VLANs and IP Routing on an Ethernet Routing Switch

I’ve had a number of discussions recently with people asking how to configure VLANs and IP routing on the stackable Avaya Ethernet Routing Switches. I thought I would take a step back and document some basic configurations for those that might still have questions or for anyone that might be looking for some example configurations. In this post I specifically focus on how to configure multiple VLANs with IP routing on a single Ethernet Routing Switch 5520. (In a future post I’ll examine how to tag VLANs between multiple switches.) The example configuration below should be applicable to any model of the Ethernet Routing Switch 4500 or Ethernet Routing Switch 5000 series switches. This example configuration matches a build I recently setup to test the compatibility of the Avaya 1100 and 1200 series IP phones to connect to an Asterisk IP PBX. You can review a diagram of the test network in the figure to the right.

We have a single Ethernet Routing Switch 5520 (running software 6.2) with 3 separate VLANs each with their own Layer 3 IP interface. We’ll enable IP routing, configure DHCP forwarding (relay) and apply some basic best practices. The CentOS Linux sever at 192.168.1.6 will server multiple rolls; SIP server, DHCP server and TFTP server. In this example I’ll assume that the switch has a factory default configuration.

Let’s get started by entering configuration mode;

enable
config terminal

The “Default VLAN” already exists in the factory configuration so let’s rename it and assign an IP address to the Layer 3 IP interface;

vlan name 1 "192-168-1-0/24"
interface vlan 1
ip address 192.168.1.50 255.255.255.0 1
exit

Let’s create VLAN 100, assign ports 13-24 to that VLAN, set the PVID for each port to VLAN 100, create a Layer 3 IP interface and enable DHCP relay;

vlan create 100 name "192-168-100-0/24" type port
vlan members remove 1 13-24
vlan members add 100 13-24
vlan port 13-24 pvid 100
interface vlan 100
ip address 192.168.100.1 255.255.255.0 2
ip dhcp-relay
exit
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable

Let’s create VLAN 200, assign ports 25-36 to that VLAN, set the PVID for each port to VLAN 100, create a Layer 3 IP interface and enable DHCP relay;

vlan create 200 name "192-168-200-0/24" type port
vlan members remove 1 25-36
vlan members add 200 25-36
vlan port 25-36 pvid 200
interface vlan 200
ip address 192.168.200.1 255.255.255.0 3
ip dhcp-relay
exit
ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable

Let’s make sure that IP routing is enabled globally;

ip routing

There’s no need to add any additional IP static routes since this is a closed network. However, if there was an Internet router at 192.168.1.1 we would use the following command to create a default route to 192.168.1.1;

ip route 0.0.0.0 0.0.0.0 192.168.1.1 1

Whenever you remove a port from all VLANs it get’s removed from the Spanning Tree Group so it’s always a good idea to re-apply Spanning Tree to every port and set it to Fast learning. It’s also usually a very good idea to enable broadcast and Multicast rate-limiting (this is done in the hardware ASIC), setting it to 10% of the maximum port utilization;

interface fastEthenet All
spanning-tree learning fast
rate-limit both 10
exit

Cheers!

Comments on this entry are closed.

  • Adam DaCosta January 27, 2011, 10:47 am

    Great post Michael, i hope you don’t mind but i shared it as a link with our community @ http://blog.combatnetworks.com

    AD

  • xvs June 29, 2011, 11:16 pm

    vlan members add 200 25-36
    vlan port 25-36 pvid 200

    is the pvid suppose to be 200 or 100 ? did you make a type o or is that proper config.?.

    Let’s suppose you want all untagged traffic to be vlan 100 and allow vlan 200 in on that port for example a phone with a desktop connected. Where the phone tags voice as vlan 200 and data untagged. Would this be correct?

    vlan members add 200 25-36
    vlan port 25-36 pvid 100

    Also, in that same scenario would you set the vlan configcontrol autopvid or flexible should work also?

    • Michael McNamara June 29, 2011, 11:35 pm

      Hi Xvs,

      The example in the post is correct for the topic of the post, a simple access port configured in a single VLAN.

