Dell N2000 - VLAN间路由问题

网络工程 VLAN 戴尔
2021-07-26 03:51:17

我被要求解决由不同工程师执行的安装问题。

基本拓扑为:

1x Dell N2000 作为核心交换机 1x Dell N2000 作为接入交换机 01 1x Dell N2000 作为接入交换机 02

接入交换机中继与核心的单个 1gb 接口(两个接入交换机上的 Gi1/0/24),因此据我所知,没有交换环路或类似的东西。

本质上,拓扑如下所示:

(ACSW01)Gi1/0/24 <-> Gi1/0/22 (核心) Gi1/0/21 <-> Gi1/0/24(ACSW02)

没什么特别的 - VLAN 是:

VLAN 47 - 192.168.47.0/24 VLAN 48 - 192.168.48.0/24 VLAN 49 - 192.168.49.0/24 VLAN 50 - 192.168.50.0/24

此时,任何 VLAN 上的客户端都可以获得 Internet 连接,但 VLAN 49 或 VLAN 50 上的客户端无法 ping 位于边缘交换机 01 (ESW01) 上的 VLAN48 上的打印机 - 但如果打印机的连接物理移动到核心交换机,它们可以. 问题在于边缘交换机上的 VLAN,而不是设备;任何连接到不在 VLAN 48 上的边缘交换机的设备将无法与任何其他 VLAN 通信 - 除非该设备位于核心交换机上。此外,这些客户端在 Internet 连接方面没有遇到任何问题(并且在所有 VLAN 中也能正常工作)。

以下是我迄今为止采取的故障排除步骤: 

1: Verify configuration integrity
    Notice that "ip routing" is on both edge switches - issue "no ip routing" command
    Ensure that "ip default gateway 192.168.48.254" is set - OK
        When setting IP default gateway, automatically switch creates an entry with "ip route 0.0.0.0 0.0.0.0 192.168.48.254" 
    Verify trunk tagging for Edge - Core - Edge:
        Appears OK - 48 native, 47,49,50 tagged
    Verify Aerohive trunk encapsulation
        Untagged 47, Tagged 48, 49, 50

2: Verify Layer 2 connectivity path
    Examine Spanning-Tree
        CSW01 reports it is NOT the root bridge
            Root bridge is ESW01 
        Changing CSW01 bridge priority to 8192 - "spanning-tree priority 8192"
            Root bridge is now CSW01 
    Checking MAC address table
        Printer on VLAN 48 on ESW01 has MAC w/last 4 D53C 
            CSW01: D53C appears on Gi1/0/22 (correct trunk link to ESW01) on VLAN 48
        My laptop on VLAN 49 on Aerohive (connected to CSW01) w/last 4 MAC A560
            ESW01: "show mac address-table | inc A560" - shows on Gi1/0/24 leading to Core on VLAN 49 - correct trunk link

3: Verify Layer 3 connectivity path
    Ping 192.168.48.225 (Printer, D53C) 
        FAILS from laptop on wireless VLAN 49 connected to CSW01
        FAILS from Aerohive on VLAN 47 connected to ESW01 
        WORKS from CSW01 command line
        WORKS from ESW01 command line
        WORKS from ESW02 command line 
        FAILS from laptop on wired VLAN 49 connected to CSW01 
        FAILS from laptop on wired VLAN 49 connected to ESW01

    Ping 192.168.48.1 (Sonicwall)
        WORKS from Aerohive connected to ESW01
        WORKS from Core Switch
        WORKS from Laptop on VLAN 49 connected to Core Switch
        WORKS from ESW01 command line

以下是相关端口的配置(为了冗余/简洁而抑制了一些输出):

核心开关: 

