Wired

 View Only
last person joined: yesterday 

Expand all | Collapse all

Untagged and tagged Vlan in same port

This thread has been viewed 26 times
  • 1.  Untagged and tagged Vlan in same port

    Posted Jan 27, 2022 08:40 AM
    Hi all,

    I am new to the HPe old switch OS. Just gpoing through some old config.
    Could anyone explain to me why the following vlan is tagged and untagged in the same port (Port 22), to be precise?
    As I understand that you can only have one port for access and another for trunk, why has hpe done it this way?

    vlan 1
    name "DEFAULT_VLAN"
    no untagged 1-12,15-20,22-23
    untagged 13-14,21,24-28
    ip address dhcp-bootp
    ipv6 enable
    ipv6 address dhcp full
    exit
    vlan 12
    tagged 21-22,24
    ip address 10.12.150.254 255.255.255.0
    exit
    vlan 16
    name "Point-Point"
    tagged 22,24

    vlan 50
    untagged 17-20,22
    ip address 192.168.12.254 255.255.255.0
    ip helper-address 192.168.12.252
    ip helper-address 192.168.12.252
    exit


    ------------------------------
    champion nweke
    ------------------------------


  • 2.  RE: Untagged and tagged Vlan in same port

    EMPLOYEE
    Posted Jan 27, 2022 08:56 AM
    Hi Champion!

    Port 22 has VLAN50 and VLAN16 tagged and VLAN12 untagged (native VLAN). VLAN1 has been excluded from the port (disabled).

    "As I understand that you can only have one port for access and another for trunk" - port 22 is a typical 'trunk' where one or more VLANs are tagged and one single VLAN is untagged on the port. That untagged VLAN you can consider it as 'native VLAN' (Cisco term) or 'PVID' (industry standard term).




    ------------------------------
    Ivan Bondar
    ------------------------------



  • 3.  RE: Untagged and tagged Vlan in same port

    MVP GURU
    Posted Jan 27, 2022 10:49 AM
    Hi, well...the port 22's VLAN membership is currently (reduced to what is related to port 22 only):

    vlan 1 no untagged 22
    vlan 12 tagged 22
    vlan 16 tagged 22
    vlan 50 untagged 22

    The above means that port 22 is no more untagged member of Default VLAN 1 and is untagged member of VLAN 50 and tagged member of VLAN 12 and 16.

    If you execute a show vlan port ethernet 22 detail you should see something similar to this:

    Switch# show vlan ports ethernet 22 detail

    Status and Counters - VLAN Information - for ports 22

    Port name:
    VLAN ID Name | Status Voice Jumbo Mode
    ------- -------------------- + ---------- ----- ----- ------
    12 | Port-based No No Tagged
    16 | Port-based No No Tagged
    50 | Port-based No No Untagged

    an Access Port in the HP (ProVision/ArubaOS-Switch) jargon is simply a port that is ONLY untagged (or eventually tagged) member of a specific VLAN ID...that VLAN ID is called the Native VLAN ID (or Port VLAN ID = PVID).

    Untagged when the connected device is VLAN unaware, Tagged IF the connected device is VLAN aware and configured to tag with a specific VLAN ID its outgoing traffic and to admit incoming tagged traffic on that VLAN ID only. Generally the Native VLAN ID concept applies to untagged membership to a VLAN ID other than to the tagged membership to a VLAN ID.

    Trunk port is simply a port carrying more VLAN IDs (so a port that is member of various VLAN IDs), you can have a mix 1 untag + 1 tag, only 1 tag, many tags, 1 untag + many tags...the rule is ONLY one membership can be referenced to one VLAN ID (the famous Native VLAN ID) while more memberships can be referenced to various tagged VLAN IDs. A port can be "orphaned" of the Native VLAN ID when it is not member of an untagged VLAN ID anymore (but it must be necessarily a member of another tagged VLAN ID).

    ------------------------------
    Davide Poletto
    ------------------------------



  • 4.  RE: Untagged and tagged Vlan in same port

    Posted Feb 01, 2022 03:27 AM
    Thanks heaps Ivan. 
    Does it mean that these HP switches do not have an access port by default ?

    Thanks 
    Champ





  • 5.  RE: Untagged and tagged Vlan in same port

    EMPLOYEE
    Posted Feb 01, 2022 05:20 AM
    There is no technical concept of access port. It is just naming, and that is where the ArubaOS / HP Procurve/Provision switches just take a different approach:

    - Access port: means there is just one VLAN assigned to the port, which does not have a vlan tag (802.1q); optionally there is a voice VLAN that has a tagged vlan.
    - Trunk port: means there are multiple VLANs, which have a vlan tag (802.1q); and optionally there can be one 'native VLAN' which then doesn't have a tag.

    interface 1/1/1
       port access vlan 10

    would be: vlan 10 untagged 1/1/1

    interface 1/1/1
       port trunk allowed vlan 11,12,13,14
       port trunk native vlan 10

    would be:
       vlan 10 untagged 1/1/1
       vlan 11 tagged 1/1/1
       vlan 12 tagged 1/1/1
       vlan 13 tagged 1/1/1
       vlan 14 tagged 1/1/1

    The difference is that on other switches, the configuration is tied to the interface (add vlans as access/native or trunk allowed), where on ArubaOS switch the configuration is tied to the VLAN (add interfaces in tagged or untagged).

    By default, all ports are untagged in VLAN 1; or in the other terminology: access vlan 1.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Untagged and tagged Vlan in same port

    Posted Feb 01, 2022 07:01 PM

    Many thanks Herman.

    That makes a lot of sense now!!

     

    Regards

    Champion Nweke

    Network and Security Engineer

    Logo, company name  Description automatically generated                                      Perfekt Pty Ltd

                                         Level 1, 936 Glen Huntly Rd

                                         Caulfield South

                                         VIC 3162

                                         Australia

    Direct: 03 9945 2209 | Mobile: 0424 848 135 | Fax: 03 9945 2201

    linked in

     

     

     






  • 7.  RE: Untagged and tagged Vlan in same port

    Posted Feb 01, 2022 08:46 PM
    Port 22 is tagged on VLAN 12, 16, untagged on 50
    HP required a port to be untagged in not more than 1 VLAN, and tagged in any number of VLAN's.

    I guess it would be similar to dual mode, where a port can be untagged as the default destination VLAN for untagged frames, and tagged at the same time to handle tagged frames.





  • 8.  RE: Untagged and tagged Vlan in same port

    Posted Feb 07, 2022 05:08 PM

    HI,

     

    I think from what was explained thus far the untagged vlan in this case is the native vlan ID in that interface.. not necessarily an access port. Was this what you meant too?

     

    Regards

    Champion Nweke

    Network and Security Engineer

    Logo, company name  Description automatically generated                                      Perfekt Pty Ltd

                                         Level 1, 936 Glen Huntly Rd

                                         Caulfield South

                                         VIC 3162

                                         Australia

    Direct: 03 9945 2209 | Mobile: 0424 848 135 | Fax: 03 9945 2201

    linked in