      If you were to connect an IP phone to that port then your assumptions would be correct. However, you’d need to issue a few additional commands;

      vlan ports 25-36 tagging unTagPvidOnly
      vlan members add 200 25-36
      vlan members add 100 25-36
      vlan port 25-36 pvid 100

      You could use autopvid or flexible, it doesn’t matter if you manually set the PVID yourself which is always best practice.

      Cheers!

  • Santiago Muga November 4, 2011, 4:39 pm

    Hi Micheal,

    I tried to follow your steps to configure my switches (stack) and the stack didn’t accept #IP routing or #Interface vlan 100 commands. I am new using these switches. I think the IOS version is old and I cannot find information what to do. Here is the information of the stack when I am trying to connect via telnet:
    Ethernet Routing Switch 4548GT-PWR Nortel
    Copyright 1996-2007
    HW:04 FW:5.1.0.8 SW:v5.1.0.000

    • Michael McNamara November 6, 2011, 12:16 am

      Hi Santiago,

      You need to be running software release 5.4 of later on the Ethernet Routing Switch 4500 series.

      Cheers!

    • hector carbajal May 8, 2013, 12:23 am

      hi Michael,

      i know that this post is too old, but i have been search in to the web for many hours and i found your blog/webpage.

      i follow this steps for create VLANs in a Ethernet Routing switch 4550-t PoE,

      1. I create 3 VLANs

      one for ELAN, another for TLAN and last for TLAN for Telephones

      i try to explain mi problema.

      - First configure my CallServer switch avaya-nortel rls 7.5 with signaling server then these are my IP`s

      Callserver ip – ELAN 192.168.28.4
      TLAN 10.94.16.55
      Signaling server ELAN 10.94.16.55
      Node IP TLAN 10.94.16.57
      Telephones 192.168.29.0/24 255.255.255.0

      when i connect my 4550-t to the client network with default configuration the switch assign me some direccions in this segment 10.94.16.xx, that is the segment “TLAN” of the client and it`s used for his computers. i have connect the ELAN and TLAN from callserver and signaling server and node in the switch also, but when i connect one telephone in the switch this assign me by DHCP some ip from client segment (TLAN) for example 10.94.16.65 and it`s automatically connect,
      but i need some direcction that 192.168.29.xx segment but conect to the IP node in this case 10.96.16.57

      when i configure 3 VLANS in the switch i found some inconvenients these are:

      – witch ip direction need to put to the switch? i mean in wich segment
      - i have to put the STACK or SWITCH ip ?
      - i use your procedure for create VLANs, but i need to communicate from VLAN of telephones in this case 192.168.29.xx to the ip node 10.94.16.57 for sign telephones to the callserver.

      i hope i expressed myself correctly.

      thanks.

      Héctor

      • Michael McNamara May 8, 2013, 11:01 pm

        Hi Hector,

        You’ve got a few hurdles to overcome… the default configuration of any ERS 4000 or 5000 switch has all ports in VLAN 1 and all ports set to UnTagAll (Access) ports. You would need to implement this switch using a Layer 3 configuration. Assuming the customer already has a router you could need to update that router’s routing table with routes to the new IP networks you’ve built, likewise you’d need to configure routes in the 4550 to reach the customers existing router.

        You might want to see some consulting help… at least for your first one or two implementations.

        Good Luck!

  • udayakumar November 23, 2011, 11:30 am

    Hi Micheal,

    i use 3 stacked 5520 with software 6.03 and i have 4 vlans. i assighned l3 ips for vlans as vlan1: 192.168.1.1/24, vlan10:192.168.10.1/22, vlan30: 192.168.30.1/22, vlan40: 192.168.40.1/22. then aply dhcprelay to all vlans its working fine(i connect DHCP server and Internet Router in vlan 1). all i follow the above conf examples. i also give static route. but i can’t get internet in the vlans 10,30,40 i can get internet in vlan1 only. i can ping the gateways,pcs form eny vlan to enyvlan but, i can’t ping internet router. i using belkin n600. ip is 192.168.1.254/24. if thire is any static routing made into the internet router or any config should we have todo make this
    work… i made the config as u give … everything working fine without internet for other vlans …. pls any guide and help me…

    • Michael McNamara December 2, 2011, 11:01 am

      Hi udayakumar,

      You need to add the appropriate routes to your Belkin router so it knows how to get back to your other VLANs.

