Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
15723
Views
5
Helpful
1
Comments

How to enable Multi VLAN Access Ports support for two data VLANs on Cisco switches connected to devices that run the VMware operating system

TCC_2
Level 10
Level 10

‎06-22-2009 05:29 PM - edited ‎03-01-2019 04:09 PM

Core issue

Two data VLANs are needed on a single access port when you install VMWare software so that the physical workstation and the virtual workstation need to access separate VLANs. Trunking for this port is not desired, since 802.1x is then not available.

VMware provides for the creation of Virtual Systems on a single host by the provision of an abstraction layer wherein the operating system believes it executes on dedicated hardware but actually executes in a virtual environment. The use of the VMware can significantly help in testing the effects of the Cisco Security Agent on various systems without the high significant costs in physical hardware.

Resolution

Multi VLAN Access Ports (MVAP) are the ports which belong to two VLANs:

  • voice traffic (VVID)
  • data traffic (PVID)

This allows the user to separate VVID and PVID to different VLANs. Currently, the dynamic ports can belong to only one VLAN at a time.

The MVAP solution on all Cisco switches require the second VLAN to be voice VLAN advertized by CDP and in the absence of CDP, it does not work.  Thus, you cannot use MVAP as a data VLAN.  Its only use is for voice. For example, if you have a data VLAN and a voice VLAN, your IP phone at your desk connects to your PC on the same port, however they both need to access two different VLANs.

The only workaround is to create a 802.1Q trunk on the switch to connect the host running VMWare. You can prune the unnecessary VLANs on the trunk link if you see lot of out-discard on the interface that connects to VMWare.

In a PVLAN scenario, if you send traffic from a community port towards the trunk that connects the switch with the VMWare server, there is no issue as the traffic is tagged with the ID of the secondary VLAN.

The problem comes when traffic is sent from a promiscuous port in the switch; that traffic is tagged with the ID of the primary VLAN, which is not allowed in the trunk. Therefore this traffic does not reach the VMWare server.

Refer to the article How to configure trunking between Cisco Catalyst switches that run CatOS and Cisco IOS System Software for more information.

Labels:
Comments
Dumitru Otel
Level 1
Level 1
‎04-01-2013 12:08 PM

"The multi-VLAN port feature is supported only on the Catalyst 2900 XL/3500 XL series switches. This feature is not supported on the Catalyst 4000/5000/6000 series or any other Cisco Catalyst switches."

So, there are two options: Catalyst 2900 XL/3500 XL or you can looking for other vendor, I know a vendor that supports multi-VLAN access port(Hybrid port).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents