HPE Community
Comware Based
1753268 Members
5279 Online
108792 Solutions
New Discussion

Re: Hybrid or Trunk

 
system_team
Occasional Visitor

‎04-07-2014 10:18 PM

‎04-07-2014 10:18 PM

Re: Hybrid or Trunk

@pombeii wrote:

Some special applications like MAC-based VLAN assignment and multicast VLAN must work on hybrid ports.

 

All incoming untagged traffic on a port, whether it is access, trunk or hybrid, is tagged with PVID (the port VLAN ID, previously also called the default VLAN of the port), which defaults to VLAN 1 and is user configurable. PVID is irrelevant to how the port handle the outgoing traffic from the PVID.

 

"The "tagged" and "untagged" for the "port hybrid vlan" command are meaningful only for outgoing traffic.

For example,  to enable a port tag incoming untagged traffic with VLAN 10 and sends the outgoing traffic from VLAN 10 with the VLAN tag removed, we configure port hybrid vlan 10 untagged"  

By default, a hybrid port sends outgoing VLAN 1 traffic untagged, however, you can configure "port hybrid vlan 1 tagged" so the port send outgoing traffic from VLAN 1 without removing the VLAN tag. "


if so- what is the difference in the outgoing traffic between access port and hybrid untagged port?
isn't it just the same?
because in the two situations inbound traffic get tagged and outgoing traffic do not get tagged

 

 

0 Kudos
AJ-Asaad
New Member

‎04-07-2014 10:50 PM

‎04-07-2014 10:50 PM

Re: Hybrid or Trunk

Peter Thanks i like the way went through it.
0 Kudos
MDella
Advisor

‎04-24-2014 04:44 PM - edited ‎04-24-2014 05:16 PM

‎04-24-2014 04:44 PM - edited ‎04-24-2014 05:16 PM

Re: Hybrid or Trunk

Just to follow up with what Peter was talking about...

 

We run a "cloud computing" farm with just under 1000 servers.  These machines are created and destroyed on the fly depending on their "current" use and project.  The way we deal with the creation and destruction issues is that ALL machines are placed on VLAN 15 when unrecognized by the system (this also applies to anyone who brings in an unauthorized laptop into the data center and tries plugging into the network).  VLAN 15 for us has a complete PXEboot environment that puts a "live ramdisk linux image" on the machine (it doesn't do anything to the drive just in case you were accidentally put here) and the live image then takes inventory of the machine and reports it to a central server.

 

Eventually we build the machine out here on VLAN 15 then we insert the MAC address and destination VLANs in our SQL driven radius database.  Since all machines have 2-4 interaces, we might populate several MAC addresses in the DB.  The machine is then rebooted and with the following configuration, voila, its running inside its destination environment.

 

 

#

# Define how we use mac-authentication and the authorization scheme "z5cloud"

#

 mac-authentication

 mac-authentication timer offline-detect 180
 mac-authentication timer quiet 15
 mac-authentication domain z5cloud

#

# Create a scheme "mac-auth" and how it connectes to the actual radius

# system. Note we do not describe how to set up your radius database nor the

# format of the DB entries. Insure your entries are of the format "aa:bb:cc:dd:ee:ff"

# and not the older format "aabb-ccdd-eeff". Also insure the format is lowercase for

# all your hex characters"

#

radius scheme mac-auth
 primary authentication 172.16.1.16
 primary accounting 172.16.1.16
 key authentication cipher <radius cipher password>
 key accounting cipher <radius cipher password>
 user-name-format without-domain
 nas-ip 172.16.1.32
#

# This is the authorization method for the mac-authentication. It uses the radius

# scheme labeled "mac-auth". authentication and authorization are required.

# accounting is only for logging purposes.

#

domain z5cloud

 authentication lan-access radius-scheme mac-auth
 authorization lan-access radius-scheme mac-auth
 accounting lan-access radius-scheme mac-auth
 state active

#

# repeat this for basically ALL interfaces in the data center that need to use

# the mac-authentication method.  This is *highly* dependend on using the hybrid

# mode of the port and *only* the authorization portion of 802.1x

#

interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 15 untagged
 port hybrid pvid vlan 15
 mac-vlan enable
 mac-authentication
 mac-authentication guest-vlan 15

 # speed and stp are to "speed up" negoiations. Use at your own risk

 speed 1000
 stp edged-port enable

#

 

0 Kudos
vcrj
New Member

‎11-17-2015 09:22 AM

‎11-17-2015 09:22 AM

Re: Hybrid or Trunk

 

Hi,

I have not understood the problem very well. with this configuration
port hybrid vlan 52 tagged
port hybrid vlan 41 untagged
port  hybrid  pvid 41

That traffic is forwarded without tags (802.1Q) and with traffic tag refers to a port for a access point for example having VLAN 802.1q trunk 52 and not 802.1Q 41??

 

Thanks

 

best regards

0 Kudos
KAMALESHWAR
New Member

‎06-10-2016 12:34 AM

‎06-10-2016 12:34 AM

Re: Hybrid or Trunk

HI,

 In WLAN controller is config as a  untagged port, all tha access point should be in untagged so we are using hybrid commend in which tha port carry both tagged and untagged.

For ex if i need two WLAN in network i need two vlans, but communicating with Controller to Access point that port should be in access port and to carry two Wlan Info we need two vlan should be tagged .

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.