Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

5900/5700 and VLAN 1

jonare
Advisor

5900/5700 and VLAN 1

Hey Everyone

 

I am implementing 5900 and 5700 in our core. I have several VLANs comming in on a trunk to the 5900, and from there to the 5700. Once upon a time we started using VLAN 1 as a mangement vlan, and this is now starting to give me problems.

 

When I untagged vlan 2 on the 5700 with the command "port access vlan 2" everything works as expected. When I try to access vlan 1 with the default config or through a hybrid port, there is no connectivity between the plugged-in-device and the network (it seems"). But when I run wireshark on the device I can see the broadcast traffic in VLAN 1.

 

I should also mention that the management port on the switch are connected to VLAN 1.

 

Attaced are running-configs: 5900-current.txt and 5700-current.txt

 

Can anyone help me out?

 

Thanx.

Jon Are Endrerud
5 REPLIES
Vince-Whirlwind
Honored Contributor

Re: 5900/5700 and VLAN 1

It might help if you have a "Description" telling us which switchports are patched to what...

Assuming this port on the 5900 is relevant:

interface Ten-GigabitEthernet1/0/2

port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 2 40 to 41

 

And this is the relevant port on the 5700: 

interface Ten-GigabitEthernet1/0/40
port link-type trunk
port trunk permit vlan 1 to 2 40 to 41

 

This trunk should be successful.

 

I assume this is the port you are having trouble with:

interface Ten-GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 1 untagged

 

Maybe don't use "hybrid". If you do, I think you need to set the PVID on the port.

 

 

 

 

jonare
Advisor

Re: 5900/5700 and VLAN 1

Your assumption about the ports are correct. Sorry about not providing a description.

 

What im trying to do is have several vlans tagged and vlan 1 untagged on the 5700 ports. I really find it strange that i can see the vlan 1 traffic with wireshark, but that Im not able to send data from the device.

 

I will try diffrent configurations and come back to you. 

 

"display interface Ten-GigabitEthernet1/0/2"

 

 Ten-GigabitEthernet1/0/2
Current state: UP
Line protocol state: UP
IP packet frame type: Ethernet II, hardware address: bcea-faac-9064
Description: Ten-GigabitEthernet1/0/2 Interface
Bandwidth: 1000000 kbps
Loopback is not set
Media type is twisted pair
Port hardware type is 10G_BASE_T
1000Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 10000
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
PVID: 1
MDI type: automdix
Port link-type: Hybrid
 Tagged VLANs:   None
 Untagged VLANs: 1(default vlan)
Port priority: 0
Last clearing of counters: Never
 Peak input rate: 137 bytes/sec, at 2011-01-20 17:55:14
 Peak output rate: 1661 bytes/sec, at 2011-01-19 23:12:18
 Last 300 second input: 0 packets/sec 32 bytes/sec 0%
 Last 300 second output: 15 packets/sec 1462 bytes/sec 0%
 Input (total):  22633 packets, 1524564 bytes
         2751 unicasts, 18820 broadcasts, 1062 multicasts, 0 pauses
 Input (normal):  22633 packets, - bytes
         2751 unicasts, 18820 broadcasts, 1062 multicasts, 0 pauses
 Input:  0 input errors, 0 runts, 0 giants, 0 throttles
         0 CRC, 0 frame, - overruns, 0 aborts
         - ignored, - parity errors
 Output (total): 276901 packets, 25966075 bytes
         45595 unicasts, 126830 broadcasts, 104476 multicasts, 0 pauses
 Output (normal): 276901 packets, - bytes
         45595 unicasts, 126830 broadcasts, 104476 multicasts, 0 pauses
 Output: 0 output errors, - underruns, - buffer failures
         0 aborts, 0 deferred, 0 collisions, 0 late collisions
         0 lost carrier, - no carrier

 

Jon Are Endrerud
jonare
Advisor

Re: 5900/5700 and VLAN 1

The problem is solved.

 

I have a 8212zl providing the vlans to the 5900. I had to use "untagged vlan 1" on the egress port on the 8212zl.

 

The config on the 5900 is:

 

interface Ten-GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 to 2 40 to 41
 speed 10000

 

So can i asume that the vlan 1 is always untagged if anything else isnt configured ? Since the vlan 1 is inside the port trunk I assumed it was tagged ?

 

Can anyone help me out with that question.

Jon Are Endrerud
Peter_Debruyne
Honored Contributor

Re: 5900/5700 and VLAN 1

This is expected behavior, since a hybrid port can be member of multiple untagged vlans.

(this mechanism is used for isolated user vlans for instance).

When you make a hybrid port which is intended for some other vlan, make sure to remove the vlan 1 (which is by default permitted) from the port:

int g1/0/1

 undo port hybrid vlan 1

 

In short:

* default incoming untagged traffic is mapped to the PVID. If this PVID is actually allowed on the port, traffic will be forwarded.

* outgoing traffic is controlled by the allowed VLANs

Broadcasts from any allowed VLAN will exit the port, so if you have the default (vlan 1 allowed), your vlan 1 bcast traffic will indeed be visible on the user port.

Since the PVID is set to some other VLAN, the user port will not be able to send any data into VLAN1.

 

best regards,Peter

Vince-Whirlwind
Honored Contributor

Re: 5900/5700 and VLAN 1

jon, your 5700/5900s are different from your 8212 in this respect.

 

The 8212 should explicitly tell you which VLAN (if any) is untagged on a switchport. It can have *only* tagged VLANs on a switchport if you configure it that way. Also, you don't configure switchports as "trunks" - you just add tagged VLANs to it if you want it to be a trunk.

 

Every other vendor (as far as I can recall) always has an untagged VLAN on a switchport that has been configured as a trunk. If no VLAN is explicitly configured as the untagged (native) VLAN, then it will use VLAN1 by default.