Re: [enterasys] C25 - issue with the 'bridged at AP' mode

2013-02-25 Thread Michael Loosbrock 
Have you mirrorred ge.4.8 on the switch and confirmed return traffic is
even hitting the AP? And that it's tagged correctly? If the answer is 'yes'
and 'yes', it sounds like a HiPath bug. Otherwise, I'd check your upstream
trunks and make sure VLAN 300 didn't get pruned from an egress list
somewhere along the way.

Mike Loosbrock
Bethel University Network Services
651-638-6723


On Mon, Feb 25, 2013 at 8:45 AM, Flemmig, Dennis dennis.flem...@didas.dewrote:

 Hi All,

 we have an issue at a customer with a VNS where the traffic is bridged
 locally at the AP.
 There are 2 other VNS active on that AP, all 'bridged at HWC', no problems
 with these!

 The VNS is configured to tag the traffic on Vlan 300, the AP MGMT resides
 in Vlan 400 untagged.
 We see the MAC of a connected wireless client in the 'sh mac port ge.4.8'
 in the correct Vlan 300.
 On the L3 Device we can see an ARP entry for that client.
 BUT we see not one single packet arriving at the client! We tested with a
 second client! ;)

 No filter rules on this VNS ... no policy on the switchport ... no
 authentication on the switchport ...

 sh portinfo switchport :
 ge.4.8 400N  untagged: 400 tagged: 300,350

 What is the issue? Seems that the AP discards all the packets!?!

 Switch fw : 06.42.10.0016
 HWC fw  : 08.01.04.005
 AP : 3610-I
 HWC : 2 * C25

 Many thanks in advance
 Dennis


 Mit freundlichen Grüßen / Best regards

 Dennis Flemmig (Dipl. Ing.)
 IT-Specialist
 Networking Services


 DIDAS Business Services GmbH | Elisabeth-Selbert-Straße 4a | 40764
 Langenfeld

 Tel.: +49 (0) 2173-5966-470 | Fax: +49 (0) 2173-5966-610 | Mobil: +49 (0)
 172-5219-729
 Mail: dennis.flem...@didas.de | Web: www.didas.de
 AG Düsseldorf HRB 63231 | USt-ID-Nr.: DE811548338
 Geschäftsführer: Dirk Kiefer


 Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den
 bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat
 dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte,
 dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder
 Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich
 in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir
 möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail
 über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich
 die Möglichkeit der Kenntnisnahme und Manipulation besteht.

 The information contained in this e-mail is confidential. It is intended
 solely for the addressee. Access to this e-mail by anyone else is
 unauthorized. If you are not the intended recipient, any form of
 disclosure, reproduction, distribution or any action taken or refrained
 from in reliance on it, is prohibited and may be unlawful. Please notify
 the sender immediately. We also like to inform you that communication via
 e-mail over the internet is insecure because third parties may have the
 possibility to access and manipulate e-mails.






 ---
 To unsubscribe from enterasys, send email to lists...@unc.edu with the
 body: unsubscribe enterasys m-loosbr...@bethel.edu


---
To unsubscribe from enterasys, send email to lists...@unc.edu with the body: 
unsubscribe enterasys arch...@mail-archive.com

Re: [enterasys] VLAN Configuration - Email found in subject

2012-07-11 Thread Michael Loosbrock 
Hi Gustavo,

I think what Patrick is eluding to is that in order to route traffic
between VLANs, your router must have an interface in each of those VLANs.
Based on your description, it seems that your router does not have an
interface in VLAN 11. If that is indeed the case, (single-homed) hosts
inside VLAN 11 can't reach any hosts outside of VLAN 11.

However, based on the port config you posted for the B3 in Building 2, I
see you are egressing VLANs 11,100 and 200 to your management hosts on
ports 43 and 44. That suggests your management hosts are multi-homed,
meaning they have interfaces in each of those three VLANs. If that's what
you're doing, the reason you can't see hosts in VLANs 100 and 200 is
probably because the B3-management host traffic is untagged instead of
tagged.

What you likely want to do is this:
- Make the switch egress the VLANs tagged (set vlan egress 11,11,200
ge.1.43-44 tagged)
- Make sure your management host interfaces are VLAN interfaces.

