Hey r/networking,
I've recently came up on a woe with the Gbe2c's that makes understanding tagging/untagging + pvid nearly damn impossible for me to grasp.
I have the following networks uplinked to said switch:
netBlock, vlanID, Appliance, uplinkInterfaceOnGbe2c
192.168.1.0/24, VLAN 1 (DMZ), AT&T uVerse Gateway, /c/port 21
10.0.5.0/29, VLAN 1, SonicWall NSA2400, /c/port 23
10.13.37.0/24, VLAN 1337 (VM mgmt Traffic), SonicWall NSA2400, /c/port 23
10.13.38.0/24, VLAN 1338 (Redundant ^^ mgmt), SonicWall NSA2400, /c/port 23
Since I can't throw the uVerse box in bridge mode, I decided to use the appliance as a literal DMZ; all my devices and VMs sit behind the SonicWall beside my VPN server and IIS box (which while everything resides inside the BladeSystem Chassis, these blades have a direct link to the DMZ. As opposed to flowing external ingress traffic through the SonicWall.)
So I discovered these Gbe2c's are Nortel based and I can't figure out its operation; hence me reaching out here ;). I'm used to Cisco and Ubnt.
Here's a consolidated config that does NOT hand out 192.168.1 address's.
/c/port 2 pvid 1 //pvid 1 is actually omitted from config dump. /c/port 23 tag ena /c/l2/vlan 1 ena name "uVerse" def 21 /c/l2/vlan 1337 ena name "VLAN 1337" def 1 3 4 5 6 7 8 23 /c/l2/vlan 1338 ena name "VLAN 1338" def 9 10 11 12 13 14 15 16 23 /c/l2/stp 1/clear /c/l2/stp 1/add 1 666 1337 1338 /c/l2/stp 1/port 21/off /c/l2/stp 1/port 23/off /c/l3/if 1 ena addr 192.168.1.253 broad 192.168.1.255 vlan 1 // also omitted from config dump. /c/l3/if 2 ena addr 10.13.37.253 mask 255.255.255.0 broad 10.13.37.255 vlan 1337 /c/l3/if 3 ena addr 10.13.38.253 mask 255.255.255.0 broad 10.13.38.255 vlan 1338 /c/l3/if 256 /* addr <dhcp> /* ena /c/l3/gw 1 ena addr 192.168.1.254 /c/l3/gw 2 ena addr 10.13.37.254 /c/l3/gw 3 ena addr 10.13.38.254
The only logical thing is that my /c/port 21 uplink to the uVerse box is not tagging vlan 1 due to tagging being disabled by default. I recall with my previous Cisco switches I was able to create a seperate vlan like 666 and segment the traffic from everything else as long as I didn't configure said VLAN inside my Router.
Now I did discover the following: ( I have no clue what the difference is )
>> Port 21# . .... tag - Enable/disable VLAN tagging for port tagpvid - Enable/disable tagging on pvid .... >> Port 21# tagpvid Current tag pvid support: enabled Enter new tag pvid support [d/e]: e >> Port 21#
I'll be ordering some Catalyst 3020's here soon to replace these things but in the meantime... I need some help!
Thanks everyone.
Hope your Mondays are going swell.
Cheers,
Dom.
No comments:
Post a Comment