      192.168.10.0/22 -> 192.168.1.1
      192.168.30.0/22 -> 192.168.1.1
      192.168.40.0/22 -> 192.168.1.1

      You’ll probably also need to check that you have a NAT table entry for those networks. You need to NAT the traffic as it passes through the Belkin so it gets a public IP address.

      Good Luck!

  • Santiago Muga December 16, 2011, 11:40 am

    Hello Michael,

    Sorry to bother you again with simple questions, If I configured my stack using both “ip routing” and “ip route 0.0.0.0 0.0.0.0 192.168.1.1 1″ so all the vlans have access to internet, Will be ok keeping “ip default-gateway 192.168.1.1″ or I need to remove it? Right now my stack has VLAN1 on all the ports and the default gateway is 192.168.1.1 (internet access).

    • Michael McNamara December 16, 2011, 1:34 pm

      Hi Santiago,

      You can leave the command in place. If you aren’t doing routing the command is utilized for the management interface of the switch.

      Cheers!

  • Gev Ymbong May 18, 2012, 11:02 am

    Hi Michael,

    I have stackable Avaya 5520s which I want to access the config exactly. I want to print them for my vendor to check what is the problem with my additional VLANs. How can I get those using an ethernet cable? My other question is if I add 2 more VLANs to my existing 192.168.89.0/24 (192.168.10.0/24 and 11.0/24) How can I configure them so that it would talk with my existing 89.0/24 and uses my VPN and internet with gateway 89.10, Do I need to assign or isolate other VLANS to specific ports? Please help me with this, my background is on Servers & OS not on Networking. Thanks.

    • Michael McNamara May 22, 2012, 7:34 pm

      Hi Gev,

      You can use the following command from the CLI interface to output the entire configuration;

      “show running-config”

      With regard to your other questions you would need to add those VLANs to the ERS 5520, you would also need to enable routing.

      If you have additional questions I would suggest you post them on the forums, http://forums.networkinfrastructure.info/index.php

      Good Luck!

  • Jas Reehal June 21, 2012, 7:03 am

    Hi Michael,

    For resilience I have 2 DHCP servers in the 192.168.100.0 vlan, serving without overlapping addresses. If one DHCP server goes down the other one can respond.

    How can a client in the other vlans access both servers. Do I have two dhcp_relay commands? is this possible?

    • Michael McNamara June 21, 2012, 9:20 am

      Hi Has,

      You’ll need multiple DHCP relays for each VLAN. You can find the commands in the post below for the stackable switches.

      http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/

      Good Luck!

      • Jas Reehal June 21, 2012, 10:18 am

        Hi Michael,

        Just to get this clear in my head; in the example:-

        http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/

        ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
        is used to define a fwd-path in vlan 100 and …

        ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable
        is used to define fwd-path in vlan 200.

        BUT I have 2 DHCP servers (let say 192.168.1.6 and 192.168.1.7) I want clients in vlan 100 to use either DHCP server. Do I issue the following 2 commands?

        ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
        ip dhcp-relay fwd-path 192.168.100.1 192.168.1.7 enable

        I must admit that this looks wrong to me? Should I be using something other than 192.168.100.1 in the second command?

        In general the command is:-

        ip dhcp_relay fwd-path ADDR1 ADDR2 enable

        ADDR2 signifies the DHCP server

        What does the ADDR1 signify ?

        is it a ‘virtual address’ for the DHCP server ?
        is it the router interface in the vlan?

  • Jas Reehal June 21, 2012, 10:12 am

    Hi Michael,

    Just to get this clear in my head; in the example:-

    http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/

    ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
    is used to define a fwd-path in vlan 100 and …

    ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable
    is used to define fwd-path in vlan 200.

    BUT I have 2 DHCP servers (let say 192.168.1.6 and 192.168.1.7) I want clients in vlan 100 to use either DHCP server. Do I issue the following 2 commands?

    ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
    ip dhcp-relay fwd-path 192.168.100.1 192.168.1.7 enable

    I must admit that this looks wrong to me? Should I be using something other than 192.168.100.1 in the second command?

