VPN with VLan Tagging

Similar Messages

• Mesh Ethernet Bridging with VLAN Tagging Issue

  Hi all.
  I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again.
  Has anyone else seen this? I can't find any relevant bugs.
  Justin

  Hi Saravanan,
  It is one RAP and three MAPs. After a TAC call and 30 hours of monitoring, my VLANs have remained registered. I think the issue was mismatched VLANs to bridge groups an it looks like the mesh bridge may be stable for now. Here is what I was seeing on the RAP and MAPs when the VLANs were deregistering unexpectedly. Notice how VLANs 2 and 10 are mapped to opposite bridge groups on the RAP and MAP:
  After I removed all the VLAN IDs from the Trunk configuration on the MAPs (through each AP's Mesh tab -- Ethernet Bridging config) and then rebuilt the VLAN IDs, I ran the same commands and now see this:
  My very unscientific theory here is that the mismatching was causing consistency checks to fail, so the RAP was just tearing down the registrations after getting bogus or non- responses from the MAPs during the periodic VLAN registration maintenance checks (debug mesh ethernet registration).
  If I have continued issues, I'll post back with updates.
  Thanks for the response!
  Justin

• Create Hyper-V virtual switch with VLAN tagging

  Hello All,
  I would like to create virtual network switch on a physical NIC of the Hyper-V host in Powershell.
  I use "New-VMSwitch" with "-AllowManagementOS $true" and the virtual switch will be ready. I would like to use "Enable virtual LAN identification for management operating system"
  and tag a VLAN to the virtual switch. Can you please help me with an example how to do it in Powershell?

  Start with this walk-through.
  http://www.vnotebook.ca/2013/11/configuring-management-vlan-in-hyper-v.html
  tags are bound to adapters.  A switch must have minimum of one adapter.
  ¯\_(ツ)_/¯

• Using Link Aggregation and VLAN tagging with LDOMs

  Hi,
  Anyone know if Link aggregation combined with VLAN tagging works for LDOMs?
  Any links or references would be appreciated.....
  It would be very handy if each LDOM could have multiple interfaces on different VLANs....
  Regards,
  Daniel

  I agree with bzptlx. While you can have vswitch plumbed without net-dev, and then route traffic inside the control domain, so that you can utilize aggregation, it adds complexity, and in some environments it's just impossible.
  I would say that this is number 1 deficiency with LDOM's in general.

• LOM VLAN tagging?

  All,
  I'm wondering if anyone has had any luck getting LOM to do vlan tagging. According to the manpage for ipmitool, it should support it by going "ipmitool lan set vlan id <vlanidnumber>" but it rejects it and prints the acceptable commands for ipmitool lan set, and none of them are vlan.
  So, did Apple just compile ipmitool without the vlan option, does the Apple implementation of ipmi not support it? It's a huge pain in the rear to do MAC based vlanning (requires a radius server), so I'd really prefer to do it with vlan tagging, since it should work.
  Thanks!

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Just to muddy the waters, since VLAN edge/access ports don't normally tag frames with VLAN IDs, referencing your question about two computers "talking" to each other, it doesn't matter whether the two ports or on the same switch or even different switches; or in the same VLAN or not.
  Also understand trunk ports normally tag frames, and edge/access ports don't, but an exception for the former is the "native" VLAN frames aren't tagged, and an exception for the latter, a Voice VLAN will tag frames.

• ISA550, ISP VLAN tagging?

  Hi,
  Just purchased an ISA550 to replace the ISP's router. I've been told that they use VLAN 101 for internet traffic. My public IP address is allocated from ISP's DHCP server.
  So I need to configure WAN1 for VLAN 101, but since I don't have the IP address/subnet how do I configure the IP setting for WAN/VLAN 101?

  Hi Wei,
  That requires username/password, which isn't needed. It's a regular Ethernet WAN connection with VLAN tagging. The ISP provides triple-play this way. Their Sagem routers supports it out-of-the-box

• ISP with vlan id , cannot dialup

  I use cisco 1921 k9 , made a pppoe setting, here the problem , my ISP come with a vlan ID :620, where should i input this vaule?

  HI,
  Create Sub-interface  with VLAN tag where the IPS modem/Device is connected  and then configure the Dialer interface with PPPOE setting.
  Example:
  Interface Gig 0/0 or 0/1
  no ip address
   duplex auto
   speed auto
  interface Gig0/0.620
   encapsulation dot1Q 620
   pppoe enable group global
   pppoe-client dial-pool-number 1
  end
  interface Dialer0
  ip address  xxxxxxxxxxxx
   ip mtu 1492
   ip nat enable
   encapsulation ppp
   ip tcp adjust-mss 1452
   dialer pool 1
   dialer-group 1
   ppp authentication pap chap callin
   ppp chap hostname  ( Username)
   ppp chap password ( password)
   ppp pap sent-username ( Username) password 7 (Password)
  end

• RV320 and WAN VLAN tagging/IPTV

  I have a fiber connection on WAN1 which only works with VLAN tagging and I can't find a way to make it work without the provider's middleware router (Comtrend C5813)... Is there a way to connect to my FTTH (Lucent I240G-B) router directly? I'm having problems with my IPTV (multicast) service, if it's connect direct to the middleware I can have multiple channels running at once, but if I go back to the RV320 and do the same, everything start to pixelate.
  Using Wireshark I can see that the RV320 is connecting to the different channels with CS4 DSCP marking.
  Any ideas?
  Thank you!

