Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments
Solved
VLAN Tagging on Cisco 2924 Switch
Posted on 2011-03-06
I am trying to troubleshoot a device connectivity issue which consists of a CPE which tags traffic on it's WAN interface with VLAN 35. I can see the tag in a Wireshark capture. According to the vendor, I need to configure the switch to tag the traffic on VLAN 35 for the WAN interconnect & then strip the VLAN tag on the interface that will send traffic outbound from the switch. So, basically, CPE WAN port connects to tagged port on the 2924 (port 1) and then traffic leaving the switch on port 13 will strip the tag. I've been trying to get this working but just having a whale of a time.
If I do a packet capture I see the DHCP requests with an 802.1Q section with the ID of 35.
Any ideas? The switch is running older code - 12.0(5.4).
The engineer for the device followed up with this:
"Cisco2924 should work for this.
Setup one port on 2924 as 802.1Q Trunking port and connect it to R1000H WAN Ethernet.
Setup one port on 2924 with ingress VLAN tag 35 (egress traffic shouldn’t have any VLAN) and connect it to HDM."
I can setup the 802.1Q trunking port - what exactly is the configuration for the other ingress port?
Thanks,
-Samson
If I do a packet capture I see the DHCP requests with an 802.1Q section with the ID of 35.
Any ideas? The switch is running older code - 12.0(5.4).
The engineer for the device followed up with this:
"Cisco2924 should work for this.
Setup one port on 2924 as 802.1Q Trunking port and connect it to R1000H WAN Ethernet.
Setup one port on 2924 with ingress VLAN tag 35 (egress traffic shouldn’t have any VLAN) and connect it to HDM."
I can setup the 802.1Q trunking port - what exactly is the configuration for the other ingress port?
Thanks,
-Samson
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
4 Comments
Is it a layer 3 connection with an IP address?
I have a similar setup:
vlan 35
interface vlan 35
ip address 1.2.3.1 255.255.255.0
!
interface fast 0/2
switch trunk encap dot1
switch mode trunk
switch trunk allow vlan 35
There is no additional port configuration needed for other ports, only the one connected to the R1000H
I have a similar setup:
vlan 35
interface vlan 35
ip address 1.2.3.1 255.255.255.0
!
interface fast 0/2
switch trunk encap dot1
switch mode trunk
switch trunk allow vlan 35
There is no additional port configuration needed for other ports, only the one connected to the R1000H
Never mind about the vlan interface. Not available on the 2924. Your L3 has be routed someplace else.
You can also add other ports to the same vlan 35, but as access ports.
interface fast 0/4
switch access vlan 35
I guess this would be what they qualify as egress ports.
You can also add other ports to the same vlan 35, but as access ports.
interface fast 0/4
switch access vlan 35
I guess this would be what they qualify as egress ports.
Well, no...
Basically, here is the situation. The CPE is broadcasting for a DHCP address. However, the device is also tagging the frames with VLAN 35 ID.
The vendor is saying we have to tag the inbound interface by using a DOT1Q trunk. However, the outbound interface, while configured as an access port on VLAN 35, has to strip the tag.
That's where i'm having difficulty. I've tried creating the outbound interface with the native VLAN assigned as 35 but packet captures upstream still show the tag applied. Which apparently causes problems.
So, in a nutshell, I need to have the port that connects to the CPE as a DOT1q trunk and the outbound interface on the same switch has to strip the tag.
-Samson
Basically, here is the situation. The CPE is broadcasting for a DHCP address. However, the device is also tagging the frames with VLAN 35 ID.
The vendor is saying we have to tag the inbound interface by using a DOT1Q trunk. However, the outbound interface, while configured as an access port on VLAN 35, has to strip the tag.
That's where i'm having difficulty. I've tried creating the outbound interface with the native VLAN assigned as 35 but packet captures upstream still show the tag applied. Which apparently causes problems.
So, in a nutshell, I need to have the port that connects to the CPE as a DOT1q trunk and the outbound interface on the same switch has to strip the tag.
-Samson
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In this article, we’ll look at how to deploy ProxySQL.
- Databases
- Network Analysis
- Network Operations
- Network Security
- MySQL Server
- Network Architecture, Percona, *proxy servers, *Data Migration
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
- Networking Hardware-Other
- MultiMedia Applications
- Switches / Hubs
- Displays / Monitors
- ATEN Technology
- Hardware, Network Architecture, *Kernel-based Virtual Machine (KVM)
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail. The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month11 days, 19 hours left to enroll
730 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.