Proper management of Dell Switch network / High latency to Core 6248

vlan 1 is routable.  It is correct that the management vlan is not routable.  By default, vlan 1 is the management vlan.  You can change the management vlan to any vlan.

console# configure

console (config)# ip address vlan xxx

I do not really understand the "bogus management IP".  Please post your config file and give more details of the issues you are seeing. 

You should not be having such high latencies to the switch management.  Please also post the output of "show process cpu" when you are seeing the issue. 

Let me rephrase.

If the management VLAN is unroutable, how do I manage the switches from my client or even server VLAN's?

The bogus management IP is basically - create a new management VLAN (just a new vlan nothing special) and use it for management.  Ifnore the IP Addressing config of the switch since you will be able to manage it on any VLAN IP Interface.

!Current Configuration:
!System Description "Dell 48 Port Gigabit Ethernet, 2.1.0.13, VxWorks5.5.1"
!System Software Version 2.1.0.13
!
configure
vlan database
vlan  9-12,16,240,500,4000
exit
snmp-server contact "IT"
hostname "sw-hq-core1"
sntp unicast client enable
sntp client poll timer 1024
sntp server 192.168.10.245
clock summer-time recurring Usa offset 60 zone "CST"
clock timezone -6 minutes 0 zone "CST"
stack
member 1 2
exit
ip address 192.168.253.2 255.255.255.0
ip default-gateway 192.168.253.1
logging file debug


logging buffered debug
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.240.1
bootpdhcprelay enable
bootpdhcprelay serverip 192.168.10.245
interface vlan 9
name "VOIP Network"
routing
ip address  192.168.9.1  255.255.255.0
no ip proxy-arp
exit
interface vlan 10
name "Resources"
routing
ip address  192.168.10.1  255.255.255.0
ip netdirbcast
no ip proxy-arp
exit
interface vlan 11
name "Users - Tech"
routing
ip address  10.0.0.1  255.255.248.0
ip netdirbcast
no ip proxy-arp
exit
interface vlan 12
name "Users - Admin"
routing
ip address  10.0.8.1  255.255.248.0
no ip proxy-arp
exit
interface vlan 16
name "Users - Public Wireless"
exit
interface vlan 240
name "Glue Network"
routing
ip address  192.168.240.2  255.255.255.0
no ip proxy-arp
exit
interface vlan 500
name "Management"


routing
ip address  192.168.254.1  255.255.255.0
no ip proxy-arp
exit
interface vlan 4000
name "Null Network"
exit
username "admin" password BLAHHASH level 15 encrypted
aaa authentication login "defaultList" line
monitor session 1 destination interface 1/g48
monitor session 1 source interface 1/g2
monitor session 1 mode
line console
password BLAHHASH encrypted
exit
no spanning-tree
!
interface ethernet 1/g1
switchport access vlan 500
exit
!
interface ethernet 1/g2
switchport access vlan 240
exit
!
interface ethernet 1/g7
switchport access vlan 10
exit
!
interface ethernet 1/g11
switchport mode trunk
switchport trunk allowed vlan add 9-12,16,500
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g12
switchport mode trunk
switchport trunk allowed vlan add 9-12,16,500
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g13


switchport access vlan 12
exit
!
interface ethernet 1/g14
switchport access vlan 11
exit
!
interface ethernet 1/g25
switchport access vlan 10
exit
!
interface ethernet 1/g26
switchport access vlan 10
exit
!
interface ethernet 1/g27
switchport access vlan 10
exit
!
interface ethernet 1/g28
switchport access vlan 10
exit
!
interface ethernet 1/g29
switchport access vlan 10
exit
!
interface ethernet 1/g30
switchport access vlan 10
exit
!
interface ethernet 1/g31
switchport access vlan 10
exit
!
interface ethernet 1/g32
switchport access vlan 10
exit
!
interface ethernet 1/g33
switchport access vlan 10
exit


!
interface ethernet 1/g34
switchport access vlan 10
exit
!
interface ethernet 1/g35
switchport access vlan 10
exit
!
interface ethernet 1/g36
switchport access vlan 10
exit
!
interface ethernet 1/g37
switchport access vlan 10
exit
!
interface ethernet 1/g38
switchport access vlan 10
exit
!
interface ethernet 1/g39
switchport mode general
switchport general pvid 24
no switchport general acceptable-frame-type tagged-only
exit
!
interface ethernet 1/g41
switchport access vlan 10
exit
!
interface ethernet 1/g42
switchport access vlan 10
exit
!
interface ethernet 1/g43
switchport access vlan 10
exit
!
interface ethernet 1/g44
switchport access vlan 9
exit