    In general the command is:-

    ip dhcp_relay fwd-path enable

    What does the address signify ?

    is it a ‘virtual address’ for the DHCP server ?
    is it the router interface in the vlan?

  • Rob July 9, 2012, 5:57 am

    Hi There,

    I wondered if anyone knows how to either load-balance between Broadband circuits and/or use a specific broadband as a backup route?

    Thanks

    Rob

    • Michael McNamara July 9, 2012, 7:36 pm

      Hi Rob,

      You’d configure that functionality in your perimeter Internet router or firewall. You can set lower metric routes that will kick in if the primary route fails. There are also third party appliances that will help mesh multiple, disparate Internet connections into a single connection. You can look at solutions from Barracuda Networks, Peplink, XRoads Internet etc. These appliances make it easy to aggregate multiple Internet links such as DSL, Cable Modem, FiOS (FTTP), T1, etc. and take the complexity out of the mix for the average network manager/engineer.

      Cheers!

  • Jas Reehal September 21, 2012, 5:45 am

    Hi Everyone,

    Using Michael’s excellent blog …

    http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/

    I have created, and am using a vlan, for which I configured the interface thus ..

    Baystack(config)# interface vlan 5
    Baystack(config)# ip address 10.10.31.254 255.255.224.000 5

    As I populated this vlan- I configured each host with ‘default gateway’ 10.10.31.254, this works fine because my Internet router was situated in ‘VLAN 1′ which is the default vlan.

    I want to relocate the Internet router into ‘VLAN 5′ and I want to set its IP address to 10.10.31.254/19, this way I will avoid having to change the ‘default gateway’ setting which I have already configured on each of my existing hosts. To allow this, I expect that I must change the ‘vlan 5′ interface address to something else first.

    o Can I do this?
    o How Can I do this?
    o What ‘pitfalls’ do I need to consider…

    For instance all the hosts left behind in the ‘default vlan’ inside which the ‘Internet router’ originally resided will need their ‘default gateway’ changed to the address of the Baystack cascade, but If I do that, then how does that know that the ‘Internet router’ now resides in ‘vlan 5′ with address 10.10.31.254?

    Is there anyone who understands what I am attempting to achieve and can advise me?

  • McAdams May 8, 2013, 7:58 am

    Hi,

    I have a nortel 3510-24t switch and I followed what you said in your post but the vlans could not see each other. I made some changes on the network as i dont have/ dont want a dhcp server. I disabled the dhcp-relay. but i can not establish an inter vlan connection. How can i make vlans with no dhcp using static addresses? plz help!

    • Michael McNamara May 8, 2013, 11:04 pm

      Hi McAdams,

      I’m not sure why you wouldn’t want a DHCP server but in any case… if you want to static the configuration you need to make sure you configure all the appropriate information. Since you didn’t provide too much information I’m going to guess that you are not configuring the default gateway on the desktops/laptops.

      You should verify that you can ping the default gateway from each laptop/desktop, then perform a tracert and see where it dies – that will provide you a clue where to look.

      Good Luck!

      • Mc Adams May 9, 2013, 5:13 am

        Thax micheal, i configured the vlans with static ip addreses its working because i can ping each pc from a different vlan. but i can only open shared files from one pc but not the other way round. i can even tracert all computers its working fine. i tried to disable firewalls but still can not access shared folders.

        I doubt if i configured my gateways well. for example vlan 100 has ip address 192.168.100.1, and a computer on that vlan i gave it the ip 192.168.100.2/24 with gateway 192.168.100.1, is this correct or i have to use a different gateway say like from the other vlan? i read another post it said the gateway has to be the vlan ip address you are trying to access, is this true? say like the other vlan has ip address 192.168.200.1 and host has 192.168.200.2 to reach this host you would use 192.168.200.1 as your gateway? plz help!

        • Michael McNamara May 9, 2013, 2:23 pm

          Your configuration is correct… your gateway MUST be on the same network as your device.

          If you can ping and traceroute your problem is no likely to be the network but rather to be somewhere else, like a Windows Firewall or similar.

          Good Luck!

  • Mc Adams May 10, 2013, 1:59 am

    Thax bro. thats perfect.