  As you can read above, I'm having problems with my IPTV pixelation/cuts... I need to be able to connect directly to the fiber and have more control over the connection, but I don't see the option on the web admin for PPPOE over VLAN. I don't know if it's a hardware limitation or just software (the GUI).

• (Another) Native VLAN tagging question..

  I have completed CCNA 3 course and am in 4 right now. I am still confused about VLAN native commands such as
  sw tr na vl xxx
  When this is on a trunk port, what does it mean?
  Thanks....

  "So does that mean that before the packet goes onto the trunk link it is put into the native VLAN then when it exits the trunk link (on the other side) it is stripped of the VLAN info? "
  No, what your prior quotation decribed is what a switch should do with untagged frames received on a port defined as a VLAN trunk.
  The VLAN tags informs the switch what VLAN a frames belongs to when it is received on a VLAN trunk port, but without such a tag, how does the switch know the intended VLAN? It doesn't, from the frame itself. So, we can often configure a trunk port to place any untagged frames into one VLAN of our choice. In theory, once we define what VLAN untagged frames will be considered a member of, tagged frames, for that VLAN could also be accepted. Both should be treated the same by the receiving switch.
  As for a switch sending packets out a VLAN trunk, normally you would expect all packets to be VLAN tagged although a switch might support sending one particular VLAN frames without tags to support a device, such as the PC described in your quotation, that doesn't understand how to process, or expect, tagged frames.
  If you're wondering how this all comes to be, consider a PC that knows nothing about VLAN tags is connected to an IP phone which does (which connects to the network) and you want to place the two devices on different VLANs. As the PC traffic transits the phone could, in theory, wrap/unwrap the PC traffic with VLANs tags when working with the network switch. However, if the phone fails, you can design the IP phone hardware to keep the link good from PC to the network, but then the IP phone PC VLAN processing would be lost. So for that reason, and the reason, we might want to add/remove an IP phone "in front" of the PC, we want to continue to support untagged frames to/from the PC.
  Altough the frames to the PC are untagged, since we can configure what VLAN untagged frame should be considered per port, we can have different PCs (on different ports) in different VLANs on the switch. (This is very similar to port based VLANs, but instead of being limited to one logical VLAN per port, we're limited to one untagged VLAN per port but can have multiple tagged VLANs per port.)

• VLAN Tagging on the ACE 4710 Appliance

  Hello all,
  I have a quick question. How does the ACE 4710 Appliance works with VLAN tagging? I have virtual servers that I am trying to configure behind ACE. The VMs support VLAN tagging. Can I just trunk to link to my core switch and allow the ACE vlans to pass through?
  Your help is greatly appreciated.

  ACE 4710 support dot1q trunkning.
  Configure the interface between 4710 and core switch as a trunk.
  Same between your VMS and core switch.
  Gilles

• Cisco/Linksys SLM224G SWITCH: Problem with VLANs

  Hi!
  I'm trying to set up VLANs in my racks. I have some knowledge about VLANs, but I still can't set it up in my way.
  My situation:
  I have PC which contains two virtual machines, which has to works as a routers between three networks: LAN1, LAN2, WAN. It's a bit complicated, but I'll try to draw it:
                                                   |-------------|
  |----------------------------|                   |           e1|-to-eth1-VM2-----WAN
  |VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2
  |eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.
  |                         PC |                   |   SWITCH  e4|
  |VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2
  |eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1
  |----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.
                                                   |-------------|
  gX = Gigabit ports
  eX = 100Mbit ports
  VMX = Virtual machine number
  wire-to = patch-cord connection between ports on the switch
  Schema of routing and logical visibility:
  LAN1---VM1-----VM2---WAN
                |
  LAN2----------|
  Important note is that LAN1 and LAN2 has to be separated (visible only through routers). WAN has to be visible only through VM2 for LAN2 and through by VM1 and VM2 for LAN1. It looks easy, but VLANs which I done on that switch seems to doesn't works.
  I'm doing this like that:
  Step1: VLAN Management / Create VLAN...
  Creating VLANs from 1, 2, 3, 4 (numbers doesn't meters right now - I now that number 1 is restricted at the switch).
  Step2: VLAN Management / Port to VLAN...
  Setting up VLAN1 with ports g1, e5 (both tagged or untagged? - I haven't seen difference)
  Setting up VLAN2 with ports g1, e6, e7, etc...
  Setting up VLAN3 with ports g2, e2, e3, etc...
  Setting up VLAN4 with ports g2, e1
  Step3: VLAN Management / Port Setting...
  Setting up port e1 to PVID4 (frame type=all I suppose, but what with "ingress filtering"?)
  Setting up port e2 to PVID3
  Setting up port e3 to PVID3
  etc...
  Setting up port e5 to PVID1
  Setting up port e6 to PVID2
  Setting up port e7 to PVID2
  etc...
  So, on that configuration and on that switch it doesn't work for me
  I know that switch is seeing MACs from VLANs which are done by PC's, because when I get in "Admin / Dynamic Address" I can see MACs on correct ports and with correct VLAN ID. So the problem is to forward VLANs on their ports, next clear frames from IDs and let packets go (and back: take clear packets, add VLAN ID and send to gigabits ports).
  Showed configuration is the one of many that I tried :/ but I think this one is the best one.
  Or maybe I don't know VLANs as I think and that schema is impossible? Please tell me if I' doing sth wrong.
  Regards
  and waiting for any suggestions,
  Lucas

