Wired Intelligent Edge

 View Only
  • 1.  Vlan Tagging

    Posted Jan 17, 2020 11:07 AM
      |   view attached

    OK, I am confused. We DO NOT tag the interface the computer is connected to or do we? I have a computer connected on port 13 on aruba switch. I have an asa connected to port 1 on same switch. I want to ping my ASA that has a sub interface Ethernet1.10 in vlan 10 from computer The interfaces are up. I cannot ping. All other ports are in default vlan.

     

    Vlan 10-------------
    ASA Port 1 untagged or untagged?

    Workstation Port 13 tagged or untagged?

    If I was to uplink switch to another (lets say port 20 on this switch and 20 on the other switch) tagged or untagged?

    Dhcp server connected to other switch (has 2 dhcp scopes, for vlans 1 and 10) tagged or untagged?

    Vlan 1------------
    ASA Port 1 untagged or untagged?

    Workstation Port 13 tagged or untagged?

    If I was to uplink switch to another (lets say port 20 on this switch and 20 on the other switch) tagged or untagged?

    Dhcp server connected to other switch (has 2 dhcp scopes, for vlans 1 and 10) tagged or untagged?

     

    Trk's? Tagged or untagged when used as uplink?

     

    Thanks,

     

    Jroy



  • 2.  RE: Vlan Tagging

    Posted Jan 17, 2020 12:54 PM

    The question is really whether the end device is configured to add an 802.1q tag or not.

     

    Typically desktops/printers/IoT devices do not expect tagged traffic and so would have their VLAN untagged. APs, switches, some servers, VoIP phones may take advantage of multiple VLANs over a single interface, in which case tagging accomplishes that.

     

    On the ASA, it can be either tagged or untagged, depending on configuration. I've done ASA configs both ways, there's no right/wrong way, it depends on your needs.

     

    Workstation most likely would be untagged.

     

    Trunk uplinks, if multiple VLANs need to be carryied over the uplink, would be tagged. In a cisco environment, the native vlan on trunk switchport is the equivelent of an untagged VLAN on our side. The other allowed VLANs on the cisco trunk would be tagged vlans in our context. If a cisco switch would have the port configured as mode access, then the vlan ID would be an untagged VLAN on our side with no tagged VLANs available on the same port. 

     



  • 3.  RE: Vlan Tagging

    Posted Jan 18, 2020 08:42 PM
    Hello, this:
    https://community.arubanetworks.com/aruba/attachments/aruba/CampusSwitching/1918/1/VLAN%2520and%2520Link-Aggregation%2520Interoperability%2520ArubaOS-switch%2520and%2520Cisco%2520IOS.pdf

    worths a read.

    Untagging and Tagging is typically HP...so HP adversus Cisco, as @cclemmer wrote, means that an HP port untagged member of VLAN id X = a Cisco port with PVID id = X...and an HP port that is (too or is only = orphaned of being untagged) a tagged member of various others VLAN ids = a Cisco port that "permits" tagged traffic for packets tagged IEEE 802.1Q with those VLAN ids.


  • 4.  RE: Vlan Tagging

    Posted Jan 23, 2020 12:37 AM
      |   view attached

    OK, see attached pdf. I can never get an IP address on my laptop connected to port 26 from the Vlan10 dhcp server that is configured on windows 2012 server (VM). The Win2012 VM is hosted on on Xenserver. From either switch, I can ping the ASA, I can ping the Xenserver which got it's IP from the correct dhcp server scope on vlan 10. Nothing beyond the aruba switches can get an IP via dhcp for vlan 10. Any idea's? I have added some of the config settings in the pdf.

    Attachment(s)

    pdf
    Corp-Drawing-Vlans-ASA.pdf   454 KB 1 version


  • 5.  RE: Vlan Tagging

    Posted Jan 23, 2020 01:08 AM
    Your laptop's network interface (connected on Port 26) should be set with VLAN id 10 or, conversly, left on default VLAN id 1 and you must change the untagged memership of related Port 26 from 1 to 10 and remove tagged membership of the same port on VLAN 10...in other terms...normally a Client is VLAN unaware so the traffic it manages is flowing untagged...the tagging->untagging process (for packets egressing the Switch port it is connected to) and the untagging->tagging process (for packets ingressing the Switch port it is connected to) both happen indeed at Switch level on that port (remember: client is unaware of that).