Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

VLAN issue

jeff_mock1
Level 1
Level 1

‎01-05-2015 12:21 PM - edited ‎03-07-2019 10:05 PM

I have an HP switch and I am attempting to replace the switch with a cisco SG200-50. The HP currently has a VLAN setup for wireless so that the wireless users cannot touch the production network. When I look at the current config of the HP, there are two VLANs. The Default VLAN where all the ports are untagged and then the Guest VLAN where 5 ports are Tagged and the rest of the ports are set to No. According to the HP site, a port that is  set to No is not a member of the VLAN and switch is not GVRP enabled.

 

Therefore, I have setup my new switch in the same manner. I have two VLANS - the default VLAN that was originally there when I first configured the switch. All of its ports are set to Untagged. I then created a second VLAN and set the 5 ports to Tagged and the rest of the ports to Excluded which I believe is the equivalent of No on the ciscos. However, once I saved the config, I plug my laptop into one of the Tagged ports and am able to talked back and forth with a computer on one of the excluded ports. What could I be doing wrong? I've included some screenshots as well.

Labels:
Preview file
105 KB
Preview file
103 KB
0 Helpful
2 Replies 2

devils_advocate
Level 7
Level 7

‎01-06-2015 03:50 AM

I believe (and I could be wrong) they when you set a Vlan to be 'excluded' on a port, it has the same effect as preventing the Trunk port from passing tagged packets for that specific VLAN.

Your laptop is likely not capable of tagging frames, therefore all its frames are sent 'untagged' and the switch will assign them to the 'native' (i.e untagged) vlan on the switchport, which is Vlan 1 (default). All ports on the switch are untagged in this vlan, therefore your laptop is able to communicate with all the other ports because the frames are all on the same vlan.....the default vlan of 1.

An 'access port', i.e a port which only has a single untagged vlan ID, will not be able to exclude a vlan. Excluding of Vlans is done on trunk ports to ensure the trunk does not pass any traffic which is tagged with one of its excluded vlans.

You may need to look into access lists to achieve what you are trying to do.

Thanks

0 Helpful

Martin Carr
Level 4
Level 4

‎01-07-2015 05:34 AM

HP and Cisco terminology differ, with the latter a trunk is configured, which tags frames, access ports are untagged.

With HP, you have tag and untagged, respectively.

Have you assigned your interfaces to the other VLAN you have created?

You now have two separate logical networks, akin to the HP.

You do not need all your interfaces trunked, as you have on the HP, while this may work, it is not secure and is vulnerable to a 'VLAN hopping' attack.

Typically a trunk/tag is created, between two switches.

 

Martin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card