1

I have two Dell PowerConnect 5424 switches, with current firmware installed. I'm trying to configure a LAG group, which will link the two switches for a certain number of ports (8-16) on each switch. But not having much success.

No matter what I try, I'm unable to ping a host on switch 2, from a host on switch 1. I've included the relevant bits of my config below.

Any assistance would be greatly appreciated.

In case of relevance, ports 1-7 are already in use for a different SAN (and EMC) which has separate subnets for each switch, so no LAG required. I have those ports tagged as 'switchport access vlan 2'

  • I need ports (8-16) on each switch to be linked with a LAG (LAG 3).
  • The hosts on these ports are in the same subnet

  • The hosts will be transmitting untagged traffic (Equallogic array hosts/arrays)

  • Four ports (20-23) on each switch are in the LAG group

  • Each of these four ports are connected to the corresponding ports on other switch

  • The should forward traffic from ports 8-16 to equivalent on other switch.

  • I've tried various permutations of general/trunk/access modes

Partial config

spanning-tree mode rstp

interface range ethernet g(8-16)
    spanning-tree portfast
    flowcontrol on
    switchport access vlan 3
exit

interface range ethernet g(20-23)
    channel-group 3 mode on
exit

interface port-channel 3
    switchport mode trunk
    switchport trunk allowed vlan add 3
exit

vlan database
    vlan 2, 3
exit

interface vlan 3
    name eql
exit

Edit: Results of some commands

console# show interfaces port-channel 3           

Load balancing: Layer 2.

Gathering information...
Channel  Ports
-------  -----
ch3      Active: g(20-23)

console# show interfaces switchport port-channel 3
Port : ch3
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Protected: Disabled

Port is member in: 

Vlan               Name               Egress rule Port Membership Type 
---- -------------------------------- ----------- -------------------- 
 1                  1                  Untagged          System        
 3                 eql                  Tagged           Static        


Forbidden VLANS: 
Vlan               Name               
---- -------------------------------- 


Classification rules: 

Protocol based VLANs: 
Group ID Vlan ID 
-------- ------- 

console# show interfaces switchport ethernet g8
Port : g8
Port Mode: Access 
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 3
Protected: Disabled

Port is member in: 

Vlan               Name               Egress rule Port Membership Type 
---- -------------------------------- ----------- -------------------- 
 3                 eql                 Untagged          Static        


Forbidden VLANS: 
Vlan               Name               
---- -------------------------------- 


Classification rules: 

Protocol based VLANs:                       
Group ID Vlan ID 
-------- ------- 

console# show arp

ARP timeout: 3600 Seconds

  VLAN    Interface     IP address        HW address          status      
--------------------- --------------- ------------------- --------------- 
vlan 1     g24        10.12.0.2       00:13:60:f6:36:b9   dynamic         
vlan 1     g24        10.12.1.142     00:1c:23:3d:72:5b   dynamic         
vlan 1     g24        10.12.1.201     10:9a:dd:57:46:72   dynamic   

console# show vlan 

Vlan       Name                   Ports                Type     Authorization 
---- ----------------- --------------------------- ------------ ------------- 
 1           1             g(17-19,24),ch(1-8)        other       Required    
 2          ax4                  g(1-7)             permanent     Required    
 3          eql                g(8-16),ch3          permanent     Required 

Switch 1
console# show bridge address-table vlan 3
Aging time is 300 sec

  Vlan        Mac Address       Port     Type    
-------- --------------------- ------ ---------- 
   3       00:09:8a:0a:15:45    g11    dynamic   
   3       00:15:17:6b:2b:cf    g10    dynamic   
   3       00:50:56:7f:ee:ef    g12    dynamic  

Switch 2
console# show bridge address-table vlan 3
Aging time is 300 sec

  Vlan        Mac Address       Port     Type    
-------- --------------------- ------ ---------- 
   3       00:09:8a:0a:15:44    g11    dynamic

Spanning Tree details after I disabled it!! I presume the 1.2million BPDU packets are what caused my problems! 

show spanning-tree detail (excerpt from)
...
Port g24 enabled
State: forwarding                              Role: root
Port id:  128.24                                Port cost: 4
Type: P2P    (configured:Auto  ) STP           Port Fast: No (configured:No)
Designated bridge Priority : 32768             Address: 00:1e:4f:01:3a:77
Designated port id: 128.43                       Designated path cost: 4
Guard root: Disabled                           BPDU guard: Disabled
Number of transitions to forwarding state: 1
BPDU: sent 25, received 1205133

