VLAN Tagging Question???

Hi friends,
I attached a simple diagram which modelize my question.
As u will see in the sample diagram. I have two networks one has 192.168.1.0/23 as a network address and the other has 10.10.10.0 /24.
I wanna connect these two networks to ASA 5510. But i dont have enough interfaces so i have to use single interface. lets say E1. Also i have an unmanaged switch.
Here is the question: If i configured subinterfaces as E1.100 and E1.200 on ASA. Do i need to set the port on Switch which is connected to ASA as a trunk port? (well.. i couldnt do it... its unmanageable)
Is the following configuration enough to use for my question?
interface ethernet1.100
vlan 100
ip address 192.168.1.1 255.255.254.0
nameif networkA
interface ethernet1.200
vlan 200
ip address 10.10.10.1 255.255.255.0
nameif networkB
or do i need to set any port as trunk?
Thanks alot?

You need trunk port on your switch anyway only one vlan (vlan 100 or vlan 200) can be transfered to ASA.
Over a trunk port you can transfer more than one VLAN traffic.
bye
FCS
Please rate me if I helped.

Similar Messages

Q-in-Q w/o Native VLAN tag question

Let's assume that we have Q-in-Q setup between 2 service provider switches. To run Q-in-Q we want to terminate a trunk into each tunnel port and enable native VLAN tagging to ensure that all customer VLAN's are tagged. In some cases we may have a customer that wants to connect their own equipment into the tunnel port on our switch, so it wouldn't actually be a trunk - it would be an access port. If this occurs then there is no inner VLAN tag, only an outer VLAN tag. Will tunnelling still function properly in this scenario?

actually this is not true... sorry Kishore
Tunneling still works and traffic within the SP core will be singled tagged (with the SP tag only).
However when you do this you need to be extremely careful specially if you use dot1q trunks in the core with native vlan within the customer range. You might end up in unexpected result in this case.
See an exmple of a possible issue you might see in this case:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_58_se/configuration/guide/swtunnel.html#wp1008635
The solution would be to tag native vlan in the SP core or use ISL trunks or use native vlans outside customer range or (logically) use trunk ports on CE device (still paying attention to native vlan though).
Riccardo

(Another) Native VLAN tagging question..

I have completed CCNA 3 course and am in 4 right now. I am still confused about VLAN native commands such as
sw tr na vl xxx
When this is on a trunk port, what does it mean?
Thanks....

"So does that mean that before the packet goes onto the trunk link it is put into the native VLAN then when it exits the trunk link (on the other side) it is stripped of the VLAN info? "
No, what your prior quotation decribed is what a switch should do with untagged frames received on a port defined as a VLAN trunk.
The VLAN tags informs the switch what VLAN a frames belongs to when it is received on a VLAN trunk port, but without such a tag, how does the switch know the intended VLAN? It doesn't, from the frame itself. So, we can often configure a trunk port to place any untagged frames into one VLAN of our choice. In theory, once we define what VLAN untagged frames will be considered a member of, tagged frames, for that VLAN could also be accepted. Both should be treated the same by the receiving switch.
As for a switch sending packets out a VLAN trunk, normally you would expect all packets to be VLAN tagged although a switch might support sending one particular VLAN frames without tags to support a device, such as the PC described in your quotation, that doesn't understand how to process, or expect, tagged frames.
If you're wondering how this all comes to be, consider a PC that knows nothing about VLAN tags is connected to an IP phone which does (which connects to the network) and you want to place the two devices on different VLANs. As the PC traffic transits the phone could, in theory, wrap/unwrap the PC traffic with VLANs tags when working with the network switch. However, if the phone fails, you can design the IP phone hardware to keep the link good from PC to the network, but then the IP phone PC VLAN processing would be lost. So for that reason, and the reason, we might want to add/remove an IP phone "in front" of the PC, we want to continue to support untagged frames to/from the PC.
Altough the frames to the PC are untagged, since we can configure what VLAN untagged frame should be considered per port, we can have different PCs (on different ports) in different VLANs on the switch. (This is very similar to port based VLANs, but instead of being limited to one logical VLAN per port, we're limited to one untagged VLAN per port but can have multiple tagged VLANs per port.)

VLAN tagging and tagging question

Hello,
I have a question about VLAN tagging on a Cisco switch.
I've learned that switches tag frames with VLAN IDs once the frame enters a Trunk port (not when it enters a VLAN port).
Now, if two computers from the same VALN and on the SAME switch talk to each other then logically there should not be any VLAN assignment on the frames (as if they were connected to a hub).
Is that correct please?
TIA

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Just to muddy the waters, since VLAN edge/access ports don't normally tag frames with VLAN IDs, referencing your question about two computers "talking" to each other, it doesn't matter whether the two ports or on the same switch or even different switches; or in the same VLAN or not.
Also understand trunk ports normally tag frames, and edge/access ports don't, but an exception for the former is the "native" VLAN frames aren't tagged, and an exception for the latter, a Voice VLAN will tag frames.

