[nSLUG] Ranting / VLAN Tagging

Stephen Gregory nslug at kernelpanic.ca
Thu May 28 14:51:00 ADT 2015


On Thu, May 28, 2015 at 9:10 AM, chris thompson <ct8ball at gmail.com> wrote:
> So I'm fighting my way through configuring VLAN tagging on various
> equipment,

> if you kind folks could provide any type of insight I would be greatly
> appreciated.

On every switch I have configured a port can pass both tagged VLANS,
and one untagged VLAN. The untagged vlan usually has a name like
default. On some gear vlan 1 is always enabled as untagged on all
tagged ports unless another untagged port is configured. (Cisco
Catalyst 2900 stuff had this limitation.) The standard practice is/was
to not use vlan 1 by explicitly configuring all ports to use a
different vlan or vlans

So:
configure port 12 for vlan 200 untagged (aka default or access vlan).
configure port 18 for vlan 250 tagged.
test ping from port 12 to port 18

the expected result is untagged traffic on port 12 should not go to port 18.

then:
configure port 12 for vlan 250 untagged
configure port 18 for vlan 250 tagged
test ping from port 12 to port 18

the expected result is tagged vlan 250 traffic should appear on port 18.
Unless your server on port 18 is configured for vlan 250 your server
will no respond to the ping, but tcpdump / wireshark should see the
traffic.


More information about the nSLUG mailing list