• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

Stripping specific VLAN tag at core switch

We have numerous Allied Telesis 8000GS/24's at the edge and an x908 core switch.

I haven't looked into it before outside of standard tagged/untagged VLANs but what we want to do is tunnel traffic from certain edge ports to the core switch without wasting ports linking back into the general LAN.

For example from a Wireless Bridge to a remote building we want the traffic to go back to the core switch without being passed around other switches (such as if there is large amounts of broadcast traffic being transmitted.

i.e.
Wireless Bridge to an untagged port on the switch,
Switch to the core (VLAN Trunked)
Core strips the VLAN and allows traffic to be redistributed as required.

95% of the traffic will be transmitted to the core switch from the far wireless bridge end.

The madness behind this is that later there will be extended routing and security layers built for certain connections/VLANs but we want to start getting the base for this underway with the configurations on the edge switches so we can later concentrate on the core and router.

Clear as mud?
0
kiwistag
Asked:
kiwistag
  • 6
  • 2
  • 2
1 Solution
 
ArneLoviusCommented:
yes, clear as mud:-(

a diagram might be useful
0
 
asavenerCommented:
If the wireless bridge is connected to an access-layer (untagged) port, then broadcast traffic will go out all of the other ports that are part of that VLAN.

The easiest solution to limit the number of ports that receive the broadcast traffic is to create a VLAN that only has a single access-layer port assigned, and then attach the wireless bridge to that port.

You will have to add the new VLAN to the list of allowed VLANs on the trunk, and the router will no doubt need a new subinterface to handle the tagged VLAN traffic coming over the trunk.
0
 
kiwistagAuthor Commented:
Hi ArneLovius. Damn - I was sure I attached a diagram....
Will try to do it again & attach.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
ArneLoviusCommented:
:-)
0
 
kiwistagAuthor Commented:
This time.
Switch Diagram
0
 
kiwistagAuthor Commented:
I'll escalate this question to Allied Telesis and close it.
Thanks for trying :)
0
 
kiwistagAuthor Commented:
I've requested that this question be deleted for the following reason:

No viable solutions yet.
0
 
asavenerCommented:
I believe I described how to eliminate broadcast traffic from the wireless devices.

The exact desired functionality as described by the original poster is not technically feasible, so I provided a method to limit the broadcast traffic, which is the end result he desired.
0
 
kiwistagAuthor Commented:
The Wireless link passes all traffic and at each end (port interface on the switch) they are set to VLAN Trunk so all except the default VLAN traffic is tagged.
Thinking from another perspective about the issue, you are correct that it is not technically feasible as even if the core switch was set up to strip VLAN tags on ingress, it would not know what to do in egress.
Due to your input however asavener I will assign points as you were correct about the problem but indeed there is no direct solution.
0
 
kiwistagAuthor Commented:
There will be a way to do this in the future using OpenFlow. Although Allied Telesis don't yet support OpenFlow on their AW+ Router OS, it may be the case in the near future that they will.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 6
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now