Hyper-V Vlan tagging. Question

Hi everyone,
The question is simple. My NIC is a Realtek PCI GBe familly controller, Priority and VLAN are enabled. I havent any physical switch and when i create an external virtual switch on hyper-v if I add a VM on VLAN 2 why it doesnt have Internet access or can
pingn the router ?
The virtual external switch has no default vlan on it, so it supoosed to be on TRUNK mode. I also have a static route on my router 192.168.2.0/24 -> 192.168.1.254.
If I add a VM with no VLAN tag and manually assign the IP adress it can communicate with the router but if I add a VLAN tag it doesnt.
What you think ?
Thanks

Hi Sir,
>>If I add a VM with no VLAN tag and manually assign the IP adress it can communicate with the router but if I add a VLAN tag it doesnt.
The simple answer is that gateway interface are not in same Vlan as the VM's .
As you know , different vlan can not access each other without route for Vlan .
>>The virtual external switch has no default vlan on it, so it supoosed to be on TRUNK mode.
I assume that you mean the vlan setting when you created external virtual switch :
(Actually , this Vlan setting applies to the virtual NIC for hyper-v host , if you uncheck "Allow management operating system to ..." the vlan setting will unavailable )
Based on my understanding of your case (One NIC connecting to router ), you may need to config "single arm route " on that router (it is a network question not hyper-v ).
Best Regards,
Elton Ji
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

VLAN Tagging

I am trying to utilize a wireless device in a customer site that extends VLAN to the wireless infrastructure. My device does not support VLAN Tagging, so it will not work. My question is this: Is this the norm, requireing end-point devices to insert VLAN Tags in the normal ethernet frame, or do most environments perform the Tag insertion/stripping at teh acces point level. Since they can use multiplpe SSIDs on their access points, can a new SSID be set up for another wireless VLAN that does not require VLAN Tagging?

In a Cisco environment you configure your VLANs on your switches and configure the switchport the AP is connected to as a trunk port. On the AP you define the VLANs and SSIDs and tie each SSID to a VLAN. End devices connect to an SSID and when connected to that SSID are automatically connected to it's matching VLAN. The end device (be it a PC, barcode reader or whatever) doesn't need to know anything about VLANs or which VLAN it needs to connect to, as long as it's associated to the correct SSID it will be on the correct VLAN.

Multi site, multi vlan configuration question

Hi Brian,Good questions.If the router connects to the switch on a VLAN 1 access port then it is a non-issue since the packets are not tagged.If there is a trunk between the router and the switch with tagged traffic, then I would recommend using inside and outside VLANs on the switch. Essentially this is just two VLANs, one for each Wanos interface so that it sits in the middle of the traffic flow. For example the gateway would say be in a VLAN 100 sub-interface on the router. Wanos wan0 would be in VLAN 100 and the lan0 interface remain in VLAN 1 along with the devices. The only way to the gateway is through the bridge. The bridge deployment is almost always the simplest way to get going, but where it is not possible, router mode is also available.Express will be ok for one remote location and if either direction across the WAN is...

Ok, I'm getting ready to setup Wanos for a test run at one of our remote locations. I'm seeing packet loss on the circuit to this specific site and I want to test the packet loss recovery capability of Wanos. Our network topology is point to multipoint with MPLS connections between our main location and each of our 7 remote offices. So at our main location if I read correctly I would have to add a bypass rule for all the other offices that do not have a Wan optimization device.I have to preface my question with this... we have VLAN tagging going on at the remote locations for data and voice. The switch is ultimately responsible for the tagging of the packets. The IP phones and computers are both on completely different networks. The devices are assigned their IP's from the router through DHCP with the data VLAN 1 as the default. The...
This topic first appeared in the Spiceworks Community

LOM VLAN tagging?

All,
I'm wondering if anyone has had any luck getting LOM to do vlan tagging. According to the manpage for ipmitool, it should support it by going "ipmitool lan set vlan id <vlanidnumber>" but it rejects it and prints the acceptable commands for ipmitool lan set, and none of them are vlan.
So, did Apple just compile ipmitool without the vlan option, does the Apple implementation of ipmi not support it? It's a huge pain in the rear to do MAC based vlanning (requires a radius server), so I'd really prefer to do it with vlan tagging, since it should work.
Thanks!