Mike Loosbrock
Bethel University Network Services
651-638-6723


On Wed, Jul 11, 2012 at 10:51 AM, Patrick Printz ppri...@qcc.mass.eduwrote:

  Shouldn’t the router have vlan 11 as well?

 ** **

 *Patrick Printz*

 *Network Infrastructure*

 ** **

 Quinsigamond Community College
 670 West Boylston Street
 Worcester, MA 01606-2092 

 w. 508-854-7517

 c. 508-726-9529

 ** **

 ** **

 If a man is called a street sweeper, he should sweep streets even as
 Michelangelo painted, or Beethoven composed music, or Shakespeare wrote
 poetry.  He should sweep streets so well that all the hosts of heaven and
 Earth will pause to say, Here lived a great street sweeper who did his job
 well.

 ~Martin Luther King, Jr. 

 ** **

 *From:* Gustavo Veras [mailto:gustavo@gmail.com]
 *Sent:* Wednesday, July 11, 2012 11:46 AM

 *To:* Enterasys Customer Mailing List
 *Subject:* Re: [enterasys] VLAN Configuration - Email found in subject

 ** **

 Build 1:

 Router has two vlans:

 VLAN 100: 192.168.1.1/24 (ISP1)
 VLAN 200: 192.168.2.1/24 (ISP2)

 Have to see these addresses by VLAN management (11) port 43,44.

 2012/7/11 Patrick Printz ppri...@qcc.mass.edu

 Where is the routing being done for these vlan’s? 

  

 *Patrick Printz*

 *Network Infrastructure*

  

 Quinsigamond Community College
 670 West Boylston Street
 Worcester, MA 01606-2092 

 w. 508-854-7517

 c. 508-726-9529

  

  

 If a man is called a street sweeper, he should sweep streets even as
 Michelangelo painted, or Beethoven composed music, or Shakespeare wrote
 poetry.  He should sweep streets so well that all the hosts of heaven and
 Earth will pause to say, Here lived a great street sweeper who did his job
 well.

 ~Martin Luther King, Jr. 

  

 *From:* Gustavo Veras [mailto:gustavo@gmail.com]
 *Sent:* Wednesday, July 11, 2012 11:04 AM


 *To:* Enterasys Customer Mailing List

 *Subject:* Re: [enterasys] VLAN Configuration - Email found in subject

  

 Thanks, Erik!

 Is working well, but VLAN 11 is not working properly.

 the vlan 11 is only seeing the switches, do not see the vlan100, vlan200.

 Build 1: Switch IP: 172.16.0.1

 Build 2: Switch IP: 172.16.0.2

 43 44 was used as a port of management.

 The following configuration of the switch ports of the second building:

 B3(su)-show vlan port
  Port   VLAN  Ingress   Egress
   Filter Vlan
 -
 ge.1.1 11 N   tagged: 11,100,200
 ge.1.2 100N  untagged: 100
 ge.1.3 100N  untagged: 100
 ge.1.4 100N  untagged: 100
 ge.1.5 100N  untagged: 100
 ge.1.6 100N  untagged: 100
 ge.1.7 200N  untagged: 200
 ge.1.8 200N  untagged: 200
 ge.1.9 200N  untagged: 200
 ge.1.10200N  untagged: 200
 ge.1.11200N  untagged: 200

 .

 ge.1.4311 N  untagged: 11,100,200
 ge.1.4411 N  untagged: 11,100,200


 Do you know what might be happening?

 2012/7/10 Erik Phillips ephill...@ewrsd.k12.nj.us

 What about:
 building 1
 set vlan create 11,100,200
 set vlan egress 100 ge.1.1 tagged
 set vlan egress 200 ge.1.2 tagged
 set host vlan 11

 building 2
 set vlan create 11,100,200
 set port vlan ge.1.1-6 100 modify-egress
 set port vlan ge.1.7-11 200 modify-egress
 set host vlan 11

 Also, netsight (if you have it) can probably do this as well.  Check out
 the enterasys channel on youtube,
 http://www.youtube.com/watch?v=HbStJOT_m08 and
 http://www.youtube.com/watch?v=q4VNhLbrmcUfeature=results_mainplaynext=1list=PLD0A4267BC50654DB.
  I think it provides a good start for setups.


 Erik Phillips
 East Windsor Regional Schools