  • Daniel Freeman May 13, 2013, 4:31 pm

    This is a little off topic. I have a company using a macaffe vulnerability scanner and they are freezing up our ERS 5500 routers in the field. We have to boot them to get them to come back. It’s just a discovery scan. Any ideas?

  • McAdams May 21, 2013, 2:57 am

    Hi micheal,

    I have a nortel switch 3550-24t which have two vlans, A and B. Vlan B has gigabit ports 21 and 22, while vlan A has Gigabit ports 23 and 24. I want to connect a netgear switch to vlan B on ports 21 and 22, so that the netgear switch can connect to many computers all belonging to the same vlan. Is it possible that without creating vlan B on netgear switch i can connect it to the ports on nortel switch so that instead of connecting two computers to port 21 and 22 i can connect the netgear switch and have many computers connected to the netgear switch all on the same vlan using the vlan ip as their default gateway? All i want it to allow many computers connected to a single vlan instead of only two computers on ports 21 and 22.

  • McAdams May 27, 2013, 10:57 am

    Hi Micheal,

    I have created vlans on a nortel switch and configured static route to a dhcp server for dynamic ip addressing. here is one vlan settings:

    vlan create 20 name student type port
    vlan members remove 1 5
    vlan members add 20 5
    vlan port 5 pvid 20
    interface vlan 20
    ip address 192.168.200.1 255.255.255.0 2
    ip dhcp-relay
    exit
    ip dhcp-relay 192.168.200.1 192.168.300.6 enable

    ::asumming that the dhcp server is at 192.168.300.6 in another subnet.
    but when i connect a laptop to vlan 20 it can not receive an ip address. when i tried to ping the server it worked but suddenly the ping did not work anymore.
    there is a switch between the server and the switch that has vlans, i assumed that the second switch will be in one vlan so there is no need to create a trunk between them.

    ::how can i go about troubleshooting the dhcp problem in this scenario?

    • Michael McNamara May 28, 2013, 2:27 pm

      You should start your troubleshooting according to the OSI layers, and then work through all the different points between A (laptop) and B (DHCP server).

      Do you have Layer 1 (link) between the Avaya 5520 and this “other” switch? If you have link are you bridging/trunking the VLANs correctly? Can you see the MAC/FDB table populate on both switches? Your next step would be to start a SPAN or port mirror and perform a packet trace, do you see the DHCP request arriving at the DHCP server? Do you see the DHCP reply going back to the workstation/laptop.

      Good Luck!

      • McAdams May 29, 2013, 2:48 am

        Hi Micheal,

        Let me put the problem in this way.The switch is not a 5500 but a nortel 3510-24t, the other switch is a netgear switch. I have a problem with configuring the netgear because i dont have its console cable or do not know its ip address to start managing it. I created a vlan on the nortel switch lets say vlan A but instead of plugin the dhcp server i pruged in the netgear switch so that i can not just connect the server but also other computers all in vlan A. I assumed that because the cable in plugedin to vlan A and all computers including the server have to be in vlan A i should not set the Vlan A and a trunk on the netgear (if this is not true plz let me know. I also did this because i dont have a way / cable to configure the netgear with vlan A. Since the cable between the netgear and nortel has to carry only vlan A data, does it have to be a trunk. and if it has to be a trunk, how can i make a trunk that is compatible on both switches? i herad that 802.1q is excellent but how can i make it? you said about port mirroring and packet trace how can i do it on nortel? am not well schooled on nortel products, I am used to cisco since they are common.

      • McAdams October 1, 2013, 1:40 am

        the dhcp issue is worked out, its actually the dhcp server that had a problem. I removed superscope and made subscope for each vlan and it all worked well.

  • NetScavenger August 5, 2013, 3:03 am

    Hi micheal,

    I hope this discussion is not closed. What is the difference between using
    ip dhcp-relay fwd-path and ip dhcp-relay broadcast
    because i want to put two dhcp servers in my network, in case one fails the other one picks up. i was wondering how to set two ip relay paths to the servers.

    • Michael McNamara August 10, 2013, 1:46 pm

      You can have multiple DHCP relays (IP helpers) per IP interface. The syntax is different dependent on switch model and software release.

