Native VLAN tagging work-around?

Similar Messages

• Q-in-Q w/o Native VLAN tag question

  Let's assume that we have Q-in-Q setup between 2 service provider switches.  To run Q-in-Q we want to terminate a trunk into each tunnel port and enable native VLAN tagging to ensure that all customer VLAN's are tagged.  In some cases we may have a customer that wants to connect their own equipment into the tunnel port on our switch, so it wouldn't actually be a trunk - it would be an access port.  If this occurs then there is no inner VLAN tag, only an outer VLAN tag.  Will tunnelling still function properly in this scenario?

  actually this is not true... sorry Kishore 
  Tunneling still works and traffic within the SP core will be singled tagged (with the SP tag only).
  However when you do this you need to be extremely careful specially if you use dot1q trunks in the core with native vlan within the customer range. You might end up in unexpected result in this case.
  See an exmple of a possible issue you might see in this case:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_58_se/configuration/guide/swtunnel.html#wp1008635
  The solution would be to tag native vlan in the SP core or use ISL trunks or use native vlans outside customer range or (logically) use trunk ports on CE device (still paying attention to native vlan though).
  Riccardo

• (Another) Native VLAN tagging question..

  I have completed CCNA 3 course and am in 4 right now. I am still confused about VLAN native commands such as
  sw tr na vl xxx
  When this is on a trunk port, what does it mean?
  Thanks....

  "So does that mean that before the packet goes onto the trunk link it is put into the native VLAN then when it exits the trunk link (on the other side) it is stripped of the VLAN info? "
  No, what your prior quotation decribed is what a switch should do with untagged frames received on a port defined as a VLAN trunk.
  The VLAN tags informs the switch what VLAN a frames belongs to when it is received on a VLAN trunk port, but without such a tag, how does the switch know the intended VLAN? It doesn't, from the frame itself. So, we can often configure a trunk port to place any untagged frames into one VLAN of our choice. In theory, once we define what VLAN untagged frames will be considered a member of, tagged frames, for that VLAN could also be accepted. Both should be treated the same by the receiving switch.
  As for a switch sending packets out a VLAN trunk, normally you would expect all packets to be VLAN tagged although a switch might support sending one particular VLAN frames without tags to support a device, such as the PC described in your quotation, that doesn't understand how to process, or expect, tagged frames.
  If you're wondering how this all comes to be, consider a PC that knows nothing about VLAN tags is connected to an IP phone which does (which connects to the network) and you want to place the two devices on different VLANs. As the PC traffic transits the phone could, in theory, wrap/unwrap the PC traffic with VLANs tags when working with the network switch. However, if the phone fails, you can design the IP phone hardware to keep the link good from PC to the network, but then the IP phone PC VLAN processing would be lost. So for that reason, and the reason, we might want to add/remove an IP phone "in front" of the PC, we want to continue to support untagged frames to/from the PC.
  Altough the frames to the PC are untagged, since we can configure what VLAN untagged frame should be considered per port, we can have different PCs (on different ports) in different VLANs on the switch. (This is very similar to port based VLANs, but instead of being limited to one logical VLAN per port, we're limited to one untagged VLAN per port but can have multiple tagged VLANs per port.)

• WISM Native Vlan tagged

  Hello , We have 6513 Core Switch and WISM , If I ping from the access points subnet to the WISM IP address there is so many request time out and the number of Access Points registered is going up and down
  In the core switch we are tagging the native Vlan as you can see below
  CORE-SWITCH2#sh run | i tag
  vlan dot1q tag native
  and we don't have the command wism module 9 controller 1 native-vlan X because the native vlan is tagged
  could this be the reason ? that its mandatory that the native VLAN is not tagged for the Cisco WISM configuration
  your reply and feed back is highly appreciated
  many thanks

  Cisco recommends to TAG the management interface. Cisco use to state to configure the managment vlan as native. It makes it easier for QoS as well when all vlans are TAGGED.
  What is key is all your WISMs managment interfaces need to be TAGGED or UNTAGGED. You cant have a mix.
  How are yours set up ?