Port ch3 enabled
State: disabled                                Role: disabled
Port id:  128.49                                Port cost: 4
Type: N/A (configured:Auto   RSTP)             Port Fast: No (configured:No)
Designated bridge Priority : 32768             Address: 00:1e:c9:90:05:12
Designated port id: 128.49                       Designated path cost: 8
Guard root: Disabled                           BPDU guard: Disabled
Number of transitions to forwarding state: 1
BPDU: sent 415, received 2

** More Spanning Tree details **

SWITCH 1
console# show spanning-tree active


Spanning tree enabled mode RSTP
Default port cost method:  short



  Root ID    Priority    32768
             Address     00:14:22:6e:92:41
             Cost        8
             Port        g24
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32768
             Address     00:1e:c9:90:05:12
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Number of topology changes 180 last change occurred 00:01:01 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15

Interfaces
 Name   State   Prio.Nbr   Cost     Sts   Role PortFast       Type        
------ -------- -------- --------- ------ ---- -------- ----------------- 
  g1   enabled   128.1       4      Frw   Desg    No       P2P (RSTP)     
  g2   enabled   128.2       4      Frw   Desg    No       P2P (RSTP)     
  g3   enabled   128.3       4      Frw   Desg    No       P2P (RSTP)     
  g4   enabled   128.4       4      Frw   Desg    No       P2P (RSTP)     
  g5   enabled   128.5       4      Frw   Desg    No       P2P (RSTP)     
  g6   enabled   128.6       4      Frw   Desg    No       P2P (RSTP)     
  g7   enabled   128.7       4      Frw   Desg    No       P2P (RSTP)     
 g10   enabled   128.10      4      Frw   Desg   Yes       P2P (RSTP)     
 g11   enabled   128.11      4      Frw   Desg   Yes       P2P (RSTP)     
 g12   enabled   128.12      4      Frw   Desg   Yes       P2P (RSTP)     
 g24   enabled   128.24      4      Frw   Root    No        P2P (STP)     
 ch3   enabled   128.49      4      Frw   Desg    No       P2P (RSTP)

SWITCH 2
console# show spanning-tree active


Spanning tree enabled mode RSTP
Default port cost method:  short



  Root ID    Priority    32768
             Address     00:14:22:6e:92:41
             Cost        8
             Port        g24
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32768
             Address     00:1e:c9:90:06:1a
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Number of topology changes 179 last change occurred 01:06:29 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15

Interfaces
 Name   State   Prio.Nbr   Cost     Sts   Role PortFast       Type        
------ -------- -------- --------- ------ ---- -------- ----------------- 
  g1   enabled   128.1       4      Frw   Desg    No       P2P (RSTP)     
  g2   enabled   128.2       4      Frw   Desg    No       P2P (RSTP)     
  g3   enabled   128.3       4      Frw   Desg    No       P2P (RSTP)     
  g4   enabled   128.4       4      Frw   Desg    No       P2P (RSTP)     
  g5   enabled   128.5       4      Frw   Desg    No       P2P (RSTP)     
  g6   enabled   128.6       4      Frw   Desg    No       P2P (RSTP)     
  g7   enabled   128.7       4      Frw   Desg    No       P2P (RSTP)     
 g11   enabled   128.11      4      Frw   Desg   Yes       P2P (RSTP)     
 g12   enabled   128.12      4      Frw   Desg   Yes       P2P (RSTP)     
 g24   enabled   128.24      4      Frw   Root    No        P2P (STP)     
 ch3   enabled   128.49      4      Dscr  Altn    No       P2P (RSTP) 

console# show spanning-tree blocked


Spanning tree enabled mode RSTP
Default port cost method:  short



  Root ID    Priority    32768
             Address     00:14:22:6e:92:41
             Cost        8
             Port        g24
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32768
             Address     00:1e:c9:90:06:1a
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Number of topology changes 179 last change occurred 01:06:51 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15

Interfaces
 Name   State   Prio.Nbr   Cost     Sts   Role PortFast       Type        
------ -------- -------- --------- ------ ---- -------- ----------------- 
 ch3   enabled   128.49      4      Dscr  Altn    No       P2P (RSTP)
barryj
  • 968
  • 1
  • 5
  • 8
  • have you tried `channel-group 3 mode auto` on both sides? – Mike Pennington May 11 '11 at 09:22
  • Thanks - Yes, I tried that ready - made no difference from what I can see - g20-23 went offline, then online again during the changes. – barryj May 11 '11 at 09:59
  • Have you checked mac-learning on both sides for anomalies? – Mike Pennington May 11 '11 at 10:04
  • @Mike - can you elaborate on that? – barryj May 11 '11 at 10:18
  • barryj, are mac-addresses learned correctly on the switch it is connected to... then on the switch across the LAG. You should see the source mac learned across the LAG for both devices if packets are going both ways. If this is not happening, you get a clue for where things have broken – Mike Pennington May 11 '11 at 10:20
  • barryj, does the LAG group show as active on the other switch? Are both hosts in VLAN3? – Martin May 11 '11 at 10:29
  • Mike - if I type: 'show arp' - I only see devices connected to ports that are still part of vlan 1 - I've added two more results to the main post – barryj May 11 '11 at 10:33
  • Martin - yes port-channel 3 shows as active on both switches. Regarding your question on hosts being in VLAN 3 - all hosts are connected to the ports that are tagged as 'switchport access vlan 3' But I've done nothing on the hosts themselves to specify a VLAN - I'm not sure this is possible. I assume that tagging the ports on the switch as above will tag any packets as appropriate? – barryj May 11 '11 at 11:25
  • @barryj, there is a huge difference between the mac-learning table and arp table. I am looking for `show bridge address-table vlan 3` from both switches. Also, I don't get a message unless you type @Mike – Mike Pennington May 11 '11 at 11:32
  • Also, realize that the default mac-aging timers on a switch are around 300 seconds... you will need to try recent pings from both sides if you want to ensure that mac-addresses should be showing up in the output. – Mike Pennington May 11 '11 at 12:01
  • @Mike - thanks for you patience on this - really appreciate your help - this has been driving me mad for days. I've posted the ouput in the body again. This was after attempting a ping. To elaborate on the results - the host I'm on has MAC ending ing 'cf', I can successfully ping the one ending in '45' on the same switch, but not the one ending '44' on the other. If I connect the 'cf' nic to the other switch, I can ping the '44' but not the '45' if that all makes sense. – barryj May 11 '11 at 12:12

2 Answers2

1

You certainly don't show any mac-learning across either side of the LAG, which indicates to me that there is something more basic wrong.

  1. Start by ensuring that your ethernet interfaces participating in the LAG are up on both sides
  2. Ensure that you have the same LAG configuration on both sides (easiest is usually auto). Then ensure that LACP has brought the LAG virtual interface up
  3. Ensure your vlan trunking parameters are the same on both sides
  4. Ensure that spanning-tree is not blocking the LAG due to another redundant link between the switches. If there is a redundant link, shut that down too.

Failing that, remove the LAG configuration from both sides and shutdown all but one ethernet link between the switches. Try to get connectivity working like that. Once you have this working, add the LAG configuration and duplicate the config that worked on the single ethernet link into the LAG ports.