!
interface ethernet 1/g45
switchport access vlan 10
exit
!
interface ethernet 1/g46
switchport access vlan 10
exit
!
interface ethernet 1/g47
switchport access vlan 10
exit
exit

show process cpu shows nothing but about 85% on the last line, Kernel/Idle.  It takes a long time to get the data over telnet though cause of the latency and packet loss.  

I'm about to tear down and rebuild the management network off my firewall instead

Cleaned up the config and have CPU stats at the bottom...

I can ping the actual management IP 192.168.254.10 and get 1ms responses.   However if I try to manage the switch by that IP it's mostly unusable.   If I ping any VLAN interface IP on the 6248 from that VLAN, I get 500MS responses still and lots of time outs.   I disabled the port mirroring completely (removed the ports) and disabled logging.  spanning tree is off, there's no cross-connected switches or other network issues other then managing the switch.    I started a firmware download again and it is going at about 1kbps or less... it may finish in a couple hours, thats just wrong...

configure
vlan database
vlan  9-12,16,240,500,4000
vlan association subnet 10.0.0.0 255.255.248.0 11
vlan association subnet 10.0.8.0 255.255.248.0 12
vlan association subnet 10.0.24.0 255.255.248.0 24
vlan association subnet 192.168.9.0 255.255.255.0 9
vlan association subnet 192.168.10.0 255.255.255.0 10
vlan association subnet 192.168.240.0 255.255.255.0 240
exit
!
snmp-server contact "IT"
hostname "sw-hq-core1"
!
sntp unicast client enable
sntp client poll timer 1024
sntp server 192.168.10.245
clock summer-time recurring Usa offset 60 zone "CST"
clock timezone -6 minutes 0 zone "CST"
!
stack
member 1 2
exit
!
ip address 192.168.254.10 255.255.255.0
ip default-gateway 192.168.254.1
ip address vlan 500
!
no logging on
logging file notice
logging buffered warning
!
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.240.1
!
bootpdhcprelay enable
bootpdhcprelay serverip 192.168.10.245
!
interface vlan 9
name "VOIP Network"
routing
ip address  192.168.9.1  255.255.255.0
no ip proxy-arp
exit
!
interface vlan 10
name "Resources"
routing
ip address  192.168.10.1  255.255.255.0
no ip proxy-arp
exit
!
interface vlan 11
name "Users - Tech"
routing
ip address  10.0.0.1  255.255.248.0
no ip proxy-arp
exit
!
interface vlan 12
name "Users - Admin"
routing
ip address  10.0.8.1  255.255.248.0
no ip proxy-arp
exit
!
interface vlan 16
name "Users - Public Wireless"
exit
!
interface vlan 240
name "Glue Network"
routing
ip address  192.168.240.2  255.255.255.0
no ip proxy-arp
exit
!
interface vlan 500
name "Management"
exit
!
interface vlan 4000
name "Null Network"
exit
!
username "user" password password level 15 encrypted
aaa authentication login "defaultList" line
line console
password password encrypted
exit
!
no spanning-tree
!
interface ethernet 1/g1
switchport access vlan 500
exit
!
interface ethernet 1/g2
switchport mode general
switchport general pvid 240
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 240
switchport general allowed vlan add 500 tagged
exit
!
interface ethernet 1/g3
switchport access vlan 500
exit
!
interface ethernet 1/g4
switchport access vlan 11
exit
!
interface ethernet 1/g7
switchport access vlan 10
exit
interface ethernet 1/g10
switchport access vlan 500
exit
!
interface ethernet 1/g11
switchport mode trunk
switchport trunk allowed vlan add 9-12,16,500
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g12
switchport mode trunk
switchport trunk allowed vlan add 9-12,16,500
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g13
switchport access vlan 12
exit
!
interface ethernet 1/g14
switchport access vlan 11
exit
!
interface ethernet 1/g25
switchport access vlan 10
exit
!
interface ethernet 1/g26
switchport access vlan 10
exit
!
interface ethernet 1/g27
switchport access vlan 10
exit
!
interface ethernet 1/g28
switchport access vlan 10
exit
!
interface ethernet 1/g29
switchport access vlan 10
exit
!
interface ethernet 1/g30
switchport access vlan 10
exit
!
interface ethernet 1/g31
switchport access vlan 10
exit
!
interface ethernet 1/g32
switchport access vlan 10
exit
!
interface ethernet 1/g33
switchport access vlan 10
exit
!
interface ethernet 1/g34
switchport access vlan 10
exit
!
interface ethernet 1/g35
switchport access vlan 10
exit
!
interface ethernet 1/g36
switchport access vlan 10
exit
!
interface ethernet 1/g37
switchport access vlan 10
exit
!
interface ethernet 1/g38
switchport access vlan 10
exit
!
interface ethernet 1/g41
switchport access vlan 10
exit
!
interface ethernet 1/g42
switchport access vlan 10
exit
!
interface ethernet 1/g43
switchport access vlan 10
exit
!
interface ethernet 1/g44
switchport access vlan 9
exit
!
interface ethernet 1/g45
switchport access vlan 10
exit
!
interface ethernet 1/g46
switchport access vlan 10
exit
!
interface ethernet 1/g47
switchport access vlan 10
exit
exit



