cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1592
Views
5
Helpful
7
Replies
Highlighted
Beginner

3750-x and vlan dot1q tag native command

Hello,

I have a 3750-X stack with the following HW & SW revisions:

Cisco-3750-x-stack>show version
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9NPE-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
sCopyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 01:47 by prod_rel_team

ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

Cisco-3750-x-stack uptime is 1 day, 6 hours, 56 minutes
System returned to ROM by power-on
System restarted at 20:27:32 UTC Tue Mar 29 2011
System image file is "flash:/c3750e-universalk9npe-mz.150-2.SE4/c3750e-universalk9npe-mz.150-2.SE4.bin"

License Level: lanbase
License Type: Permanent
Next reload license Level: lanbase

cisco WS-C3750X-48P (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO1524K1J2
Last reset from power-on
2 Virtual Ethernet interfaces
1 FastEthernet interface
104 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       :
Motherboard assembly number     : 73-12553-05
Motherboard serial number       : 
Model revision number           : A0
Motherboard revision number     : C0
Model number                    : WS-C3750X-48P-L
Daughterboard assembly number   : 800-32727-01
Daughterboard serial number     : 
System serial number            : 
Top Assembly Part Number        : 800-31324-02
Top Assembly Revision Number    : C0
Version ID                      : V02
CLEI Code Number                : 
Hardware Board Revision Number  : 0x03

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M
     2 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M


Switch 02
---------
Switch Uptime                   : 1 day, 6 hours, 56 minutes
Base ethernet MAC Address       : 
Motherboard assembly number     : 73-12553-06
Motherboard serial number       : 
Model revision number           : A0
Motherboard revision number     : A0
Model number                    : WS-C3750X-48P-L
Daughterboard assembly number   : 800-32727-03
Daughterboard serial number     : 
System serial number            : 
Top assembly part number        : 800-31324-03
Top assembly revision number    : B0
Version ID                      : V03
CLEI Code Number                : 
License Level                   : lanbase
License Type                    : Permanent
Next reboot licensing Level     : lanbase


Configuration register is 0xF

 

I am trying to setup native vlan tagging using the command "vlan dot1q tag native".   I am entering this when I am in privileged exec mode, and then config mode.   When enter vlan ? it does not show dot1q as an option.   Any thoughts on what I might be missing?   What I am trying to achieve is all ingress untagged traffic (from my Meru controller) will be tagged with VLAN tag 101 as it progresses through my network, and any tagged traffic on vlan 101 which is destined for the port where my Meru controller is located will be delivered to the Meru controller untagged.   I can set this up in this manner on a SG300 Cisco switch, and I believe this is what "vlan dot1q tag native" will achieve if I am understanding correctly.

I welcome suggestions on both why the "vlan dot1q tag native" won't work, and on what I am trying to accomplish.

 

Thx

Bryan

 

7 REPLIES 7
Highlighted

Hi

'tagging' is done by the sending device. 

In your case, if your Meru is sending untagged traffic, which you want in VLAN 101, you would typically make that port a VLAN101 access port. The switch will then tag it with 101 as the traffic passes through to the rest of the network.

If the Meru is sending untagged, then you would send untagged traffic back to it typically. An access port in VLAN 101 would do this naturally.

So:

conf t

int x/x/x    <--- your meru switchport interface

switchport mode access

switchport access vlan 101

exit
Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Highlighted

Hi Aaron,

Thank you for the quick reply.  

The Meru controller uses untagged traffic to talk between the controller and the APs.   It also uses tagged traffic to talk between the controller and the VLANs which I have associated with each of the SSIDs.   I am trying to find a way to do what is normally done with an access port, but do that with an LACP group (801.Q trunk).   Where the untagged traffic entering the network from the controller gets tagged as VLAN 101 as it transits the network, and then traffic which is delivered to that 801.Q trunk on VLAN 101 has the tag removed, but all other traffic entering that port will be appropriately tagged, and the tagged traffic along with the tags well egress from that port to the Meru controller.    I have done this before on a Cisco SG300 switch, but not on the 3750-X core in my home.   If I can't make this work I can front end the Meru controller with an SG300 but now I will be introducing another potential point of failure.

 

Also, do you have any idea why the "vlan dot1q tag native" would not be accepted by the IOS version on this switch stack?

Thx

Bryan

Highlighted

Bryan

I'm not sure i follow.

If you simply want the traffic to be untagged for vlan 101 on the link between the controller and the switch it is connected to but then tagged everywhere else why not just make the native vlan on your trunk link to the controller vlan 101 ie.

int <x> <--- connects to controller
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101

the native vlan is done a per trunk basis so as long as you don't set vlan 101 as the native vlan on any other trunks it will only be untagged on the trunk port connecting to the controller.

If I have misunderstood please clarify.

Jon

Highlighted

John

Sorry if I am not being clear.   The Meru Controller will be sending both tagged and untagged traffic.   When an AP is communicating with the controller it will be untagged traffic.   When the controller is communicating with other devices on the network (outside of the APs) it will be sending tagged traffic.    So I need to be able to configure an etherchannel (LACP group with two ports) to be able to receive tagged traffic on VLANs (2,3,4,81, and 91) and to receive untagged traffic that will be placed on VLAN 101.   Similarly I need the LACP group to be able to deliver traffic from VLANs (2,3,4,81, and 91) as tagged to the Meru controller and traffic from VLAN 101 as untagged to the Meru controller.   I know this seems weird, but I have confirmed this need with Meru on multiple occasions.

I hope this explains the need better.

Thx

Bryan

Highlighted

Bryan

No need to apologise, in fact it may be down to my lack of understanding but from your description -

you have a controller connected to a switch port and on that port you want to configure a trunk link that sends traffic for vlan 101 as untagged and all other vlans as tagged.

Is that correct ?

If so the native vlan on a trunk link is the vlan that is sent without a tag.

So if you do what I suggested any traffic sent to or received from the controller on vlan 101 will not have a tag on that trunk link.

All other vlans will be tagged.

Jon

 

Highlighted

I'm with Jon on this one - this is just a case of a trunk with native vlan set to 101.

Bryan - the concept of trunk tagging all VLANs, with a single VLAN not tagged is simply a dot1q trunk with a specific native VLAN.

i.e. this, on your port-channel interface.

switchport mode trunk

switchport trunk encap dot1q

switchport trunk native vlan 101

You may find you don't need the dot1q command if you are on a platorm that only supports dot1q (i.e. not isl)

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Highlighted

Hi,

First of all to reply to your question: the "vlan dot1q tag native" command is not supported on switches running LAN base feature set (which is your case).

More importantly: the proper switch configuration depends upon the Meru system (dataplane) mode used, ie. whether tunneled (default) or bridged.

Can you please post the "show essid name" command output for any of your essids or the corresponding GUI page (as from the Meru controller).

Thanks & Regards,

Antonin

Content for Community-Ad