- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Tagged, Untagged, and Forbidden? When is forbi...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2021 12:48 PM
тАО02-26-2021 12:48 PM
All,
I'm having some trouble finding the answer to this. When is it appropriate to make a port forbidden on a VLAN? I understand that setting a port as forbidden on a VLAN will make it so that port cannot be a member of that VLAN, but isn't that also the case if it's not specifically marked as untagged on that VLAN? Does that make sense?
I have an Aruba 2530 and would like port 2 to be a member of VLAN 50, all of the rest of the ports to be on the native VLAN. Do I have to set port 2 as untagged for VLAN 50, and set all of the other ports on the switch as forbidden on VLAN 50? Or do I just leave the rest of the ports alone? What is best practice?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2021 07:01 AM
тАО02-27-2021 07:01 AM
SolutionHello
The option "forbid" is only useful if GVRP is enabled on the switch. Some info about GVRP from the manual:
GVRP (GARP VLAN Registration Protocol) is an application of GARP (Generic Attribute Registration Protocol.)It enables a switch to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP and automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediatedevices that are not GVRP-aware.) This operation reduces the chance for errors in VLAN configurations by automatically providing VID (VLAN ID) consistency across the network.
You can find more about GVRP here. The forbid option is also explained here.
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091278en_us
So when GVRP is enabled the switch-port can create dynamically a VLAN membership on the port (or learn dynamically the VLAN on this port) if this VLAN is advertised by a GVRP aware switch connected to this port. The forbit option is used to restrict the GVRP VLAN learning. So the port cannot be member of this VLAN even if GVRP is enabled and the GVRP peer switch advertises this VLAN.
GVRP is disabled by default, you can check the status with show gvrp. If GVRP is disabled, then you dont need to make any port forbidden on any VLAN. Just make port 2 untagged member of VLAN 50 and leave the rest untagged in VLAN 1.
Just want to add a small clarification about the following statement: you said, a port cannot be a member of a VLAN if it is not specifically marked as untagged on that VLAN. This is not entirely true. If a port is tagged on that VLAN it is also a member. You are using the untagged option when you connect end devices or other switches which support only a single VLAN. You used the tagged option when you need to make a port member of more than 1 VLAN. The typicall use case is when port connects to another switch and you want to transport all the VLANs supported on this switches via the same port. When you used the tagged option it is important to make sure that VLAN tagging on both sides is matching. A port can have only one untagged membership and multiple tagged memberships. It must have at least one VLAN membership either tagged or untagged.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2021 08:41 AM
тАО03-01-2021 08:41 AM
Re: Tagged, Untagged, and Forbidden? When is forbidden used?
Emil_G, excellent explanation. Thank you very much for the help. This was very helpful.