03-28-2008 11:40 AM - edited 03-05-2019 10:03 PM
We're working with an IDS vendor that cannot analyze 802.1Q tagged packets. Currently we have a Catalyst 37xx Stack with several VLAN's using 802.1Q tagging to trunk to a 2821 with several Ethernet subinterfaces.
Can we remove 802.1Q tagging and still trunk to the subinterfaces?
Solved! Go to Solution.
03-28-2008 12:58 PM
That's correct.
03-28-2008 11:56 AM
I am afraid that's not possible. Without the vlan tag the router wouldn't be able to differentiate which VLAN the traffic belongs to. I don't know if making the switch handle all layer 3 traffic forwarding and making the port connected to 2811 an access port would meet your IDS requirement. As you are probably aware all traffic sent out on the access port wouldn't be tagged.
HTH
Sundar
03-28-2008 12:42 PM
So my best bet here if we want to eliminate 802.1Q is to put the router on it's own VLAN and then have the switch handle all VLAN routing?
03-28-2008 12:58 PM
That's correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide