Re: Unusual vlan configuration - open to suggestions

KeithC2 · ‎11-13-2020

Hi,

I am a long way from being an expert, but have read up before posting here

I have an unusual application where a switch connects to a number of endpoints, some belong to vlans, others dont. (lets say we are using vlans 2 & 3) or nothing.

I have a an upstream gateway that needs to receive 2 different physical connections, one with tagged data only (vlans 2 & 3) and one with everything apart from the tagged data (i.e vlans 2 & 3 excluded)

I though this would work, but no !

Interface 1 All traffic except tagged vlans

configure t

int gi1

switchport mode trunk

switchport trunk allowed vlan remove 2, 3

no shut

end

Interface 2 vlans tagged traffic only

configure t

int gi2

switchport mode trunk

switchport trunk allowed vlan remove 1

switchport trunk allowed vlan 2,3

no shut

end

Unfortunately i don't see the tagged traffic appearing on interface 2

Any ideas, pointer, advice welcome

balaji.bandi · ‎11-13-2020

Just a quick question is this interface 1 and 2 connected? each other?

tagged in cisco world example : ( rest off traffic under by default native vlan 1, if you do not have mentioned any native vlan)

int gi2

switchport mode trunk

switchport trunk allowed vlan 2,3

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎11-13-2020

I have a couple of comments and suggestions:

- you say some endpoints belong to vlans others don't Unless a switchport is configured as a trunk or is configured with no switchport (which makes it a routed interface) then every switch port is in some vlan. If no vlan is specified then the port belongs in vlan 1. Can you clarify whether you have some routed interfaces configured or just ports belonging to vlan 1?

- your configuration of the interface for not tagged traffic is much more complicated than it needs to be

int gi1

switchport mode trunk

switchport trunk allowed vlan remove 2, 3

no shut

on the trunk any untagged frames would belong to vlan 1. If this switch had some other vlan (either existing now or added at some point) this trunk would be carrying tagged traffic and your expectation was that only untagged traffic would be carried. Your objective could be achieved simply by configuring this interface as an access port in vlan 1.

- it is interesting that you are not seeing tagged traffic on interface 2. Would you post the output of these commands

show interface status

show interface trunk

HTH

Rick

KeithC2 · ‎11-14-2020

Thanks for your reply

I have some more testing to do but i think i have got to bottom of the problem.

And yes i can strip our some commands to make things a but neater, thank you

The untagged traffic needs to enter the switch on a Trunk port (this ensures it gets a vlan tag for the native vlan), by default for ports were all access ports.

Hope this helps someone else

Keith

balaji.bandi · ‎11-14-2020

Glad all working as expected, that what we have explained. you need to TAG and UNTAG to get in to right VLAN, If not they fall under VLAN 1 Default.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

KeithC2 · ‎11-14-2020

Thanks for your reply

I have some more testing to do but i think i have got to bottom of the problem.

The untagged traffic needs to enter the switch on a Trunk port (this ensures it gets a vlan tag for the native vlan), by default for ports were all access ports.

Hope this helps someone else

Keith