Memory Utilization Report

Status      Bytes
------ ----------
  Free   48413168
 Alloc  147803280

Task Utilization Report

Task                    Utilization
----------------------- -----------
osapiTimer                    1.20%
bcmL2X.0                      0.60%
bcmCNTR.0                     0.30%
bcmLINK.0                     0.40%
bcmL2X.1                      0.60%
bcmCNTR.1                     0.30%
bcmLINK.1                     0.30%
bcmRX                         2.75%
MAC Send Task                 0.10%
MAC Age Task                  0.05%
dtlTask                       0.25%
hapiBpduTxTask                0.10%
hapiRxTask                    0.50%
cmgrTask                      0.05%
RMONTask                      0.05%
unitMgrTask                   0.10%
ipMapForwardingTask           2.05%
tL7Timer0                     0.05%
tArpCallback                  0.10%
lldpTask                      0.25%
Kernel/Interrupt/Idle        89.90%

Total                        100.00%

Hi Mark.  Thank you for the fast response.

I am not too worried about routing VLAN1.  I have basically given this vlan a bogus IP and left it with no assigned ports.

I then create vlans for each of my subnets, 5 of them so far.  I then IP up on each vlan interface and assigned this as the default gateway for all my clients in each subnet.

I have a default route that points to second 6224 that is directly connected to my external firewall.  The second 6224 has a default route that points to the firewall.

The problem I have is that all traffic between the two 6224 switches has high latency and packet loss.  This affects all traffic.  Causes internet browsing to be very slow and VoIP calls to be choppy.

If I remove the 6224 as the default gateway and replace it with a Cisco router, everything works fine.  It is as if the “Virtual Gateways” I have setup cannot keep up with the traffic.

Any ideas?  Is this not the suggested method?  Am I stuck with buying another router.  Any help is greatly appreciated.

I learned a few things.

1) You need an outside router or firewall to route vlan 1, just make a sub-interface off the LAN or DMZ, maybe you already have a MGMT VLAN on the firewall/router...

2) The 6xxx series seems to *** pretty bad at handling broadcasts, and responding to pings on it's virtual interfaces.  When pinging the virtual VLAN IP's, they would go down ALL the time, at least 5 times a day.  This is OK as pass-through traffic isn't being impacted. 

3) Be sure there aren't any storms going on.  I did find some multicast storms going on which were causing problems, also I've found ~30 ARP/sec will cause problems which really suprised me

4) Many firewalls do some level of content filtering, Dell switches don't handle this well...  Pings will be 1ms or less and telnet/ssh access is OK, but HTTP management will be PAINFULL.  This is different on every firewall, should see something in the logs about it then hit up google.

Hope that helps, takes some work but you can make them play nice.

Were you able to find a solutoin to this problem?  I am having the exact same issue...

A couple of things to try.

- enable flow control on your network.  I suspect that you are dropping packets.  The Cisco switch you substituted most likely had more buffer memory than the 6224, so it is able to absorb momentary oversubscription better.

- try the latest version of firmware.  It is 3.0.0.8.  Please note that it has flowcontrol enabled by default (like most switches and all NICs).