SSL VPN
Reply
Contributor
Tigeli
Posts: 11
Registered: ‎09-26-2008
0

Re: 802.1Q tagged VLANs on the internal port

After months of waiting.. =)

From JTAC:

--cut--

It is working as implemented - We use the default VLAN IP as the gateway IP address in the DHCP request.



I would recommend you to contact your sales manager to raise a ENHANSMENT REQUEST [ ER]. Since the product is working as designed, the feature thatyou want can be obtained only by a enhansment request.

--cut--
Trusted Contributor
Munpe_Q
Posts: 192
Registered: ‎10-02-2008
0

Re: 802.1Q tagged VLANs on the internal port

[ Edited ]

All,

 

From what I have gathered from this incredibly long thread is that you are trying to use the physical interface (which cannot be tagged) and sub-interfaces (which can be tagged).  I'm going to talk Foundry since that's the evil I know.  On a Foundry, there is what is called dual-mode.  On the physical interface of the switch, you configure it for dual-mode, and tell the interface for what default VLAN you want untagged traffic dropped into.  All other traffic will be tagged (802.1q) and will be dropped into the proper VLAN.

 

Example:

 

conf t

 int e 1

 dual-mode 111

 

vlan 112

 tag e 1

vlan 113

 tag e 1

vlan 111

 untag e 1 

 

 

Someone in the world of Crisco, can you confirm what I'm saying:

 

If a dot1q trunk receives a tagged frame on the native vlan, it drops it.

When a cisco trunk port receives untagged frames it forwards them to the native vlan #1 by default

So, if you want the native VLAN to be something other than 1, you can change the default VLAN, but this does not move STP or other Crisco things from VLAN 1.

Message Edited by Munpe_Q on 11-17-2008 05:54 PM
Message Edited by Munpe_Q on 11-17-2008 05:54 PM
-=Q
Contributor
privatepile
Posts: 42
Registered: ‎05-15-2008
0

Re: 802.1Q tagged VLANs on the internal port

On a Catalyst, I believe that if untagged traffic is received, then it is considered to be that of the "native vlan" (by default 1) and is global.

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: 802.1Q tagged VLANs on the internal port

[ Edited ]

That is correct.  I use this configuration on Catalysts, and all untagged traffic leaving the SA is put on the default VLAN on the turnk port of the switch.

 

Don't know if this suggestion will be useful, but I had some success getting Juniper to move on a "working as designed" issue that I had.  I told them - through the JTAC engineer and my local SE - that if it was "working as designed", then it was "designed as stupid".  I think that applies here too.  If a role has its traffic assigned to a VLAN, and uses DHCP, it makes no sense to send the DHCP request out as untagged traffic.  Or - at the least - you should have the option for the DHCP traffic to be sent on the VLAN.

 

Ken

Message Edited by kenlars on 11-18-2008 09:41 AM
Trusted Contributor
Munpe_Q
Posts: 192
Registered: ‎10-02-2008
0

Re: 802.1Q tagged VLANs on the internal port

OK, so what I said was accurate then.  It will send it to the default VLAN.  The default VLAN on Crisco can be changed, but that doesn't move things like STP or Crisco proprietary stuff over, that still remains on VLAN 1.

 

Word. 

-=Q
New User
JeLonErtZ
Posts: 1
Registered: ‎01-27-2009
0

Re: 802.1Q tagged VLANs on the internal port

So, any news about this issue with external DHCP servers? I'm in contact with the JTAC but luck yet.

 

Regards.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.