  You need to make sure that your VirtualMachine can send tagged frames if the VMs share physical ethernet ports on the host.
  I count 4 different LAN segments but you have only 2 physical ports on your PC (router).
  And VM2 requires 3 physical connections according to the list below.
  Depending on the virtualisation software you can maybe create the connection PVM1 to VM2 internally inside the PC (logical connection)
  Are these the connections you require ?
  VM1 --- LAN1
  VM1 --- VM2
  VM2 --- WAN
  LAN2 --- VM2
  Is this correct ? Will your PC, Virtualisation Software/Hypervisor tag frames with VLAn tags ?
  If this is true I can help you configure the switch.
  Jo

• Vlan tag issue with Nexus 4001 in IBM Blade Centre

  Hi
  I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
  I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
  The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
  My Nexus 4001 interface configuration is below
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 999
    switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
    spanning-tree port type edge trunk
    speed auto
  The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
  I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
  Thanks
  Greg

  Your configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
  My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
  Regards,
  jerry

• Installing OVM X86 3.1.1 with Trunk VLAN tag for ovm management network

  Hi Guys
  Can anyone help with network config on the OVM server 3.1.1 basically we need to use vlan tags on trunk port... so i have a subnet from following *(Trunk Allowed VLAN XXX)* from which i need to allocate IP for the OVM server component so that the ovm manager can find the OVM server instance...
  Can you use vlan tags, on trunk port with OVM server 3.1.1???
  Thanks

  Your right there as i later found out the engineers weren't selecting the vlan option when installing the vm server...

• How to get vlan tag programe with mac book air

  how to get vlan tag programe with mac book air,i'm using the usb ethernet adapter

  For prompt help contact TATA.
  For more on this: https://discussions.apple.com/thread/3680625?tstart=270

• Jumpstarting changes with U6:  VLAN tagged interfaces and sysidcfg

  Hello,
  I've been banging my head on U6 for a few days and finally have to give up and cry for help. I can no longer build a jumpstarted server which ends up on a separate VLAN tagged LAN after first reboot.
  I have an existing U5 SPARC jumpstart environment setup. We use VLAN tagging a lot in our environments and by default the only time a non VLAN tagged interface is used is during jumpstart. With the existing jumpstart we are using the following profiles:
  root_password=mypassword
  security_policy=NONE
  timezone=GB
  timeserver=localhost
  terminal=vt100
  network_interface=none {hostname=hostname}
  system_locale=en_GB
  name_service=NONE
  system_locale=CIn the U5 profile we let the jumpstart server obtain its network configuration via DHCP and then obtain the profile above, which excludes all network settings. All the network settings were added as part of a finish script. This worked fine with U5. As far as I can see, with U6 at the point where the sysidcfg is first evaluated it removes the network settings and obviously then kills the jumpstart. So I have had to try a different approach. I have tried both of the following:
  network_interface=PRIMARY { default_route=none protocol_ipv6=no}
  network_interface=PRIMARY { dhcp default_route=none protocol_ipv6=no}However, using either of these causes the ce0, bge0 or whatever to remain defined, instead of the ce200000 and ce206000 interfaces that I have explcitly defined in hostname.ce200000 separately. I also get a number of arp errors on initial reboot, such as
  Nov 20 20:27:29 unknown ip: ip_arp_done: init failed
  Nov 20 20:27:29 unknown /sbin/dhcpagent[44]: configure_v4_lease: cannot set interface flags for ce0: Cannot assign requested addressI don't know if I am barking up the wrong tree but I believe I need to get the server on initial boot (or during finish) to reevaluate a different sysidcfg file. Alternatively, it might need some combination of presence/absence of /reconfigure or /etc/.UNCONFIGURED. I think I might also need to stop /sbin/netstrategy return dhcp specific results (I only use DHCP for jumpstart booting and not for normal boot), but I have no idea how to do that...
  # /sbin/netstrategy
  ufs ce0 dhcpAny help much appreciated!
  thanks
  Paul

  Paul,
  I don't want to suggest that I understand your problem but have you seen the comments about tagged vlans on the Opensolaris LDoms forum?
  Near the bottom of thread [Solaris 10 10/08 (update 6)|http://www.opensolaris.org/jive/thread.jspa?threadID=81505&tstart=0] there is some discussion of tagged vlan support changes with U6.
  It sounds like tagged vlans are going to be a problem with U6.
  have a good weekend,
  Glen