How can I interconnect 2x Layer 2 switches to exchange VLANs and use in-band management?

The project:

A building with 12 apartments. Each apartment will get a wifi (e425h) and an ethernet connection (wall socket). The 12 wifi APs will get their PoE and ethernet connectivity from an EX-2028P switch. The wall sockets will get their connection through the remaining interfaces of the EX-2028P, while those which do not fit will get their connection through an additional EX-2010 switch. The AP and wall socket of each apartment will belong to their own VLAN, for a total of 12 VLANs.

All Layer 3 interfaces of the 12 VLANs will be on a UBNT ER-6P router, created as subinterfaces on 2  physical interfaces (there will be 6 subinterfaces on two interfaces). One of the router’s interface (eth0) will connect to the internet and handle NAT. Another router interface, eth4, will be used for in-band management of the router and the switches.

Three of the EX-2028P interfaces will connect to the internet router as follows: Interfaces Gi0/22 and Gi0/23 will connect to router’s eth1 and eth2 respectively to carry the 12 Layer 2 VLANs, with each interface carrying 6 VLANs. Interface Gi0/24 will connect to router’s eth4 for in-band management.

The 12 VLANs will also be created in the EX-2010 switch which will connect to the EX-2028P switch. Gi0/8 interface of the EX-2010 will connect to the Gi0/24 of the EX-2028P. This connection will carry all 12 VLANs from EX-2010 to EX-2028P so they can reach the Layer 3 interfaces on the router for internet access. In addition to the 12 VLANs, the connection will carry in-band management traffic.

The last requirement calls for in-band management of the switches and router. Therefore a subnet is assigned for in-band management, with the Layer 3 interface configured on router’s physical interface eth4 and VLAN 254, named Management, configured on each of the switches along with a VLAN interface to assign the in-band management IP. An interface on each switch is configured as an access port and put in VLAN 254 to connect the management station. No subinterface is used on router’s eth4.

Configurations:

  • Configure interface Gi0/22 of the EX-2028P as trunk connecting to the router’s eth1 to carry VLANs 11, 12, 13, 14, 21 and 22. THIS IS DONE, TESTED AND WORKING, WITH Gi0/22  CONFIGURED AS A HYBRID PORT INSTEAD OF A TRUNK.
  • Configure interface Gi0/23 of the EX-2028P as trunk connecting to the router’s eth2 to carry VLANs 23, 24, 31, 32, 33 and 34. THIS IS DONE, TESTED AND WORKING, WITH Gi0/23  CONFIGURED AS A HYBRID PORT INSTEAD OF A TRUNK.
  • On the EX-2028P configure a new VLAN 254 and a VLAN interface which is for in-band management. Interface Gi0/21 was made member of VLAN 254 and connects as an access port to the router’s eth4 which is configured in the in-band management subnet. Gi0/20 is also an access port, member of VLAN 254. This is where my management PC connects when I am on-site. The VLAN 254 Interface is assigned the IP 192.168.254.2/24. THIS IS DONE, TESTED AND WORKING. ON THE EX-2028P I HAD TO ENABLE ROUTING AND CONFIGURE A STATIC ROUTE “ip route 0.0.0.0 0.0.0.0 192.168.254.1” WITH THE NEXT HOP BEING THE IP OF THE ROUTER’S eth4 INTERFACE. NOW I CAN BROWSE THE INTERNET AND ACCESS ALL APARTMENT SUBNETS WHEN CONNECTED TO THE VLAN 254 OF EX-2028P.
  • A third trunk on the EX-2028P will connect Gi0/24 to the EX-2010 switch, interface Gi0/8. This trunk will carry the traffic of the 12 VLANs. In addition, a VLAN interface will be configured on the EX-2010 for in-band management, just like was done on the EX-2028P above. THIS DOES NOT WORK FOR ANYTHING. I TRIED USING HYBRID MODE INSTEAD OF TRUNK MODE BUT STILL NOTHING WORKS.
    ON THE EX-2010 I CREATED THE 12 VLANs AND ASSIGNED INTERFACES TO THE VLANs AS ACCESS PORTS. A HOST CONNECTING TO THESE PORTS NEITHER GETS AN IP ADDRESS NOR HAS ACCESS ANYWHERE.
    I CREATED VLAN 254, VLAN 254 INTERFACE WITH IP 192.168.254.3/24 AND ADDED A STATIC ROUTE (ip route 0.0.0.0 0.0.0.0 192.168.254.1) FOR THE IN-BAND MANAGEMENT SUBNET. THAT DOES NOT WORK EITHER. I CAN PING THE EX-2028P VLAN 254 INTERFACE (192.168.254.2) BUT NOTHING ELSE GOES THROUGH. THIS PING ALWAYS MISSES A PACKET. THE ROUTER’S ETH4 IS NOT REACHABLE FROM THE EX-2010 MANAGEMENT. WHEN TRYING TO PING VLAN’s 254 GATEWAY (THE ROUTER INTERFACE) NO PACKETS ARE SEND. IN ADDITION, PINGING 8.8.8.8 SENDS NO PACKETS EITHER.

So, what am I doing wrong on the EX-2010? All it should need would be a trunk or a hybrid connection to the EX-2028P in order for the VLANs to pass through. I even thought the image was corrupted and downgraded from 3.1.1-r3 to 3.0.1-r4.

Any help is appreciated.

Hi, your topology is supported. Please make sure Gi0/24 of EX2028P and GI0/8 of EX2010 are configured in Trunk mode in this case. Can you please include the 'show running-config' for EX2028P and EX2010?

Thanks.

Hi tng100 and thank you for getting involved once more!

When I powered on the EX-2010 this afternoon to send you the startup-config files, most of the configuration was missing. Surely it was not because I did not save the configuration I have been working on! After rebuilding the configuration everything seems to be working as it is suppose to. 

One thing I noticed it is that the switch fails to upgrade to release 3.1.1-r3 when using "cnMatrix-EX-3.1.1-r3.img". I upgraded to 3.0.1-r4 using "cnMatrix-EX2K-3.0.1-r4.tar.gz". I did not try loading "cnMatrix-EX-3.1.1-r3.tar.gz" yet.

When I try to tftp the ".img" file, I get the following:

ILCO-SW2# download agent tftp://192.168.0.10/cnMatrix-EX-3.1.1-r3.img
Download is in Progress...
...Completed: 10 %...
...Completed: 20 %...
...Completed: 30 %...
...Completed: 40 %...
...Completed: 50 %...
...Completed: 60 %...
...Completed: 70 %...
...Completed: 80 %...
...Completed: 90 %...

% Image Download Failed [gzip: invalid magic
tar: Child returned status 1
tar: Error is not recoverable: exiting now]

Could it be something wrong with the switch memory?

While playing with the EX-2010 configuration, I came accross the "write startup-config" command. I used it just in case it had something to do with the missing configuration. I rebooted and the configuration was still there. I will be powering off the switch overnight and check tomorrow if everything is there as it is suppose to be.

I am attaching the configuration for both switches.

Hello,

If cnMatrix is running 2.1 or later, you need to use .tar.gz file to upgrade the software.

To save the configuration into flash, please use the commands 'write startup-config' or 'copy running-config startup-config'. The configuration will be restored after reboot.

Please confirm your topology is now working as expected. 

Regards,

Hi,

Yes, the topology works as expected. I also upgraded the EX-2010 using the .tar.gz file and onboarded it to cnmaestro.

Thank you!