• Native Vlan and tagging

  Hi!
  I have a particular installation on a customer site.
  The management vlan is the number 1 (which is the native vlan) for the whole network and all the switches tag the native vlan.
  So when I plug my AP on a port of a switch configured in trunk mode, it doesn't work.
  How can I resolve this issue?
  Thanks

  Yes, you can specify the native VLAN, though I am not sure if that will enable tagging of that VLAN or not. You might have to try it yourself to see. See the following link for pictures of the pages in question.
  http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#t12
  Because I think it will require a reboot after enabling HREAP but before setting up VLAN support, you might need to set it as an access port while making the changes.
  1. Do not use VLANs for your H-REAP deployment and set the access point switch ports as Access ports in the VLAN you want your users to be in. The AP will need an IP in the user VLAN, but that is not usually a problem. If you do not need multiple user VLANs from different SSIDs, this will be the easiest option.
  2. Disable native VLAN tagging for the ports with APs with the command I listed above.

• Vlan tag issue with Nexus 4001 in IBM Blade Centre

  Hi
  I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
  I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
  The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
  My Nexus 4001 interface configuration is below
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 999
    switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
    spanning-tree port type edge trunk
    speed auto
  The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
  I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
  Thanks
  Greg

  Your configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
  My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
  Regards,
  jerry

• Using Link Aggregation and VLAN tagging with LDOMs

  Hi,
  Anyone know if Link aggregation combined with VLAN tagging works for LDOMs?
  Any links or references would be appreciated.....
  It would be very handy if each LDOM could have multiple interfaces on different VLANs....
  Regards,
  Daniel

  I agree with bzptlx. While you can have vswitch plumbed without net-dev, and then route traffic inside the control domain, so that you can utilize aggregation, it adds complexity, and in some environments it's just impossible.
  I would say that this is number 1 deficiency with LDOM's in general.

• SPT Inconsistent Native Vlan

  Hi,
  I cant figure out why this is showing on switches.
  Core switch brc-k25-1 is using Native Vlan 1
  Access switch c2-k25-5 is using Native Vlan 1
  I get the following error message on the access switch:
  Jun 27 08:57:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
  Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
  Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
  Jun 27 08:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
  Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
  Jun 27 08:57:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  Because of the error, I cannot login to the access switch using the native Vlan IP Address.
  brc-k25-1 config:
  interface GigabitEthernet3/2
   description c2-k25-5
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 1,146,171
   switchport mode trunk
   logging event link-status
   logging event trunk-status
   qos trust dscp
   tx-queue 1
     bandwidth percent 69
   tx-queue 2
     bandwidth percent 1
   tx-queue 3
     bandwidth percent 15
     priority high
   tx-queue 4
     bandwidth percent 15
  end
  brc-k25-1#sh interfaces gigabitEthernet 3/2 switchport
  Name: Gi3/2
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk associations: none
  Administrative private-vlan trunk mappings: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,146,171
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  interface Vlan1
   ip address 172.27.40.254 255.255.255.02
   ip access-group vlan1out out
  ==================================================
  c2-k25-5 config:
  c2-k25-5#sh cdp ne
  Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                    S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                    D - Remote, C - CVTA, M - Two-port Mac Relay
  Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
  brc-k25-1        Gig 1/0/49        138             R S I  WS-C4506  Gig 3/2
  interface GigabitEthernet1/0/49
   description brc-k25-5
   switchport trunk allowed vlan 1,146,171
   switchport mode trunk
  interface Vlan1
   ip address 172.27.40.18 255.255.255.0
  interface Vlan146
   ip address 172.31.146.1 255.255.255.0
  c2-k25-5#sh interfaces gigabitEthernet 1/0/49 switchport
  Name: Gi1/0/49
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk associations: none
  Administrative private-vlan trunk mappings: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,146,171
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none

  Thanks for the replies.
  I did remove the ACL from the VLAN1 but nothing change. Also the allowed VLAN1 was not included in the trunk allowed before, same result as now.
  Jun 30 09:06:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
  Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
  Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
  Jun 30 09:06:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
  Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
  Jun 30 09:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  We have multiple switches attached to the brc-k25-1 and only 2 switches are affected using VLAN1 management. I had to create another VLAN ID so that I can use that IP Address to SSH. Very weird problem.

