my other switches can be deleted and added with no problems and the switch config hasn't changed and is from a template the same as the my production. If I downgrade to 6.2.1.6 the switch can be added fine with no issues

the errors I get are:

SSH(Access/Aggregate) - Error Occured: Algorithm negotiation fail

HTTPS(Access/Aggregate) - Could not validate credentials; Failed to connect to Received fatal alert: handshake_failure

I have contacted Dell tech support but they haven't got to the bottom of it yet. Any ideas?

EDIT:: also when I get this error I can ssh and https web access directly to the switch in question with no problems

Is there a way to manually adjust the clock on the switch, the only reason I ask is because I have 3 switches, all N3048's and we use an NTP server so one of the switches I was able to just add the NTP server on it and specify the timezone and it worked great, the other 2 need adjustments even though they are configured the exact same way, the time and date are showing to be off by alot.

Switch A is a N2048p with vlan 2 as the access/management vlan for routing traffic. vlan 3 is unique to the switch and I am trying to using static routing rules to pass traffic to and from Switch B (a s4048-on).

If we state vlan 2 is 172.16.1.0/24 and Switch A is 172.16.1.2 and Switch B is 172.16.1.1. On Switch A is vlan 3 only with an IP 172.16.2.1.

On Switch A

vlan 2,3
exit
ip routing
interface vlan 2
ip address 172.16.1.2 255.255.255.0
exit
interface vlan 3
ip address 172.16.2.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1

vlan 2 is trunked between switches, vlan 3 is not part of this. When I do a show ip route command only vlan 2 is present, vlan 3 is not present. I cannot ping the ip address, nor add a route rule for it as it states:

The static route will not take effect until a routing interface
belonging to the same subnet as the next hop IP is created and activated.

Routing rules on the Switch B are present but no traffic passes. New to Dell switching and suspect I am missing something to have it work, just need a bit of help.

Can I copy (tftp, scp) the N3048 switch config to a remote server while being logged on to the OOB interface?

Syslog and NTP client running on the N3048 switch works fine, NTP en syslog server are both on remote networks which can be reached using the default gateway configured.

After logged on to the OOB a copy config (sftp, scp) fails to connect to the remote server. 

OOB interface een VLANs confgured on the switch are in different subnets.

N3048 firmware 6.2.1.6

Hello Experts,

I have two Powerconnect 7048P switches in a stack (via stacking modules and cables). 

I have two 10GB uplinks (one from each switch) to the firewall (one firewall). The firewall does not support a LAG, so the idea of this is for redundancy, in case one module, SFP, port, or fiber goes bad on one of the two switches.

The interfaces are configured as follows:

interface Te1/1/2
mtu 9216
switchport mode trunk
switchport access vlan 2
switchport trunk native vlan 2
exit

interface Te2/1/2
mtu 9216
switchport mode trunk
switchport access vlan 2
switchport trunk native vlan 2
exit

I was under the impression that spanning tree is enabled globally by default, so since both ports are connected to the firewall, only one port should be forwarding and one blocking without any further configuration. That is not the case though in this scenario, when both interfaces are connected I can no ping the management IP with a steady reply, it appears the two interfaces are rotating up and down, because I will get a ping response a couple of replies, and then will get request time outs for a while, and it is back and fourth. When I disconnect one interface, all is well. 

What is the proper way to configure these interfaces so spanning tree will work? If I issue the command show spanning-tree, it does show enabled on all ports. There are also multiple VLANs on these switches, some are connecting iSCSI SAN devices and some are connecting to ESXi hosts. Thanks in advance! 

Few of the ports are negotiating to 10 mb speed however if I change the port for the user system it negotiate to normal 1 gig. so its nothing on computer side.

Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control on
mdix auto
no back-pressure

interface vlan 1
interface port-channel 1 - 32

spanning-tree
spanning-tree mode RSTP

qos basic
qos trust cos
eee enable

Hello Guys,

I’ve been tasked to finish the Nullification of redirected packets.  

I’ve been trying different things but to no avail…. packets get to machines not listed on the permit list...

I’ve included snippets and configs of the three switches involved.  

Could you please peruse the configs and tell me if i’ve implemented the Null correctly?  Perhaps you can get a PC6248 engineer to have a look also.  

Is the PC6248 capable of dropping such traffic?   It’s manual says:
NOTE: For a static reject route, the next hop interface value is Null0. Packets to the network address specified in static reject routes are intentionally dropped.


I appreciate you all looking into this matter.


Thanks,

Roy

A VLT port channel 2 is set up between the cores and the pc6248.  VLT pair has near identical configurations...
 
ip route 0.0.0.0/0 10.10.20.2
ip route 5.5.5.0/24 192.168.2.8
 
ip redirect-list permit68to97
 seq 10 permit ip 192.168.68.0/24 host 192.168.97.100
 seq 20 permit ip 192.168.68.0/24 host 192.168.97.31
 seq 30 permit ip 192.168.68.0/24 host 192.168.97.18
 seq 40 permit ip 192.168.68.0/24 host 192.168.97.80
 seq 50 permit ip 192.168.68.0/24 host 192.168.97.20
 seq 80 redirect 5.5.5.5 ip any any
 
force10-01-1A#show ip route all
 
Gateway of last resort is 10.10.20.2 to network 0.0.0.0
 
       Destination        Gateway     Dist/Metric Last Change
       -----------        -------     ----------- -----------
 *S    0.0.0.0/0          via 10.10.20.2, Vl 1020 1/0 38w0d
  S    5.5.5.5/32         via 192.168.2.8, Vl 2 1/0 00:00:14
  C    10.10.20.0/29      Direct, Vl 1020 0/0     38w0d
  C    192.168.2.0/24     Direct, Vl 2 0/0        1w6d
  C    192.168.30.0/24    Direct, Vl 30 0/0       80w5d
  C    192.168.31.0/24    Direct, Vl 31 0/0       80w5d
  C    192.168.68.0/24    Direct, Vl 68 0/0        8w5d
  C    192.168.86.0/24    Direct, Vl 86 0/0       47w2d
  C    192.168.87.0/24    Direct, Vl 87 0/0       45w1d
  C    192.168.90.0/24    Direct, Vl 90 0/0       58w6d
  C    192.168.95.0/24    Direct, Vl 95 0/0       80w5d
  C    192.168.97.0/24    Direct, Vl 97 0/0       80w5d
  C    192.168.98.0/24    Direct, Vl 98 0/0       80w5d
  C    192.168.102.0/24   Direct, Vl 102 0/0       53w6d
  C    192.168.103.0/24   Direct, Vl 103 0/0       52w6d
force10-01-1A#

force10-01-1A#ping 192.168.2.8
 
Type Ctrl-C to abort.
 
Sending 5, 100-byte ICMP Echos to 192.168.2.8, timeout is 2 seconds:
!!!!!
Success rate is 100.0 percent (5/5), round-trip min/avg/max = 0/0/0 (ms)
force10-01-1A#

force10-01-1A#  show ip redirect-list permit68to97

IP redirect-list permit68to97:
 Defined as:
  seq 10 permit ip 192.168.68.0/24 host 192.168.97.100
,
  seq 20 permit ip 192.168.68.0/24 host 192.168.97.31
,
  seq 30 permit ip 192.168.68.0/24 host 192.168.97.18
,
  seq 40 permit ip 192.168.68.0/24 host 192.168.97.80
,
  seq 50 permit ip 192.168.68.0/24 host 192.168.97.20
,
  seq 80 redirect 5.5.5.5 ip any any, Next-hop reachable (via Vl 2), ARP resolved
,
 Applied interfaces:
  Vl 68
force10-01-1A#

