Thank you Carson,
I should have read the link better although I got confused a little by the term "default VLAN", assuming now that this is the Native VLAN. I think I understand the CLI usage now.
When a native VLAN is defined, the switch automatically executes the vlan trunk allowed all command to ensure that the default VLAN is allowed on the trunk. To only allow specific VLANs on the trunk, issue the vlan trunk allowed command specifying only specific VLANs.
Original Message:
Sent: 1/29/2025 3:01:00 PM
From: chulcher
Subject: RE: Question about "vlan trunk native"-command
This is directly answered in the above linked documentation.
And then the example later further clarifies the behavior.
If you want an untagged VLAN on the trunk, that VLAN needs to also be allowed.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Jan 29, 2025 02:53 PM
From: parnassus
Subject: Question about "vlan trunk native"-command
Native VLAN, if I recall correctly (this could have changed since first version of AOS-CX 10, as per docs of many years ago), shall be always explicitly added to the list of the allowed VLANs (this in case of an interface operating into "trunk mode") if it was changed by its default value (VLAN Id 1). So if your (new) Native PVID is 20 then you should add 20 among the allowed (10) resulting in allowing 20,10.
Original Message:
Sent: 1/29/2025 2:47:00 PM
From: mvanoverbeek
Subject: RE: Question about "vlan trunk native"-command
Thanks for the response, I can only simulate it with on EVE and I am not sure how to rate that. On EVE the behavior is that neither the port-channel nor the port will pass traffic for the native VLAN, if I don't allow the native VLAN on the "allowed VLAN list".
If I don't allow the native VLAN on the trunk, I see the following output.
When I allow the VLAN I see this.
This was the EVE NG setup on AOS 10.14.1000
So unfortunately, still not 100% confident about the behavior on an actual switch, at least it isn't aligning with the documentation.
| Martijn van Overbeek | | Architect | | | | | |
Original Message:
Sent: 1/29/2025 11:47:00 AM
From: parnassus
Subject: RE: Question about "vlan trunk native"-command
Hello Martijn, to me there shouldn't be any difference (between allowing a VLAN id on a physical interface and allowing it on a logical LAG interface).
Physical interface (operating in trunk mode):
interface 1/1/1
vlan trunk native 20
vlan trunk allowed 20,<and other VLAN id(s) as tagged, as required <- to justify the "trunk mode" of operation>
LAG (logical) interface (operating in trunk mode):
interface lag 1
lacp mode active
vlan trunk native 20
vlan trunk allowed 20,<and other VLAN id(s) as tagged, as required <- to justify the "trunk mode" of operation>
Counter-intuitively (but not too much) the PVID (Port VLAN Id), the one we known as "Native VLAN" of an interface (and the one we learnt to usually recognize as the "untagged" tied to typical access mode of operation of an interface), can be set as tagged (and that's true either on a interface operating in access mode or in a interface operating in trunk mode):
Physical interface (operating in trunk mode):
interface 1/1/1
vlan trunk native 20 tag
vlan trunk allowed 20,<and other VLAN id(s) as tagged, as required <- to justify the "trunk mode" of operation>
LAG (logical) interface (operating in trunk mode):
interface lag 1
vlan trunk native 20 tag
vlan trunk allowed 20,<and other VLAN id(s) as tagged, as required <- to justify the "trunk mode" of operation>
As written, the above approach (about the Native VLAN) is valid also for a simple (physical or logical) interface operating in "access mode" (so not carrying other VLAN id(s) other than its own PVID, no matter if this one is set tagged):
Physical interface (operating in access mode):
interface 1/1/1
vlan access 20 (or vlan access 20 tag)
LAG (logical) interface (operating in access mode):
interface lag 1
vlan access 20 (or vlan access 20 tag)
Original Message:
Sent: Jan 29, 2025 10:50 AM
From: mvanoverbeek
Subject: Question about "vlan trunk native"-command
I unfortunately don't have a 6300 at my disposal so would like to ask a question about the syntax of the "vlan trunk native" command
I noticed a difference between the command on a physical port and a lag port. For the lag port it looks like you have to include native the vlan in the trunk allowed list as well, while this is not necessary for the normal port (examples below).
Physical port:
switch(config)# interface 1/1/2
switch(config-if)# vlan trunk native 20
switch(config-if)# vlan trunk allowed 10
Lag port:
switch(config)# interface lag 1
switch(config-lag-if)# no shutdown
switch(config-lag-if)# no routing
switch(config-lag-if)# lacp mode active
switch(config-lag-if)# vlan trunk native 20
switch(config-lag-if)# vlan trunk allowed 20
Is there any reason for this? I can't find any documentation explicitly explaining the difference between a physical or lag port? Lastly what about the command "vlan trunk native tag", does this command impact the outcome of the "vlan trunk allowed" command as well?
Links used:
vlan trunk native
vlan trunk native (LAG)
vlan trunk native tag
Thanks
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------