HPE Community
Comware Based
1753930 Members
9858 Online
108810 Solutions
New Discussion

Re: Hybrid or Trunk

 
atqquebec
Advisor

‎03-19-2011 12:13 PM

‎03-19-2011 12:13 PM

Hybrid or Trunk

Hi,

 

I would like to know what are typical uses of hybrid ports.  I thought it would be usefull for the switch ports in which I connect servers that have a "shared port iLo".  I usually configure my ports tagged VLAN 1 (management) for iLo and untagged for server's real (OS) NIC.  Of course, I got into problems because in hybrid ports, it forces tagged packets on default VLAN, which is 1 by default, therefore breaking my idea.  I think a trunk port would give exactly what I want, but I thought trunk ports were mostly for ISL (inter-switch links).

 

Thanks,

 

Ugo

0 Kudos
14 REPLIES 14
jborg
Visitor

‎04-04-2011 12:56 PM - edited ‎04-04-2011 12:57 PM

‎04-04-2011 12:56 PM - edited ‎04-04-2011 12:57 PM

Re: Hybrid or Trunk

You typically don't want to use VLAN 1 in a tagged environment, and this might be where some confusion comes from. When using a hybrid port, you specify one or more tagged VLANs, and a single* untagged VLAN. The untagged VLAN should be the same as the default VLAN; for example, to have untagged traffic on VLAN 10 and tagged traffic for VLANs 20 and 30, something like:

 

interface Ethernet1/0/5
 port link-type hybrid
 port hybrid vlan 20 30 tagged
 port hybrid vlan 10 untagged
 undo port hybrid vlan 1
 port hybrid pvid vlan 10
#

 

Note VLAN 10 as both untagged and pvid.

 

* You can have more than one untagged VLAN on a hybrid port, but incoming untagged traffic can belong to only one of them, unless you use protocol VLANs.

 

0 Kudos
pombeii
Frequent Advisor

‎04-06-2011 02:33 AM - edited ‎04-06-2011 02:35 AM

‎04-06-2011 02:33 AM - edited ‎04-06-2011 02:35 AM

Re: Hybrid or Trunk

Some special applications like MAC-based VLAN assignment and multicast VLAN must work on hybrid ports.

 

All incoming untagged traffic on a port, whether it is access, trunk or hybrid, is tagged with PVID (the port VLAN ID, previously also called the default VLAN of the port), which defaults to VLAN 1 and is user configurable. PVID is irrelevant to how the port handle the outgoing traffic from the PVID.

 

The "tagged" and "untagged" for the "port hybrid vlan" command are meaningful only for outgoing traffic.

For example,  to enable a port tag incoming untagged traffic with VLAN 10 and sends the outgoing traffic from VLAN 10 with the VLAN tag removed, we configure 

           "port hybrid pvid vlan 10

          port hybrid vlan 10 untagged" 

To sends the outgoing traffic from VLAN 10 with the VLAN tag intact, we replace "port hybrid vlan 10 untagged" with "port hybrid vlan 10 untagged"

By default, a hybrid port sends outgoing VLAN 1 traffic untagged, however, you can configure "port hybrid vlan 1 tagged" so the port send outgoing traffic from VLAN 1 without removing the VLAN tag.  

 

0 Kudos
Justin_Goldberg
Valued Contributor

‎07-20-2011 05:43 PM

‎07-20-2011 05:43 PM

Re: Hybrid or Trunk

bombeii,

 

when you say this: "to enable a port tag incoming untagged traffic with VLAN 10 and sends the outgoing traffic from VLAN 10 with the VLAN tag removed"

 

why would you tag it with vlan 10 and send the traffic out with vlan 10 tag removed?

 

Forgive my newbieness. :robothappy:

0 Kudos
pombeii
Frequent Advisor

‎07-21-2011 02:03 AM

‎07-21-2011 02:03 AM

Re: Hybrid or Trunk

Sorry, I didn't put it in a clear way.

 

The text describes two traffic directions (inbound and outbound) of the same port. Incoming traffic is from PC to switch, outgoing traffic is from swtich to PC. They are different traffic flows.  

Because PC does not support 802.1q, the switch must tag the traffic received from a PC, and remove 802.1q tag before sending traffic to the PC.

 

 

 

0 Kudos
atqquebec
Advisor

‎01-22-2013 11:45 AM

‎01-22-2013 11:45 AM

Re: Hybrid or Trunk

Can you provide more information on "You typically don't want to use VLAN 1 in a tagged environment"?  How would you configure your network if you want to use the shared network port for iLO?  I typically simply set the server's (OS) VLAN untagged and tag vlan 1 for iLO.  I guess I should be doing the opposite (tag the OS VLAN and untag VLAN 1)?

 

For you info, I tried configuring it with something like

 

port link-type hybrid

port hybrid vlan 1 tagged

port hybrid vlan 3 untagged

port hybrid pvid vlan 3

 

(vlan 3 is the server's vlan and vlan 1 is for iLO, using shared network port).  It worked OK except that it wouldn't go through the firewall.  I didn't have time to troubleshoot, so I set it back to dedicated NIC port for iLO.