——>>>AND from it’s vlt peer:  <<<<-------------------

force10-00-1B#show ip redirect-list permit68to97

IP redirect-list permit68to97:
 Defined as:
  seq 10 permit ip 192.168.68.0/24 host 192.168.97.100
,
  seq 20 permit ip 192.168.68.0/24 host 192.168.97.31
,
  seq 30 permit ip 192.168.68.0/24 host 192.168.97.18
,
  seq 40 permit ip 192.168.68.0/24 host 192.168.97.80
,
  seq 50 permit ip 192.168.68.0/24 host 192.168.97.20
,
  seq 80 redirect 5.5.5.5 ip any any, Next-hop reachable (via Vl 2), ARP resolved
,
 Applied interfaces:
  Vl 68

Her are snippets from the PC6248:

PC6248 Switch with Null:

vlan database
vlan 2,98
vlan routing 98 1
vlan routing 2 2
exit

ip address 10.1.12.11 255.255.255.0

ip routing
ip route 5.5.5.5 255.255.255.255 Null
ip route 0.0.0.0 0.0.0.0 192.168.98.1

interface vlan 2
routing
ip address 192.168.2.8 255.255.255.0
exit

interface vlan 98
routing
ip address 192.168.98.8 255.255.255.0
exit

nullspacedell#show ip route

S      0.0.0.0/0 [1/0] via 192.168.98.1,   vlan 98
S      5.5.5.5/32 [1/0] directly connected,   Null0
C      192.168.2.0/24 [0/1] directly connected,   vlan 2
C      192.168.98.0/24 [0/1] directly connected,   vlan 98

nullspacedell#

We need the PC6248 because the S4810 does not have a method to drop packets (yet).

The packets destined for other than those listed in the permit statements get through. 

Any insight would be appreciated!

Hello Guys,

I have four MXL switches which are connected as one stack, switches are connected to ESX hosts using PVLAN and my problem is with virtual servers which are in the same network and every server can steal IP address from another host. How can I prevent to block this on Force10 ? On cisco I use  Unicast Reverse Path Forwarding or sticky-arp but on Force10 there mac-address-sticky but that won't help me. Maybe anyone has any idea how to make IP stealing impossible ?

Thanks.

Hi

I am testing a Palo Alto device and I am trying to configure up a span port on the 8024f I have.

This port needs to see all the traffic on the switch

I can't use mirror port as is only mirrors 1 port and no one port has all the traffic

I tried something like this

interface Te2/0/21
description "SPAN port on PA-3020"
spanning-tree disable
spanning-tree portfast
mtu 9216
switchport mode trunk

but its not seeing all the traffic.

I found the ability to mirror a flow but I haven't been able to get it to work 

no policy-map PA-span
no class-map CM-all

class-map match-all CM-all ipv4
!! if i have the below enable I can't assign it to any ports
!!match any
exit

policy-map PA-span out
class CM-all
mirror Te2/0/21
exit
exit

if I try an assign any match to the class-map it fails 

what I would like is every outbound packet to be mirrored to te2/0/21

I think its possible.  But having a hard time getting it working

Hello,

We have a PowerConnect 3254 which has served us well for many years. Yesterday, our entire network (we're a small company) was shutdown as the switch appeared to be culprit; everybody appeared to be disconnected from the LAN. Several reboots later and we're back in business.

Today, I see our firmware version is out of date (2.0.0.22) and so I try to update to 2.0.0.65. Mid-way through the download (using the web-console) the display locks-up, like this:

Status: Download In Progress
Bytes transferred: 2303980

The web-console IP can be pinged and it responds, but I cannot access the web console; my browser (F/fox and IE) both show an empty page. Viewing the web-page source code reveals one empty line. Network activity seems to be mostly OK.

However, one of my servers is completely inaccessible, which is the recipient of a port-mirroring configuration monitoring a one E-port and one G-port.

I did check the "health" and no errors are shown although the temperature seemed high (46C - i think).

My next-day warranty expired some 2 years ago, but I think these devices have a limited lifetime warranty.

Currently, as I await an answer, my switch is still routing regular network traffic as I want... but is still preventing access to one of my Servers as well as the admin web-console.

Any help or suggestions would be seriously appreciated. Thank you.