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Just to muddy the waters, since VLAN edge/access ports don't normally tag frames with VLAN IDs, referencing your question about two computers "talking" to each other, it doesn't matter whether the two ports or on the same switch or even different switches; or in the same VLAN or not.
Also understand trunk ports normally tag frames, and edge/access ports don't, but an exception for the former is the "native" VLAN frames aren't tagged, and an exception for the latter, a Voice VLAN will tag frames.

SUN GigaSwift VLAN tagging NIC DLPI support

Is there any DLPI that support the VLAN tagging ?
I have 2 problems using the normal DLPI to setup VLAN tagging of the "ce" driver.
(1) I do DL_ATTACH_REQ , ppa = 223000 (VID=223 of interface 0)
DL_BIND_REQ, dl_type=0x0800, This allows me to tx/rx of IP packet ET_TYPE=0x0800
I cannot rx/tx ARP packet ET_TYPE=0x0806 !!!!!
I have to ATTACH and BIND 223000 with dl_type=0x0806
So for every VLAN ID I have to DL_BIND_REQ for 0x0800 and 0x0806 !!!
Does anyone know if this is right way to do ???
(2) When DL_PROMISCON_REQ dl_type=MULTICAST, I will rx what I transmit !!!
This seems to be wrong !!! Does anyone know how to setup VLAN to receive IP multicast frames ?
Thanks
e-mail: [email protected]

I can't answer your question. But I can confirm that I noticed that as well. It took me a lot of time to figure out it just ain't possible. One of the reasons we don't use it.

Bonding + VLAN tagging

I want to create a bonding (say bond0) with eth0+eth1 and then add to bond0 two different IPs, each one on a different vlan.
I found Arch and non-Arch specific documents that explain either bonding or vlan tagging, but not both at the same time. Moreover, several documents use net-tools.
Which is the suggested/Arch way (if any) to create the bonding "manually" with iproute2 + ifenslave?
Is there any official document about how to get the interface configured at boot time using netcfg + netcfg-bonding?
Please point me to any documentation that I may have missed, but a direct answer to the questions is also appreciated
Thank you a lot.

It doesn't matter to each part (bonding and vlan) that you're using both. Just setup the bond first (1) then setup the VLAN's (2) using "bond0" as the base device instead of eth0, eth1 etc
1) https://wiki.archlinux.org/index.php/Co … ing_or_LAG
2) https://wiki.archlinux.org/index.php/VLAN
As for doing both automatically with netcfg etc, that's something I don't know about, sorry...
Last edited by fukawi2 (2012-02-20 23:21:56)

Collision Domain , Vlan Tagging.

Hi,
Can any one tell me please do we have collisions in a Switch if yes 1. how to avoid Collisions in a switch and 2. Define Vlan Tagging. Can anyone please answer my two questions.
Thanks.

Hi,
1) each port on a switch is a collision domain this is called microsegmentation and you can run full-duplex so the answer is No there are no more collisions in a switched network. apart from shared segment where there is a hub or AP attached
2)on links where multiple VLANS can travel you must have a way of differentiating the VLAN the frame is part of and so you have a field with the VLAN id which is a Tag permitting to recognize the VLAN so the switch knows on which port it can forward the frame when the tag is removed.So a frame enters a port belonging to a particuliar vlan and it is tagged with the vlan id when traversing the trunk( or tagged port) and untagged when forwarded to the destination.
In 802.1Q ther is also the concept of native vlan : frames from this vlan will have no tag, this is a compatibility feature for devices not VLAN aware.
Regards.
Alain.

Native VLAN tagging work-around?

Good Day!
Story here is that I am upgrading my 6500 Metro Ethernet core switch from CatOS to IOS and implementing several security components - one in question is implementing 'vlan dot1q tag native' global command on core switch. Most of my PE switches are 3550 series and are compatible with this configuration. The problem is that I also have several remote legacy 3508G switches that I need to support, and they will not accept this command.
Is anyone aware of a work-around config for these 3508s? So far have not found any help on CCO...
Thanks!

