Vlan 8300 1

[pierg75]

Hi.
I'm a total beginner with nortel products and i get some problems trying to configure a 8310 switch.
I wanted to make two vlan (vlan 1 and vlan 300) with ip 192.168.11.0/24 (vlan1) and 192.168.10.0/24 (vlan300).
I configured them but no routing inter vlan is happening.
I have to say i still didn't attached any pc to the vlans...just trying to ping from the switch itself both ip of the vlans (192.168.11.5 and 192.168.10.10).
I even try to enable ripv2 but with no success.
What am i doing wrong?
Thanks

Pier

 

[TDN2007]

hi,
just one thing could you ping the default GW of each vlan
and what software release did you use?

 

[pierg75]

These ips (192.168.11.5 and 192.168.10.10) are the ips of the vlans and i cannot ping the ip of the second vlan (from the switch)...here the conf:

# box type : Passport-8310
# software version : 4.0.0.0
# monitor version : 4.0.0.0/079

[...]

#
# VLAN CONFIGURATION
#

no vlan members 1 1/47-1/48 portmember
interface VLAN 1
ip address 192.168.11.5 255.255.255.0
config terminal
vlan create 300 name "Rete-camere" type port 1
no vlan members 300 1/1-1/46,5/1-5/8 portmember
vlan members 300 1/47-1/48 portmember
interface VLAN 300
ip address 192.168.10.10 255.255.255.0
config terminal

Pings:

Passport-8310:5#ping 192.168.10.10
ping: timeout
no answer from 192.168.10.10
Passport-8310:5#ping 192.168.11.5
192.168.11.5 is alive


thanks

Pier

 

[andy88]

The IP interfaces won't come up unless there is an active port in its vlan. Plug something into vlan 1 and 300 and you will be able to ping them from the switch.

You won't need a routing protocol to pass traffic between vlans on the 8300. But would need one if you have another router on the network

 

[pierg75]

Yes....infact right now i just connected a pc to the vlan300 and pc is able to ping the switch (both ips).
We have another router, but can i use a default route to this router instead to use a routing protocol?

================================================================================
Ip Route
================================================================================
DST MASK NEXT COST VLAN PORT PROT AGE TYPE PRF
--------------------------------------------------------------------------------
0.0.0.0 0.0.0.0 192.168.11.1 1 1 -/- STAT 0 IB 5
192.168.10.0 255.255.255.0 192.168.10.10 1 300 -/- LOC 0 DB 0
192.168.11.0 255.255.255.0 192.168.11.5 1 1 -/- LOC 0 DB 0


The other router is in the vlan 1...in this a problem? Actually we want that the client on the vlan300 are just able to go outside in internet.
Thanks

Pier

 

[andy88]

Yes you can use a static default route to get traffic from vlan 300 to your router on vlan 1.

Aswell as the route on the 8300 you will also need to add a static route on your router for the 192.168.10.0 (vlan 3) subent pointing at the 192.168.11.5 (vlan 1) interface so traffic can get back to vlan 300.

 

[pierg75]

Ok.
Actually i was thinking to rebuild all the internal lan and leave the original ip adresses just to connect the provider router with the switch that manage the vlans. But then i don't know if 8300 can do nat. Something like this:

provider
router
192.168.11.1
|
|
192.168.11.5
nortel
8300
(nat)
/ \
/ \
vlan1 vlan3
10.0.0.0/24 10.0.1.0/24


Or even better just to do nat for the unroutable vlan.
We cannot manage the provider router and i don't know if they are going to do some special configuration.
So i was thinking to do with 8300 but i searched a bit on nortel doc, but found nothing about nat on 8300.
We are going to use a securerouter (1001) to serve the wireless installation...could we use it to make everything (wifi and cable) natted with securerouter?

 

[andy88]

No the 8300 doesn't do NAT.

You can create any subnet you like on the 8300. Then if your router provider uses static route you just need to tell them what your subnets are and they can add the routes to their router. Or you could use a routing protocol like RIP or OSPF between the 8300 and the router, then any new subnets would be dynamically passed to their router.

In theory you could use the 1001 as a NAT device, but it would be a complicated setup and make troubleshooting problems very difficult.

 

[pierg75]

Probably i will ask the provider to enable rip on our internal interface of the router, so any new vlan would be automatically added.
For the 1001, we have it already and it's planned to be used with the wifi project...more things we can integrate better it is for us.

 

[DaddyOfThree]

I would suggest you try to use OSPF if at all possible. It'll allow you to grow much easier in the future and for small networks you just turn it on and your off and running (no complex setup - although I guess the same can be said of RIP).

Cheers!

 

[pierg75]

As far i understood for ospf i need a licence on nortel...at the end it result to be more complicated than i thought...sure cisco are more expensive...but as far as i saw they offer better usability.

 

[andy88]

OSPF does need the advanced licence, RIP is included in the base licence.

You would have the same setup with cisco switches, except it would require more cards and not have the same level of resilience. The nortel switches are also much easier to configure, with even the cisco like nncli if you come from a cisco background.

 

[DaddyOfThree]

I stand corrected... OSPF functionality is included in the base license for the ERS 8600 switch while it's not included in the base license for the ERS 8300.

Cheers!

 

[pierg75]

Thanks. Anyway i think rip is enough...we're going to make max 3-4 vlans (two for data, one for voip and one for wifi...uhm, maybe two for wifi but they're going to be hidden by the securerouter) so i don't think i need ospf.
I'm just waiting for an answer from my provider to enable rip on our router.

Pier

 

[pierg75]

I forgot one thing....i was making some confgiuration to the switch...i saw this switch support spanning tree groups...is that something similar to the PVST from cisco or just more as MSTP? In the docs i didn't found much...especially how it will behave with other spanning tree implementation (we have to connect a HP and MRV switch).

Pier

 

[andy88]

I don't believe the 8300 supports pvst (though the 8600 does)

I think RSTP and MSTP are supported in version 4.1

 

[pierg75]

Version 4.0 of the software supports so called "Spanning tree groups":
"Spanning tree groups
Each STG consists of a collection of por ts that belong to the same instance of the STP protocol. These STP instances are completely independent from each other (for example, they send their own BPDUs, they have their own timers, and so on)."

What are exactly those?
Are they something similar to mstp or pvst? Or something different? Are them safe to use in a mixed environment?

Pier

 

[andy88]

You can configure multiple instances of traditional stp. so you could configure 2 stg's and assign half the vlans for each group.

MSTP is the standards based development to stp and rstp. While cisco went their own non-standards way and developed pvst