Hello,

I got the documentation about setting up our network switch, I was able to get the IP setup for the switch, but I am having issues creating the admin user account to level 15.  Right now the admin user is level 1 read only, here is the screen shot of the issue I am having on my end.  The network switch I am trying to setup is a N2048P

I am typing in the command as stated in the Dell documentation: FOUND HERE.

Setting login access on the switch.

To manage the switch you will need a username and password. To manage the switch via telnet or SSH, you will require an enable password. Input the following commands to configure login access. This is an example with the username as Dell, and password as P@$$w0rd. The enable password example uses ENP@$$w0rd. These are just examples and you should use more complicated, hard to guess credentials to secure your switch.

console>enable

console#configure

console(config)#username Dell password P@$$w0rd level 15

Thank you.

We've got an M8024-k switch installed in our Dell blade chassis.  I'm trying to get igmp snooping to work on a VLAN without much success.  Software version appears to be 5.1.5.1.  Commands described in docs I've found via the Dell site or Google don't work. I've poked at it and I think I'm close but while the switch says that the interface mode is enabled, the operational status shows non-operational:

Interface  Interface-Mode  Operational-Status
---------  --------------  ----------------
Vl1        Disabled         Non-Operational
Vl101      Enabled          Non-Operational

The manuals say you should be able to go into interface mode for the vlan and enter the command ip igmp snooping but that is not a valid command:

feldstack-blade1(config-if-vlan101)#ip igmp ?

<cr>                        Press enter to execute the command.
last-member-query-count     Configure last member query count.
last-member-query-interval  Configure last member query interval.
query-interval              Configure IGMP query interval.
query-max-response-time     Configure maximum query response time.
robustness                  Configure IGMP router robustness.
startup-query-count         Configure startup query count.
startup-query-interval      Configure startup query interval.
version                     Configure IGMP or IGMP Proxy version.

When I generate multicast traffic from a VM behind this switch, I never see the group in the list of known groups, even though I see the group and mroutes come and go further up stream of this on my Cisco 6500 that is the mrouter for the vlan.

Anyone have any luck getting something like this working?  Any ideas where I can get the config manual for 5.1.5.1?

Thanks.

Mike

Hello all,

My first post to the Dell Community. I have been configuring some Dell 6224 backbone switches to do the inter VLAN routing, instead of having the Sonicwall do it. I've reached a point where the devices on either VLAN can ping eachother, however none of them have internet access. It is pretty puzzling as I've entered a default route if none of the vlan routes are matched.. 

The idea is this

Core switch/s: 1-2 6224 (vrrp is needed if 2 are used) for routing  — Don’t think I’ll need any spanning tree setup special

2nd Tier Switches: For VM hosts to plug into, and servers – portfast on all vmhosts, servers, etc

Access Switches: All ports set to portfast and bpdu/loop guard.

To recap, all vlan routing works internally, but I can’t not get to the WAN form any vlan.  I thought that the ip default-gatway command was the key, but it keeps giving me an error I don’t remember at the moment.

The config file below uses information from our upcoming network change.

All Firewalls are located at x.x.x.254

All L3 Routing IPs will be x.x.x.1 so none of the statically configured servers need to be changed.

We won’t be using dhcp relay for now

enable

configure

vlan database

vlan 1,70,90,200,302,400-401

vlan routing 1 1

vlan routing 70 2

vlan routing 200 3

vlan routing 302 4

vlan routing 400 5

vlan routing 401 6

Exit

ip address vlan 90

ip address 10.90.0.1 255.255.255.0

interface vlan 1

ip address 10.0.0.1 255.255.255.0

name Access

exit

interface vlan 70

ip address 10.70.0.1 255.255.255.0

name Cameras

exit

interface vlan 90

name MGMT

exit

interface vlan 200

ip address 10.200.0.1 255.255.255.0

name DMZ

exit

interface vlan 302

ip address 10.20.0.1 255.255.255.0

name VoIP

exit

interface vlan 400

ip address 10.30.0.1 255.255.255.0

name IT

exit

interface vlan 401

ip address 10.30.1.1 255.255.255.0

name iscsi

exit

iscsi enable

ip routing

ip route 0.0.0.0 0.0.0.0 10.0.0.254

!logging console debug

!logging cli-command

!logging buffered debug

spanning-tree priority 4096

!

