cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bign8a
New Contributor

Tag Native VLAN on 1238P

Jump to solution

Hello,

I'm currently setting up a Netvanta 1238P with a firewall which will not recognize both tagged and untagged traffic on the same trunk port. Right now the switch is configured with default VLAN 1, VLAN 10, and VLAN 101. The solution around this would be to tag default VLAN 1 on the 1238P, but this appears to be impossible based on what I've read so far. I've avoided this issue before on Cisco switches by creating VLAN 2 and assigning a PVID of 2 to untagged traffic, but I'm not sure how to configure this on the Adtran. Can anyone provide any guidance?

Thanks,

Nate

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
bign8a
New Contributor

Re: Tag Native VLAN on 1238P

Jump to solution

Thanks for the answer! While that configuration would allow all VLANs on the trunk port, it would not actually tag any traffic that is entering the switch untagged, correct?

I suppose I should explain the problem in more detail. The NetVanta is configured with trunk ports connected to Mitel phones that are then connected to workstations. The Mitel tags the phone traffic with VLAN 101 and the workstation traffic is untagged. Since the firewall can't capture the untagged traffic on its trunk port, we were hoping to have it tagged by the NetVanta.

Setting the PVID on a Cisco switch will tag untagged traffic entering the port with a VLAN ID, and I was looking for something similar on the NetVanta.

However, we were able to workaround this problem by installing a dumb switch between the NetVanta and the firewall. We configured a separate trunk port and access port on the firewall and ran cables between them and the dumb switch, which was then connected to the trunk port on the NetVanta. All the traffic from the NetVanta trunk port is hitting both ports on the firewall, but the access port is only capturing the untagged VLAN 1 and the trunk port is only capturing VLAN 101 and VLAN 10.

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: Tag Native VLAN on 1238P

Jump to solution

The NetVanta AoS doesn't use Tagged and Untagged terms in configuration.  When programming an 802.1Q trunk port on the switch, the NATIVE vlan is the "Untagged" VLAN and the others are tagged by default.  That is to say, all untagged packets are placed in the native VLAN.  In fact, all VLANs are assumed tagged unless you specify in the configuration to allow only certain VLANS.  The following Examples should help.

The first being a basic trunk port with VLAN 1 as being native (untagged).    All other VLANs all other VLAN(s) will be accepted on this trunk as long as the VLAN is defined the configuration.

1.  Simple trunk port with two VLANs tagged and native VLAN 1  Since vlan 10 and 101 are defined.  The port will pass untagged packets to VLAN 1 and packets that are tagged with VLAN ID 10 and 101 are passed to their respective VLAN.

vlan 10

name VLAN10

!

vlan 101

name VLAN101

!

interface switch 0/1

description Link to Firewall

switchport mode trunk

no shutdown

The second is the same as the first, but in this case we want to limit the VLAN(s) on the trunk to 1, 10, and 101

interface switch 0/1

description Link to Firewall

switchport mode trunk

switchport trunk allowed vlan 1,10,101

no shutdown

The two work the same, but if you later create more VLAN(s), the second example will not automatically allow them.

I hope this helps.

If your router/firewall will only accept tagged packets, then this would work.  All three VLANs are tagged as VLAN 2 is native/untagged.

vlan 10

name VLAN10

!

vlan 101

name VLAN101

!

vlan 2

name NOTUSED

interface switch 0/1

description Link to Firewall

switchport mode trunk

switchport trunk native vlan 2

no shutdown

R\

bign8a
New Contributor

Re: Tag Native VLAN on 1238P

Jump to solution

Thanks for the answer! While that configuration would allow all VLANs on the trunk port, it would not actually tag any traffic that is entering the switch untagged, correct?

I suppose I should explain the problem in more detail. The NetVanta is configured with trunk ports connected to Mitel phones that are then connected to workstations. The Mitel tags the phone traffic with VLAN 101 and the workstation traffic is untagged. Since the firewall can't capture the untagged traffic on its trunk port, we were hoping to have it tagged by the NetVanta.

Setting the PVID on a Cisco switch will tag untagged traffic entering the port with a VLAN ID, and I was looking for something similar on the NetVanta.

However, we were able to workaround this problem by installing a dumb switch between the NetVanta and the firewall. We configured a separate trunk port and access port on the firewall and ran cables between them and the dumb switch, which was then connected to the trunk port on the NetVanta. All the traffic from the NetVanta trunk port is hitting both ports on the firewall, but the access port is only capturing the untagged VLAN 1 and the trunk port is only capturing VLAN 101 and VLAN 10.

0 Kudos