Mike Pennington
  • 8,266
  • 9
  • 41
  • 86
  • @Mike - 1) Interfaces are up. 2) I changed mode to auto ealier today - 3) Just diffed the running-config on both switches - only difference is IP of managment port and Dell Tag number. Regarding 4) I'll have to reread that - I've only 4 links between the switches (the four LAG members). I'll try removing the LAG when I get back to the office, and just link two ports - should I just pop a cable between two ports in the g(8-16) range? – barryj May 11 '11 at 12:55
  • @barryj, if you use a port in `g(8-16)`, you will have the link in access mode... that is fine for test purposes, but I assume you needed to trunk more than vlan3 across that link... which means trunk mode. If you need trunk mode, then I would use a port in `g(20-23)`. – Mike Pennington May 11 '11 at 13:17
  • @Mike - OK I removed the LAG and then recreated the LAG with a single link member. Still same issue. I then tried the following command: 'spanning-tree disable' under the port-channel config. I ran this on both switches and I was able to ping the IP. However, I think it nearly killed the rest of my network - so I quickly reversed it. Suddenly had four people beside me lose network services. Port 24 on each switch is connected to my regular network, and is part of the default VLAN 1. I'm not really sure what I just did. – barryj May 11 '11 at 14:17
  • I added the output of 'show spanning-tree detail' – barryj May 11 '11 at 14:39
  • 1
    @barryj, my assumption (perhaps a bad one) is that you were doing this in a maintenance window. If these devices are not isolated from the rest of the network, you should be waiting for a designated maintenance time so the impact of your changes are expected and (hopefully) minimized. It sounds like you have some spanning-tree dynamics happening. You need to know where the spanning-tree root should be; If your LAGs are getting blocked by spanning-tree (see `show spanning-tree active`, `show spanning-tree blocked`), see if you can add them to a pre-existing LAG (in a maintenance window) – Mike Pennington May 11 '11 at 14:44
  • @Mike - I assume my problems are related to spanning-tree. When I disabled it, I was able to ping across the switches - however, my network got swamped. I'm guessing this is to do with me having port 24 on both switches connected to another switch on my LAN - for management. I'm guessing this is a redundant link. This port is still part of the Default VLAN 1. So I'm a bit at a loss as to how to set things right. I'll read up on STP. – barryj May 11 '11 at 14:54
  • 1
    @barryj, your comment about a management port makes a lot of sense. It may be possible to put your management vlan on the LAG and remove the separate mgt port, however, this requires understanding the big-picture topology. Someone (hopefully) has a topology map that can clarify this. One thing is important though... be sure that *all* switch-to-switch connections have STP, MSTP, or RSTP enabled. All spanning-tree protocols in a single ethernet broadcast domain should be the same type (either STP, RSTP, or MSTP). – Mike Pennington May 11 '11 at 14:58
  • @Mike - just want to really thank you - I guess this is down to my lack of knowledge of STP. I'm not there yet, but am reading up and hopefully I can figure out how to solve this. When listing the active and blocked spanning tree details (added to the main post) I note that port 24 is STP, whereas the rest are RSTP. Port 24 also appears to be Root on both. The port-channel appears to be 'Desg' on one and 'Altn' on the other. For blocked ports, I get none on Switch 1 and the Port Channel on Switch 2. – barryj May 11 '11 at 15:21
  • Can you draw up something in paint to show a topology of all the switches and how they're connected? You're definetely creating a switching loop. If you look at changing to Per-VLAN spanning tree, you could work around this. – Robert May 11 '11 at 15:27
  • @Mike, @Robert - I've got things working now, though not ideally. enabled an IP address on VLAN 3 (my Equallogic iSCSI VLAN) on Switch, so that I could connect to the switch. I then disconnected the cable from management port (24) on this switch. I then re-enaabled the LAG and everything works. But I now have one switch managed from my LAN, and the other from a server which has a connection to the iSCSI VLAN. My thought was to now create a new VLAN for the management port on each switch, and trunk that over the LAG. So I'll only connect my LAN to one switch or the other, not both. Make sense? – barryj May 11 '11 at 17:39
  • @Robert, powerconnect does not support pvst... it supports MSTP, which does similar things, but makes management of the topology more complicated. If he has a small network, it's probably wiser just to work out what the topology is and configure it to accommodate this design. – Mike Pennington May 11 '11 at 17:39
  • @Mike and others - thank you very much for your help on this. I think I'm now up and running. I did as I said in my last post and assigned port 24 on each switch to VLAN 99 and routed that over the LAG, and left just one switch connected to the rest of my LAN. I can now connect to either switch to manage it. And my switch seems to be routing my iSCSI connections over the LAG too. Once again, many thanks. – barryj May 11 '11 at 19:15
  • barryj, you are most welcome. BTW, the optimal design is to be able to send management traffic over a different link than iSCSI uses. **If** you can set up a vlan with only one port on switch2 and switch1 (in a dedicated management vlan), you can disable spanning tree on that management port. However, you need to be sure that nobody adds more than one port into the mgt vlan... this would open the possibility for a STP loop. Good luck with your project! – Mike Pennington May 11 '11 at 19:20
  • @Mike. That's what I've done - only port 24 on each switch is in the management vlan. Using the iSCSI VLAN was just so I didn't cut myself off when reconfiguring the management vlan. Now the management vlan is connected by one of the switches to the rest of my LAN. Obviously, if the connected switch dies, I'll have to move the cable, to the other one. No big deal. Question though - do I need to disable STP on this management vlan - it appears to be working ok now - I don't want to recreate the horrendous traffic spike I made this afternoon! – barryj May 11 '11 at 19:57
  • @barryj, coordinate with your boss to get a couple of hours for experiments... then 1) remove spanning-tree from port24 on each switch. 2) pull random cables in the LACP LAG to ensure that traffic can still pass in case of link failure. You also want to ensure syslog records that your LACP member links have dropped and it triggers some kind of alarm in your NMS. – Mike Pennington May 11 '11 at 20:57
0

Can you post the output of the command below please:

show interfaces port-channel 3

Also, if the LAG group is only going to carry traffic for VLAN3 then you shouldn't need to form a trunk between the two switches, setting VLAN3 as the access VLAN for the port-channel should adequate.

Martin
  • 481
  • 2
  • 5
  • will add results to question post – barryj May 11 '11 at 10:10
  • For future options it might be better to make the inter-switch link a trunk and prune the existing VLANs. In the future if you ever did need to add a VLAN, you could just allow it, instead of having to reconfigure your ports. – Robert May 11 '11 at 15:24