    AS-CSW01#show run

!Current Configuration:
!System Description "Dell Networking N2024P, 6.0.1.3, Linux 3.6.5-320b2282"
!System Software Version 6.0.1.3
!
configure
vlan 47
name "Aerohive Management"
vlan association subnet 192.168.47.0 255.255.255.0
exit
vlan 48
name "Client Company Wired Production"
vlan association subnet 192.168.48.0 255.255.255.0
exit
vlan 49
name "Client Company Wireless Production"
vlan association subnet 192.168.49.0 255.255.255.0
exit
vlan 50
name "Client Company Wireless Guest"
vlan association subnet 192.168.50.0 255.255.255.0
exit
vlan 47-50
exit              
hostname "AS-CSW01"
slot 1/0 8    ! Dell Networking N2024P
slot 2/0 5    ! Dell Networking N2048
stack
member 1 7    ! N2024P
member 2 8    ! N2048
exit
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.48.1
interface vlan 1
exit
interface vlan 47
ip address 192.168.47.254 255.255.255.0
ip helper-address 192.168.48.31
exit
interface vlan 48
ip address 192.168.48.254 255.255.255.0
exit
interface vlan 49
ip address 192.168.49.254 255.255.255.0
ip helper-address 192.168.48.31
exit
interface vlan 50 
ip address 192.168.50.254 255.255.255.0
ip helper-address 192.168.48.31
exit
username ´(output omitted)
ip ssh server
!
interface Gi1/0/1
description "AS-APFL1-01" (Aerohive AP trunk port)
switchport mode general
switchport general pvid 47
switchport general allowed vlan add 47
switchport general allowed vlan add 48-50 tagged
switchport general allowed vlan remove 1
exit
!
(Output omitted for brevity)
!
interface Gi1/0/18 (A regular access port)
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan remove 1
exit
!
!
interface Gi1/0/21
description "AS-ESW02"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 48
exit
!
interface Gi1/0/22
description "AS-ESW01"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 48
exit
!
interface Gi1/0/23
description "SonicWall X0"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
exit
!
interface Gi1/0/24
description "Uplink to NetGear"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
exit
!
exit
snmp-server engineid local 800002a203f8b1564d9fb4
snmp-server community "public" ro
exit

接入交换机 01:

AS-ESW01#show run

!Current Configuration:
!System Description "Dell Networking N2024P, 6.0.1.3, Linux 3.6.5-320b2282"
!System Software Version 6.0.1.3
!
configure
vlan 47
name "Aerohive Management"
vlan association subnet 192.168.47.0 255.255.255.0
exit
vlan 48
name "Client Company Wired Production"
vlan association subnet 192.168.48.0 255.255.255.0
exit
vlan 49
name "Client Company Wireless Production"
vlan association subnet 192.168.49.0 255.255.255.0
exit
vlan 50
name "Client Company Wireless Guest"
vlan association subnet 192.168.50.0 255.255.255.0
exit
vlan 47-50
exit              
hostname "AS-ESW01"
slot 1/0 8    ! Dell Networking N2024P
slot 2/0 5    ! Dell Networking N2048
stack
member 1 7    ! N2024P
member 2 8    ! N2048
exit
ip default-gateway 192.168.48.254
ip route 0.0.0.0 0.0.0.0 192.168.48.254 253
interface vlan 1
exit
interface vlan 47
ip address 192.168.47.253 255.255.255.0
exit
interface vlan 48
ip address 192.168.48.253 255.255.255.0
exit
interface vlan 49
ip address 192.168.49.253 255.255.255.0
exit
interface vlan 50
ip address 192.168.50.253 255.255.255.0
exit
username (output omitted)
ip ssh server
!
interface Gi1/0/1
description "AS-APFL3-01"
switchport mode general
switchport general pvid 47
switchport general allowed vlan add 47
switchport general allowed vlan add 48-50 tagged
switchport general allowed vlan remove 1
exit
!
(Output omitted for brevity)
!
interface Gi1/0/24
description "Trunk to Suite 128 (AS-CSW01)"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 48
exit              
!
exit
snmp-server engineid local 800002a203f8b1564da008
snmp-server community "public" ro
exit

我试图在我的家庭实验室(尽管是在 Cisco 设备上)复制这个问题,但无法:VLAN 间路由在该设置上运行良好。在这一点上,我有点难住了。戴尔技术支持希望我们为每台交换机创建一个单独的 VLAN,并在它们之间建立静态路由。不用了,谢谢。

感谢所有的想法/意见!

1个回答

解决方案:

用于将 VLAN 与子网关联的接入交换机上 VLAN 上的命令是问题的根本原因。 

vlan associate subnet 192.168.48.0 255.255.255.0

此命令告诉交换机通过数据包标头中的源 IP 地址将流量与适当的 VLAN 相关联。

发生的事情是来自客户端的返回流量将被转储到接入交换机上错误的 VLAN - 与其源 IP 关联的 VLAN,不同于客户端的 VLAN。

在接入交换机上删除这些命令会立即导致所有 VLAN 之间实现所需的连接。

编辑补充:此修复归功于一位网络专业人士,他指出了他们的功能并表达了他的担忧。

其它你可能感兴趣的问题
上一篇为什么只有一个“核心”路由器 下一篇FE、GE 以太网上的自动协商关闭时的链路脉冲