• Native Vlan LWAP to Controller

  Hi guys,
  I had a LWAP connected to a switch trunk port:
  Port        Vlans allowed on trunk
  Fa1/1       1-4094
  LWAP joined the WLC, then I switched it to FlexConnect Mode. I enabled Vlan Support and used Vlan 1 as Native Vlan.
  Knowing exactly site's SSID I went to the switch and "secured the config":
  interface fa1/1
  switchport trunk allowed vlan none
  switchport trunk allowed vlan add 5, 10
  show interfaces FastEthernet 1/1 switchport 
  Name: Fa1/1
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Trunking VLANs Enabled: 5, 10
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  I did this, assuming that LWAP will communicate with the controller on NATIVE Vlan 1, while vlans 5 and 10 had to be mapped/used to the two site's SSIDs. As you probably assume LWAP got disconnected from the controller.
  I had to switchport trunk allowed vlan add 1 and finally things got as it were. 
  Why does native vlan had to be also allowed on the tagged Vlan list?

  Florin -
  Vlan 1 had to also be allowed because of the command you issued:
  switchport trunk allowed vlan none
  This command effectively prevents any vlans (tagged or untagged) from passing across the trunk link.  Be aware the trunk link will remain in an On state even though you have blocked all vlans from passing through it.  So think of the switchport trunk allowed set of commands as a block/allow set of rules that exists independently of the configuration requirements to create a trunk link such as one native vlan being established/encapsulation being set/negotiation being set.
  Regards,
  Justin
  P.S. here is a link that will help explain it in more detail https://supportforums.cisco.com/document/11836/how-define-vlans-allowed-trunk-link

• [svn] 4295: Move @see tag in ASDoc comment to work around SDK-18256

  Revision: 4295
  Author: [email protected]
  Date: 2008-12-12 08:57:11 -0800 (Fri, 12 Dec 2008)
  Log Message:
  Move @see tag in ASDoc comment to work around SDK-18256
  QE Notes: None
  Doc Notes: None
  Bugs: -
  Ticket Links:
  http://bugs.adobe.com/jira/browse/SDK-18256
  Modified Paths:
  flex/sdk/trunk/frameworks/projects/framework/src/mx/printing/PrintDataGrid.as

  Submitted On 04-MAY-2007
  exaid6
  Further investigation reveals that if I unpack the jar file in a directory (jar xvf xxxx.jar) and change the classpath to "." instead of the jarfile, the program launches perfectly. This is definintely a bug in the classpath handling of big jar files on certain systems, or something of that sort. (Note: I'm using java sdk 6u1, 32 bit CentOS Linux.)
  Submitted On 27-SEP-2007
  I've encountered the same problem on RH FC6.
  If you take a look at the script you will see this line tail +368 "$0" which attempts to extract the remaining lines into a separate jar file. This line may not work on all versions of Linux. A proper way to use Linux version of tail utility is: tail -n +368 "$0". Anyways, you can manually extract the jar file if you are getting tail +368 file not found error message when running the script.
  After you extract the jar file you can run it via the command line like so
  java -classpath .:./tmp/jwsdp.jar -Djava.ext.dirs= -D.java.endorsed.dirs= -Dtemp.dir=/opt/java/jwsdp/tmp -Dis.debug=1 JWSDP
  You should be able to install JWSDP 2.0 successfully on your Linux machine.

• WS-C3750X-48T-L and tag native vlan

  Hi guys,
  I have recently bought a new cisco switch : WS-C3750X-48T-L
  Switch Ports Model              SW Version            SW Image                 
  *    1 54    WS-C3750X-48       12.2(55)SE5           C3750E-UNIVERSALK9-M
  with this licence :
  Index 1 Feature: ipservices     
      Period left: 8  weeks 4  days
      License Type: Evaluation
      License State: Active, Not in Use, EULA not accepted
      License Priority: None
      License Count: Non-Counted
  Index 2 Feature: ipbase         
      Period left: 0  minute  0  second  
  Index 3 Feature: lanbase        
      Period left: Life time
      License Type: Permanent
      License State: Active, In Use
      License Priority: Medium
      License Count: Non-Counted
  I want to tag all native vlan traffic from this switch with the command :
  vlan dot1q tag native.
  I can't see this command on the command line interface. How can I reach this option ?
  Have I to pay something ?
  Thanks for your answers.