      You just need to enable DHCP on the specific VLAN and then setup a DHCP relay, you can repeat the command with multiple DHCP servers.

      The switch will send the DHCP requests to both DHCP servers, it’s up to the DHCP servers to decide who will respond. If both DHCP servers respond then the client will usually accept the DHCP response that arrives first.

      Hopefully that answers the question? Good Luck!

  • Howard Reynolds September 9, 2013, 4:03 pm

    Hello Michael,
    Is it possible to enable dhcp-relay WITHOUT enabling ip routing on my L3 avaya switch?

    For security reasons, I disabled routing between vlans on the switch so that all traffic goes through the firewall. [except for dhcp traffic]

    Howard

    • Michael McNamara September 9, 2013, 6:43 pm

      Hi Howard,

      You need IP enabled in order for the switch to act as a DHCP relay. You could create filters to block inter-vlan traffic but the switch would need a route to the DHCP server. In short the switch will take the DHCP broadcast and wrap it up into a unicast frame and send it to the DHCP server. The DHCP server will respond with a unicast frame which the switch will unwrap and then broadcast back onto the VLAN from which it came.

      Good Luck!

  • Meraj September 24, 2013, 5:47 am

    Hi Michael,

    Need your help with a weird problem, I have posted this on http://forums.networkinfrastructure.info/nortel-bayrs-routing/nortelavaya-5500-stack-routing-issue/ as well.

    We have got a Stack of 6 Nortel 5500 Switches running FW:5.0.0.4 SW:v5.1.4.021.

    Configuration:

    IP Routing enabled globally
    5 L3 VLANs configured (Routing enabled on the interfaces)
    Default-gateway pointing to a.a.a.a
    Static Default Route pointing to a.a.a.a (Where a.a.a.a is our WAN Router)

    I thought we only needed a default route if we are running the stack in L3, but as this stack was built by a 3rd party and almost 3 years ago no configuration changes were made since then.

    I was working on a change last night were we had to do the following

    Add 4 new Static Routes Pointing to a.a.a.a
    Add a new default Route Pointing to b.b.b.b (where b.b.b.b was our Firewall)

    I made the changes in this order:

    Added the 4 new Static Routes
    Deleted the old default route and default gateway
    Added the new default route (as the stack is running in L3, I didnt add the default-gateway)
    Everything was working fine, no services were affected.

    However after this change I have noticed that I cannot Ping the VLAN gateways of the stack from the remote sites. All services are running as normal, I can even traceroute/ssh/snmp to the vlan gateways but just cannot ping them. Very very strange, never saw this in my life before ……

    There are no Firewalls or ACL’s so nothing is being blocked anywhere.

    I tried adding the default-gateway pointing to the new b.b.b.b (but still cannot ping the vlan gateways). Services remain unaffected.

    However if I rollback and just leave the default route pointing to old a.a.a.a, services are still unaffected but we cannot ping the vlan gateways.

    If I rollback and leave the default route and default-gateway pointing to the old a.a.a.a, I can now ping the vlan gateways..

    Please help! I am pulling my hair out here ……..

    Regards,
    Meraj

    • Michael McNamara September 30, 2013, 8:13 pm

      You’ve already posted in the forums so let’s keep the conversation in a single location.

      Cheers!

  • Meraj September 24, 2013, 6:36 am

    Hi Michael,

    I Posted a question and it has disappeared, please advise if I am doing anything wrong here?

    Meraj

    • Michael McNamara September 28, 2013, 8:47 am

      I manually approve all new posts to help keep the SPAM off the site.

      Your question is up now… and I will respond in a few minutes.

      Cheers!

  • McAdams October 2, 2013, 3:45 am

    Hi micheal,

    I have this configuration for trunk ports on a cisco 3548 xl switch:
    interface gi0/1
    switchport mode trunk
    switchport trunk encapsulation dot1q

    this works from cisco switch to another cisco switch, but how can i match this configuration on a nortel 3510-24t switch so that their is communication between the two switches using the same 802.1q standard as on the cisco switch? many thanks in advance.