 

Thanks,

 

Ugo

0 Kudos
Richard Litchfield
Respected Contributor

‎02-01-2013 07:38 PM

‎02-01-2013 07:38 PM

Re: Hybrid or Trunk

There seem to be a limited number of use cases for hybrid ports. I would suggest always sticking to access or trunk ports unless there is a specific problem that is solved by using hybrid ports. (If memory serves, they were originally a bit of kludge to allow a VOIP phone with cascaded PC to work when neither the phone nor PC could be configured to use VLAN tags.)

Hybrid ports are not universally recognised (not standards-based) and may cause other issues. For instance, a hybrid port on a Comware switch has problems talking to ProCurve switch port.
0 Kudos
Peter_Debruyne
Honored Contributor

‎02-04-2013 04:24 AM

‎02-04-2013 04:24 AM

Re: Hybrid or Trunk

I cannot fully agree on this.

There is tagged and untagged traffic, so that has nothing to do with the port type (hybrid/trunk), so communication between a procurve and h3c should just work, with hybrid or trunk port (or must be config mistake).

 

Essentially, the hybrid port allows everything from the trunk port, plus : it allows more control over the untagged traffic.


If you do not need this control, you can go for the trunk port.

 

In my installations the rule is simple:

* uplink (switch) ports : trunks

* user/end-node  ports : hybrid

This makes it very simple to distinguish the uplinks to other switches (display port trunk) from the downlink ports to end-points which are vlan-aware (dis port hybrid).

 

The added value for hybrid on untagged is :

* instead of port-based packet processing (port config PVID will decide to which vlan the incoming untagged packets are assigned), the hybrid port supports packet-based vlan processing (based on the values in the incoming ethernet packet).

You could compare it with a tagged link, which is also packet-based vlan processing, but in that case, the switch will read the 802.1q tag value, and use that value to assign the packet to a vlan.

With a hybrid port it is the same, but you just change the relation : the switch can read e.g. the source mac address value of a frame, and assign it to vlan x for maca, vlan y for macb.

 

This sounds complicated, and it is for manual config examples. You could configure for instance a rule so all untagged packets from mac 123456000000 mask ffffff000000 (some printer range) would be assigned to vlan x (the printers vlan), so the packets which are tx on an uplink will be tagged with vlan x. All other untagged packets would not match the rule, so they would be assigned to the PVID vlan configuration.

Essentially, when no rules are defined, all traffic is assigned to the PVID (just like a trunk interface).

 

The power comes when this concept is combined with edge-authentication.

When you enable 802.1x or mac-auth on the port, you can use a central vlan assignment via radius. The first device online  (assume macA) could be assigned to vlan 11. On a traditional port, the untagged port membership changes, so when a second device (macB) comes online and would be assigned to vlan12 by the radius, it cannot come online since the port is already untagged in vlan 11.

Now with the hybrid port, the switch can program the port with the learned first macA and assign it to vlan 11 (better than the manual config!), so when the second device with macB comes online, it programs this macB into vlan 12, and both hosts are online, untagged, on the same port, while they each belong to their own vlan (e.g. dhcp request from macA would be tagged with vlan 11 on uplink, macB with vlan12 on uplink).

This means when an unmanaged switch with 2 internal hosts (like meeting room) would be connected to the hybrid port, 2 internal hosts can be authenticated and assigned to their own vlan at the same point in time.

You could even have a 3th host which fails authentication, so it would be assigned to the guest vlan on the same port.

 

If you do not need this functionality, a trunk port will do fine as well.

 

Best regards,Peter

 

 

 

0 Kudos
atqquebec
Advisor

‎02-21-2013 08:22 AM

‎02-21-2013 08:22 AM

Re: Hybrid or Trunk

In my case, it is not the communication between two switches, it is the configuration of a server port to allow the use of the shared network port for iLO (I know it is not the best practices, but it makes sense in our environment).

 

Ok, so for example:

 

  • My data VLAN is 25 and must be untagged
  • My iLO VLAN is 1 and must be tagged

What kind of configuration must I do under comware?

 

port hybrid pvid 25

port hybrid vlan 1

 

or

 

port hybrid vlan 1 tagged

port hybrid vlan 25 untagged

 

?

 

I didn't find how to have tagged and untagged vlans on the same port using trunk.  I think a trunk is only permit/not permit for vlans.

 

Thanks,

0 Kudos
system_team
Occasional Visitor

‎04-07-2014 07:17 AM

‎04-07-2014 07:17 AM

Re: Hybrid or Trunk

@pombeii wrote:

Some special applications like MAC-based VLAN assignment and multicast VLAN must work on hybrid ports.

 

All incoming untagged traffic on a port, whether it is access, trunk or hybrid, is tagged with PVID (the port VLAN ID, previously also called the default VLAN of the port), which defaults to VLAN 1 and is user configurable. PVID is irrelevant to how the port handle the outgoing traffic from the PVID.

 

"The "tagged" and "untagged" for the "port hybrid vlan" command are meaningful only for outgoing traffic.

For example,  to enable a port tag incoming untagged traffic with VLAN 10 and sends the outgoing traffic from VLAN 10 with the VLAN tag removed, we configure port hybrid vlan 10 untagged"  

By default, a hybrid port sends outgoing VLAN 1 traffic untagged, however, you can configure "port hybrid vlan 1 tagged" so the port send outgoing traffic from VLAN 1 without removing the VLAN tag. "


if so- what is the difference in the outgoing traffic between access port and hybrid untagged port?
isn't it just the same?
because in the two situations inbound traffic get tagged and outgoing traffic do not get tagged

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.