5510 configuration - DaddyofThree & other experts advice need 2

[zamkh]

Hi,

I was hoping DaddyofThree could help clarify my idea that I need to implement this weekend. I know about Cisco (was CCNP/DP) but it's been a while since I touched networking so don't want to crash this network. We are hoping to implement this weekend since downtime has been organized for us to implement a project.


At this site, we use Nortel 5510e switches linked together across 3 buildings.

The configuration is as follows:

Building 1:
7 x 5510e in a stack

4 x VLANS
VID 1: Default 10.0.128.0/23
VID 1226: DMZ-1 192.168.1.0/24
VID 1227: DMZ-2 192.168.2.0/24
VID 1227: DMZ-3 192.168.3.0/24

Building 2:
5 x 5510e switch stack
3 x VLANs
VID 1: Default 10.0.128.4/23 (this allows for routing between building 1 to 2)
VID 1096: Servers 10.0.96.0/23
VID 1104: Clients 10.0.104.0/23

Building 3
2 x 5510e switch stack
1 x VLAN (default)
VID 1: all clients 10.0.128.0/23


The three stacks are connected to each other by fibre links:
Buidling 1 and 2 connected via 3 x Fibre linked bonded into 1 MLT.
Building 1 and 3 connected via 2 x Fibres bonded into 1 MLT. Building 1 and 3 are on the same IP subnet
Building 2 and 3 are not directly linked but can route to each other via building 1.

The MLT's are all members of VLAN 1

The configuration is that the VLANs on each building are quite simple. A port is simply a part of A VLAN - no single port at the moment carries mutiple VLAN information. In building 1, the 3 DMZ vlans are just two or three ports configured into a VLan and connected to a firewall, so the firewall does the switching/routing between the DMZs and internal LANS


THE PROBLEM

The problem is now that I need to extend the DMZ-1 VLAN network on the building 1 stack to the Building 2 stack.

Reading all the posts in this forum and especially DaddyofThree's posts, I know that if I want to extend a VLAN across mulitple switch stacks, I need to do the following

Create the same VLAN ID on the other stack, so on the Building 2 stack, I create a new VLAN called 1226 and assign two physical ports to this VLAN.

I then need to make the MLT link between Building 1 and 2 a member of the VLAN 1226 so that traffic between the stacks can be routed.

Ensure the STP is disabled (Which is it is on all three stacks).

And this should be it.

MY QUESTIONS
Is it that simple? If not, How do I do this so that it works?

How do I configure the MLT link so that it is a member of both VLAN 1 and VLAN 1226?

I still can't understand why DaddyofThree says why it is preferable to create a dedicated VLAN e.g. 200 and to assign this as the primary VLAN for the MLT links. Why would we have to do this?

Is it possible that if I create all other VLAN ID's (e.g. 1096 and 1104 on Building 1 stack) on the requisite switch stacks that it would be possible to extend the other VLAN networks across the buildings so that we can make a switch port a member of any VLAN that we require and the MLT links between the building ensure it gets to where it needs to go.

Thank you in advance for your advice, it's been such a long time I looked at networking in-depth that I want to make sure I haven't forgotten something. To be honest, I've become actually quite useless with networks!

MH

 

[DaddyOfThree]

You are way too kind with your praise... there are quite a few experts in this forum that could help address your questions.

In short it is that simple... however, you need to change the MLTs (or at least the ports belonging to the MLTs) to trunk ports (from access ports).

config term
vlan ports 47,48 tagging enable

In this example above I'm using ports 47,48 for the uplinks and I'm enabling tagging which turns the port into a trunk. In Device Manager I believe it's referred to as tagAll(trunk) on the port under the VLAN tab.

In my examples I use VLAN 200 as my management VLAN, the VLAN that I place all the management interfaces in for all my switch equipment in the local area network. In order to keep my configurations clean I set the PVID of each trunk to 200, however, it really has no affect as long as the configuration is correct.

Good Luck!

 

[zamkh]

Hello,

I'm not being too kind. Just really thankful!

I bookmarked your blog page into my nortel favorites folder when I was was first doing research earlier this year. It was a good read and told me at that time that we could do what we wanted to do especially since our 'nortel' guys said it was impossible. Though we have now come to realise, they are just box pushers!

So even though I have read all the technical manuals from the nortel site wrt to configuration, etc, it is always better to get the advice of someone who knows the equipment like the back of his hand!

Will let you know how it goes!

Many thanks once again
MH

 

[zamkh]

Just to confirm, that the VLAN extension went well! No major problems. I used Nortel Device Manager exclusively. Had a problem where the extended VLAN on the other side, was 'not working'. Wireshark would show random packets that would show that the VLAN was indeed extended to the other building, but PING, etc did not work!

Finally worked out that besides just assigning a port to the VLAN using the VLAN -> VLANS option in Device Manager, I had to manually change the defaultVlanID on the port itself!

But it's resolved, and the project can now go to the next steps. Thank you for all your help.

 

[DaddyOfThree]

Happy to hear that everything went well. Congratulations!