interface range ethernet 1/g1-1/g4

description "PC 1"

channel-group 1 mode auto

storm-control broadcast

mtu 9216

exit

interface range ethernet 1/g5-1/g8

description "PC 2"

channel-group 2 mode auto

storm-control broadcast

mtu 9216

exit

interface range ethernet 1/g9-1/g12

description "PC 3"

channel-group 3 mode auto

storm-control broadcast

mtu 9216

exit

interface range ethernet 1/g19-1/g22

description "PC 4"

channel-group 4 mode auto

storm-control broadcast

mtu 9216

exit

interface range ethernet 1/g13-1/g16

storm-control broadcast

description "access switches"

mtu 9216

switchport mode trunk

switchport trunk allowed vlan add 1,70,200,302,400

spanning-tree guard root

spanning-tree guard loop

exit

!

interface ethernet 1/g17

description "PBX"

spanning tree disable

switchport mode access

switchport access vlan 302

exit

interface ethernet 1/g23

storm-control broadcast

description "Andys Office"

spanning-tree guard loop

mtu 9216

switchport mode general

switchport general allowed vlan add 70,90,200,302,400-401 tagged

exit

!

interface ethernet 1/g24

spanning-tree disable

switchport mode general

switchport general allowed vlan add 70,90,200,302,400-401 tagged

exit

!

interface ethernet 1/xg1

spanning-tree guard loop

mtu 9216

exit

!

interface ethernet 1/xg2

spanning-tree guard loop

mtu 9216

exit

!

interface ethernet 1/xg3

spanning-tree guard loop

mtu 9216

exit

!

interface ethernet 1/xg4

spanning-tree guard loop

mtu 9216

exit

!

interface port-channel 1

description "5448 PC1"

switchport mode trunk

switchport trunk allowed vlan add 1,70,90,200,302,400,401

mtu 9216

spanning-tree guard loop

exit

interface port-channel 2

description "5524AB PC2"

switchport mode trunk

switchport trunk allowed vlan add 1,70,90,200,302,400,401

mtu 9216

spanning-tree guard loop

exit

interface port-channel 3

description "5424 PC3"

switchport mode trunk

switchport trunk allowed vlan add 1,70,90,200,302,400,401

mtu 9216

spanning-tree guard loop

exit

interface port-channel 4

description "6224 B PC4"

switchport mode trunk

switchport trunk allowed vlan add 1,70,90,200,302,400,401

mtu 9216

spanning-tree guard loop

exit

!

Hello all,

The scenario is, I need to offload the user and guest user internet traffic to a secondary dia while maintaining the current DIA for all other VLANs and subnets.

It looks like PBR is the answer, and I can get it to send the subnet to the right DIA but I lose routing to the other VLANs.

Does anyone have any suggestions for how to best accomplish this?

The default gateway is on VLAN 10 (10.xx.0.254)

Secondary DIA is on VLAN 6 (10.xx.6.254)

VLAN 13 and VLAN 14 are the two I need offloaded to the secondary.

All VLANs are routed from the N3048 in question.

I created ACLs "guestwireless" and "corporatewireless".

guestwireless:

permit ip 10.xx.104.0 0.0.0.255 any

corporatewireless:

permit ip 10.xx.103.0 0.0.0.255 any

I created route-map "secondarydia"

secondarydia:

route-map secondarydia permit 10

match ip address guestwireless

set ip next-hop 10.xx.6.254

match ip address corporatewireless permit 20

set ip next-hop 10.xx.6.254

I then applied the route-map to each VLAN:

ip policy route-map secondarydia

It works in that those subnets indeed use the new DIA but they do not route back into the network for other routed vlans. For the guest wireless network I don't want them to have a route back, but for the corporate wireless I do. In my reading the documentation it seemed to me that anything not in the ACLs get routed the usual way, but that's not the case.

I am a noob at PBR so be gentile. :)

I am implementing this on Dell N3048s.

Thanks,

Rob