Need Configuration Advice pair of Nortel BP470-48T's

[Insomniah]

Hi all, I was wondering if anyone can help me. I do not know too much about these switches.

I have 2 switches connected to each other via gbic
lets say switch 1's ip is 10.10.10.1 and switch 2 is 10.10.10.2.

This is my exmaple configuration of what I am trying to accomplish, I apologize if I am not clear or detailled enough- my first post

Switch 1
vlan1 -Built in management vlan? 1-48
vlan2 - 10.10.10.0/24 1-16 lan
vlan3 - 231.10.10.1/24 17-32 wan
vlan4 - 10.20.10.0/24 33-48 lan
gbic
|
|
|
Switch 2
vlan1 -Built in management vlan? 1-48
vlan2 - 10.10.10.0/24 1-16 lan
vlan3 - 231.10.10.1/24 17-32 wan
vlan4 - 10.20.10.0/24 33-48 lan


This configuration doesn't seem to isolate the different collision domains from each other. All the devices I have attached can talk to each other (much to my surprise).

Is there a better way to accomplish this isolation? I each subnet to traverse the fiber even the wan, but obviously I need to keep them from talking to each other.

Can anyone point me in the right direction?

Thanks in advance!

 

[Insomniah]

I have another question, or possibly it is the same question asked in a different way;

Can I configure this switch so that ports 1-16, 17-32, 33-48 on switch one are on the same vlans as corresponding vlans switch 2? I thnk this would solve my issues but I am really not sure how to go about configuring this.

Not looking for hand outs guys I don't have any of the original documentation for these things, but I am searching all over for documentation that I can read that may help.

Any suggestion at all would great, I would really appreciate any insight any of you could provide.

 

[Insomniah]

After getting some rest and doing some reading, I enabled tagging on each vlan on each switch, and now I do not have a problem with isolation. The only issue now appears to be that the traffic is no longer traversing the GBIC link from switch to switch.

I am going to do some more reading to see if I can determine why but just so anyone reading this knows what I have done; I enabled tagging on ports 17-32 on both switches. Do I need to filter tagged/untagged frames in order to get the two switches communicating or is this a problem because both vlans are members of the same STG group?

 

[andy88]

It is unclear what you want to do here.

If you create different vlans on the switches then only devices in the same vlan will be able to talk to each other as they are L2 switchs. The reason why everything can talk to each other at the moment is you have enabled tagging on each port which will have a pvid of 1, this will put all untagged traffic in vlan 1.

Untag all ports except the Gbic's.
Create the vlans on each switch and add the ports (1-16 etc)and also add the Gbic to each vlan.

This will allow users in each vlan to talk to each other across both switches, but not users in different vlans.(For that you will need a router.)

 

[Insomniah]

Hi Andy thanks for responding.

I'm sorry I'm a bit of a newb but I'll try to clarify a little.

Here are the steps I executed on both switches

Created Vlan2 - Vlan2's memebers are ports 17-32
Removed Vlan2 members from vlan1 (management vlan)
Setthe pvid's on ports 17-32 to 2
Untagged everything

I added port 47 to vlan2 (it's still a member of vlan1 on both switches) which I assume represents the Gbic in the top slot marked (47).

So the traffic appears to be isolated from one collision domain to the other (vlan1/2) but vlan2 members on switch one do not appear to be able to communicate with vlan2 members on switch2.

I'm really not sure how to tag the gbics. maybe that is what I am doing incorrectly?

Any idea where I might have gone wrong?

 

[andy88]

Do you have connectivity on vlan 1, i.e can you ping the 2 mangment addresses?

To check that the Gbic's (47) are tagged on both switches. Go to "vlan port configuration", then "Tag All"

 

[Insomniah]

Hi Andy thanks again for your response.

with the aforementioned configuration there is no problem pinging the management ip's those are on the same subnet as my test machine, but traffic to vlan2 doesn't appear to get there.

I just did a telnet into each of the switches, I looked switch configuration>vlan configuration>clan port configuration. I selected port 47, then tagging - and changed it to the only other possible value -> tagged trunk. I did this on both switches for port 47.

The result is the same as before though. the vlan2 traffic does not appear to reach switch1 from switch2 or vice versa.

One question - should the pvid for the trunk be 1 or 2? it doesn't appear to want to take more than one pvid but I just may be doing something incorrectly.

Thanks again

 

[Insomniah]

Hi Andy,

I went back over the configuration specifically the PVID's one switch it did not automatically assign them, I changed them manually and now it appears to be working great!

Thanks so much for your help, this finally ends multiple hours fo frustration for me

 

[andy88]

I'm glad its working.

The PVID is the default vlan for the port. So if un-tagged traffic is received on the port it is dropped into the PVID. Usually its best to have the PVID the same as the managment vlan so you can maintain managment connectivity.

 

[HungryHouse]

Insomniah,
FYI: In the future, if you change value of AutoPVID (all port) to Enabled, then you wouldn't manually have to change the PVID after putting the interface in a VLAN.
(this can be configured under VLAN Port Configuration.

I hope this is helpful.

-HH