  • David October 4, 2013, 3:38 pm

    Thanks for your very informative posts. I am in the process of creating a wireless VLAN. I have successfully created two vlans that are getting DHCP addresses from a DHCP server on the data VLAN. This new VLAN will have wireless APs all over the place, not just off one interface of the 5632 ERS. In addition, the fiber on these interfaces will carry DHCP traffic for both the wired and wireless vlans. How do I implement this so the WAPs get appropriate IP addresses?

    • Michael McNamara October 8, 2013, 9:26 pm

      Hi David,

      The answer depends on the wireless equipment you’re going to be using… most vendors support tunnels between the APs and the WLCs utilizing CAPWAP, MINT, LWAPP, etc. In that case you only need to present the VLANs that you’ll need to bridge to the WLAN at the WLC. If you are going to try and bridge the traffic locally at the AP then you’ll obviously need to configure the port and AP for 802.1q trunking to carry multiple VLANs.

      Good Luck!

      • David October 9, 2013, 8:56 am

        Thank you for your answer. The VLAN is created correctly, I have confirmed that by pinging all of the VLAN 17 switch interfaces from PCs on the other VLANs. What I am having trouble with is getting a DHCP address to the wireless clients from the VLAN 17 pool. The DHCP server is on VLAN1, and I have the following statements in the 5632 ERS:

        ip dhcp-relay fwd-path 10.17.1.254 10.1.20.101
        interface vlan 17
        ip dhcp relay broadcast

        The DHPC process does not complete. In fact, I connected to the SSID with an Iphone, and it received a 169.254.x.x address, meaning it could not contact a DHCP server. I am trying to troubleshoot with Wireshark, but it is slow going.

        I am working with Avaya to get at the problem, but the tech I am working with is not much help.

        • Michael McNamara October 13, 2013, 10:06 am

          Hi David,

          You’ve enabled DHCP on the VLAN interface along with creating the relay, yes?

          interface vlan 17
          ip address 10.17.1.254 255.255.255.0
          ip dhcp-relay mode bootp_dhcp
          exit
          ip dhcp-relay fwd-path 10.17.1.254 10.1.20.101
          

          In the logs of your DHCP server can you see the DHCP requests? If you don’t have access to the logs setup a packet trace.

          As previously suggested I would advise you to just connect to a PC to a port in VLAN 17 and confirm that DHCP works properly. If that works then you know the issue isn’t with DHCP but with your wireless configuration and/or Access Point.

          The switch can ping the DHCP server?

          Good Luck!

  • David October 14, 2013, 11:06 am

    Thanks for your response. I have connected a laptop to the port, and it is getting an address from the VLAN 17 pool. I had a subnet mask mismatch in the DHCP pool. However, I cannot ping any of the VLAN 17 devices from VLAN 1. There is a route on the switch to the 10.17.0.0 network.

    I am using ports 2/33-35 for VLAN 17. I have them tagged UntagPvidOnly. The Pvid on these ports is set to 17. If I configure the ports to be members of VLAN 17 only, the devices get IP addresses from the VLAN 17 scope, but I cannot ping them from VLAN 1. If I make the ports members of VLAN 1 and VLAN 17, the devices get IP addresses from the VLAN 1 scope. The devices are all directly connected to the switch.

    Is the tagging correct? If so, what could be the issue?

  • sherif November 12, 2013, 3:29 pm

    Hi Michael,
    kindly .. i need best practice configuration for 5520 as L2 for dot1x using NAC solution
    knowing that we have voip on the same network ports .

    • Michael McNamara November 13, 2013, 10:15 pm

      I would suggest looking at the Avaya IP Telephony Deployment Technical Configuration Guide.

      Good Luck!

      • sherif November 14, 2013, 2:52 am

        Many Thanks

        • David February 10, 2014, 5:21 pm

          I have multiple Ethernet Routing switches, but one is the core, and functions as a router. How do they interract? Does one function as the router and the others as L2 switches? Should the ones added after the L3 device route all inter VLAN traffic to the first one?

          For instance, I have six VLANs set up on a 5632 stack in one building. In another building, there are deviices on several VLANs on a 5520. Should theere be a statement in the ip routing section pointing the traffic to the 5632 to get to where it needs to go? I apologize for adding on to this. You mentioned at the top about writing a future post for routing and tagging for VLANs between multiple switches.