Don't know if you can do this on a Cat6500 running IOS, but here's my idea:
Set the native VLAN on the 3508G end of the 802.1Q trunk to a VLAN that is not going to be used anywhere for access, and match the native VLAN specification on your 6500's corresponding interface. Then, remove that VLAN from the trunk at both ends.
The way I read it, on the 6500 the "vlan dot1q tag native" command would tag outgoing traffic on the native VLAN; and would drop all incoming traffic on the native VLAN that wasn't tagged. But none of that will matter, because removing that one VLAN from the allowed VLAN list on the trunk will leave you with only tagged VLAN traffic on the trunk from the 3508G. CDP will see that the native VLAN is set the same at each end (if you use CDP), so it won't flag any mismatches there. You just won't use the native VLAN on the trunk.
I'm doing something similar with CatOS on a 6509 and 2950G access switches. Setting native VLAN to 1 (the default) on both ends, which makes it untagged; and then removing VLAN 1 from the trunk on both sides, leaving me with only tagged traffic on the trunk.
Now, VLAN 1 is a special case, you can't remove it completely from the allowed VLAN list on a 2950G. The documentation refers to it as "minimizing" VLAN 1: CDP and VTP traffic will still pass over it, as will a couple of other Cisco-centric things; but no user traffic, and no STP BPDUs. Testing it today, I verified the CDP and VTP traffic work in both directions after I cleared VLAN 1 from the trunk and had only one customer VLAN, tagged, on it.
In your situation, you can't remove VLAN 1 at all from a 3508G XL trunk. So just pick another VLAN to throw away as the native VLAN that you remove from the trunk, and transmit VLAN1 tagged across it.
I think DTP uses the native VLAN; so the only drawback to my idea is that you have to manually set the trunk mode rather than letting the switches negotiate it out. (No problem for me, I set them all manually anyway.)
Hope this helps.

VLAN Tagging on vnic

Hi there,
this is my first experience with cisco UCS and I have some problems about vlan tagging and trunking concepts implementation.
VLAN trunking: actually works; I declared all vlans on the dynamic vnic and it looks ok, so, the profiles for vmware are working
VLAN tagging: I don't understand how to do it; in a previous version of the ucs gui, in the vNIC creation, there was the VLAN trunking Yes or No selection that allowed (I think) to simply tag a VLAN on the vnic. I need to tag the VLAN on a vNIC for the baremetal installations.
Do you have any idea?
Thank you
Claudio

Hi Claudio
This question vlan trunking yes or no was indeed weird; the internal implementation of UCS uses always trunking, therefore this question doesn't make sense, and was removed.
If your OS can handle a vlan trunk on a vnic, just select all the vlans you need.
If you have a OS with lots of vnics, with only one vlan per vnic, you tag them as native (therefore no tagging). Your OS is not configured for vlan trunking.
Cheers Walter.

VLAN Tagging on the ACE 4710 Appliance

Hello all,
I have a quick question. How does the ACE 4710 Appliance works with VLAN tagging? I have virtual servers that I am trying to configure behind ACE. The VMs support VLAN tagging. Can I just trunk to link to my core switch and allow the ACE vlans to pass through?
Your help is greatly appreciated.

ACE 4710 support dot1q trunkning.
Configure the interface between 4710 and core switch as a trunk.
Same between your VMS and core switch.
Gilles

VLAN tags over Pseudowire

I have an existing MPLS Pseudowire connection that I need to rework to be able to carry vlan tags instead of just plain L2 frames.
Existing setup:
ME3400 <-> 7206VXR <-> 7206VXR <-> ME3400
The ME3400's customer facing int tags incoming frames, which go over a trunk interface to a 7206VXR subint. The subint is conf'd for pseudowire p2p to the remote 7206VXR which has an identical setup. Subint on a trunk int to a ME3400, cust facing int tied to a matching vlan.
My thought is use QinQ on the switches, with the question being will the 7206s correctly strip off one vlan tag layer, encapsulate the remaining vlan tagged L2 frame for psuedowire, and on the remote end take the pesuedowire packet, decapsulate it, add on the QinQ tag, and shove it back out to the switch? I won't know ahead of time what vlan tags the customer will be looking to pass, so I need to be able to support whatever they try to throw across this link.

Hi,
You can definitely do that, The pseudowire has 2 labels , the outer label represent the (tunnel label), the inner label represent the (Vc label).
The egress 7206Vxr performs lookup at Vc label and forward the frames un labeled to the ME3400.
On the other hand, with QinQ, the customer vlan access port is tunneled across the Service provider Network, this has no affect in your MPLS Forwarding which done at the vxr7206, The outer vlan tag(tagged by the service provider) is stripped out when the frames forwarded firstly unlabeled to the ME3400 at the egress tunnel interface , the inner vlan tag (customer tag) is forwarded untouched (preserved) to the ingress ME3400 interface.
So, from different point,the MPLS provider is transparent for the Customer Vlan traffic even within the MPLS forwarding LSRs, The Only vlan that is binded to the inner label (Vc label) is the service provider access vlan provided to each customer.
HTH
Mohamed

VLAN Tagging Question???

Similar Messages

Maybe you are looking for