  Probably is a license limitation: "Each Cisco Catalyst 3750-E/3560-E or 3750-X/3560-X system is loaded with a universal Cisco IOS® Software image. Universal Cisco IOS Software images contain all Cisco IOS Software features. The level of Cisco IOS Software functionality available is determined by the combination of one (or more) licenses installed on the device."
  More info here: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-x-series-switches/white_paper_c11-579326.html
  You have a lan base license active and in use:
  Index 3 Feature: lanbase        
      Period left: Life time
      License Type: Permanent
      License State: Active, In Use
      License Priority: Medium
      License Count: Non-Counted
  You have an ip service test license but is not active:
  ndex 1 Feature: ipservices     
      Period left: 8  weeks 4  days
      License Type: Evaluation
      License State: Active, Not in Use, EULA not accepted
      License Priority: None
      License Count: Non-Counted
  For more informations about how activate a licence use this link:
  https://supportforums.cisco.com/document/69361/licensing-290035003700
  Regards.

• VLAN Tagging not working on X61 NIC (Intel 82566MM)

  trying to set VLAN on my X61, so i can use VLAN Tagging on my switches.
  on the NIC in Control Panel, click VLAN tab, create a VLAN w/ID "8".  i see the new network connectoid getting created.
  the network cable for the physical NIC says connected, but the new Network Connection connectoid for the VLAN connection says "network cable unplugged" and have red "X" on the icon. 
  plug X61 into a tagged port on router.  do not get an IP address.  Red "X" never goes away.
   back in the VLAN tab, it has VLAN 8 defined.  but says "disabled".
  do not get an IP address for either the network the X61 was on, nor the VLAN. i dont get anything. i plug other machines into the same tagged router port, and it works fine.  therefore, its something with the X61. 
  am seeing this on multiple X61s.  have tried drivers from from Intel: (12/4/2008, v9.12.36.0) and from Lenovo: (3/5/2008 9.7.255.0 -- 7krv24ww).  seeing same behavior on both Win7 and Vista x64
  any thoughts?

  I've just discovered prtconf.
  PCI: 10b7,6356 - class: Ethernet controllerI think that means a 3Com Vortex. So, no networking on this machine
  then.
  Thanks for your time.

• How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

  Hi!
  I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
  I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
  Switch Version is
  Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• Why dot1Q doesn't tag native vlan?

  Why dot1Q doesn't tag native vlan?
  Is there any reason? Or Is there any advantage with this ?
  Regards,
  Chandu

  Chandu
  The native vlan is there to support connectivity to switches that do not support vlan tagging so that if the switch on the other end of the link cannot interpret frames with vlan tags added it can still process the non tagged native vlan packets.
  Nowadays most, if not all, switches do understand vlan tagging so it is very rare you need it for it's original purpose and you can in fact on a lot of Cisco switches actually tell the switch to tag the native vlan as well.
  Jon

• Native vlans and tagging

  Hi all, I know i have mentioned this in the other forum, but i need a bit more clarity.
  If I say have a pc plugged into vlan 2, pvid of 2, i gather this means that if ant frame comes in untagged it gets put into vlan 2 right ? ok, well my confusion is what happens to this when it goes over a trunk port, it I put the trunk as member of vlan 1,2,3,etc, will my originally untagged frame that came in and got put into vlan 2 get tagged along the trunk as vlan 2 ?

  Hi Carl,
  I hope i understand ur question correctly :)
  you are asking once farme is tagged with vlan id, what will happen to a frame as it pass through a inter switch trunk port.
  then the asnwer is (using 802.1q trunking protocol)-
  802.1Q does not actually encapsulate the original frame, it sets the EtherType value in the Ethernet header to Tag Protocol ID (TPID) 0x8100, identifying this frame as an 802.1Q frame. It then inserts an extra two-bytes of Tag Control Information (TCI) after the TPID, followed by another two bytes containing the frame's original EtherType. Together the four bytes of TPID and TCI are called the VLAN Tag.
  The format of the TCI is
  15:13 12 11:0
  user_priority CFI VID
  user_priority: a 3-bit field is defined in IEEE 802.1p.
  Canonical format indicator (CFI): a 1-bit indicator used for compatibility between Ethernet and Token Ring networks.
  VLAN ID (VID): a 12-bit field specifying the VLAN to which the frame belongs. A value of 0 means that the frame doesn't belong to any VLAN; in this case the 802.1Q tag specifies only a priority and is referred to as a priority tag. A value of hex FFF is reserved for implementation use. All other values may be used as VLAN identifiers, allowing up to 4094 VLANs. On bridges, VLAN 1 is often reserved for management.
  so ur original vlan tag is retained and other end of trunk port will be able to original vlan id of frame.
  HTH
  rgds
  rajat