HPE Community
Comware Based
1753792 Members
7556 Online
108799 Solutions
New Discussion

Re: Vlan Traffic Question For The Following Example

 
SOLVED
Go to solution
phjohnso
Occasional Contributor

‎04-04-2012 12:20 PM

‎04-04-2012 12:20 PM

Vlan Traffic Question For The Following Example

In the example below I have the following question - let me say that by coming from a whole cisco environment prior to this job that my mind gets a bit cloudy on the untagging / tagging stuff.  Here is my question

 

Will the port traffic from vlan 800 and vlan 700 traverse out over vlan 900?

Vlan 900 in this example is a fiber link  on port 21 to another switch

 

Is this the way to do what I am asking?

 

Thanks in advance.

 

 

 

vlan 1
   name "DMZ-PRI"
   no ip address
   no untagged 1-24
   exit
vlan 800
   name "DMZ-SEC"
   untagged 2,4,6,8,10,12,14,16,18,20
   ip address 10.50.0.4 255.255.255.0
   exit
vlan 900
   name "VLAN900"
   untagged 21-24
   tagged 1-20
   exit
vlan 700
   name "DMZ-PRI"
   untagged 1,3,5,7,9,11,13,15,17,19
   ip address 10.51.0.100 255.255.0.0
   exit

0 Kudos
4 REPLIES 4
Fredrik Lönnman
Honored Contributor

‎04-05-2012 12:20 AM

‎04-05-2012 12:20 AM

Re: Vlan Traffic Question For The Following Example

No, since the vlan 900 doesnt have any ip address it cant route any traffic, only traffic within vlan 900 will traverse the port 21.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
phjohnso
Occasional Contributor

‎04-05-2012 04:50 AM

‎04-05-2012 04:50 AM

Re: Vlan Traffic Question For The Following Example

So having said this - if an ip address is on vlan 900 then this will pass data as expected.

0 Kudos
Fredrik Lönnman
Honored Contributor

‎04-05-2012 04:54 AM

‎04-05-2012 04:54 AM

Re: Vlan Traffic Question For The Following Example

sure. depending on what you need to reach you'll also need the appropriate routes, or a default route.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
phjohnso
Occasional Contributor

‎04-05-2012 07:19 AM

‎04-05-2012 07:19 AM

Solution

Re: Vlan Traffic Question For The Following Example

Let me further clarify my setup as I may have mistated.

 

What this configuration represents is a 2 switch DMZ security zone connected to the dmz interface of an ASA 5520

 

The vlan config is as follows from both switches.

 

On switch A

 

vlan 1
   name "not used"
   no ip address
   no untagged 1-24
   exit
vlan 800
   name "DMZ-SEC"
   untagged 2,4,6,8,10,12,14,16,18,20
   ip address 10.50.0.4 255.255.255.0
   exit
vlan 900
   name "VLAN900"
   untagged 21-24
   ip address 10.52.0.1 255.255.255.0
   tagged 1-20
   exit
vlan 700
   name "DMZ-PRI"
   untagged 1,3,5,7,9,11,13,15,17,19
   ip address 10.51.0.3 255.255.255.0
   exit

 

---------------------------------------------------------------------------------------------

 

 

On Switch B

 

vlan 1
   name "not used"
   no ip address
   no untagged 1-24
   exit
vlan 800
   name "DMZ-SEC"
   untagged 2,4,6,8,10,12,14,16,18,20
   ip address 10.50.0.5 255.255.255.0
   exit
vlan 700
   name "DMZ-PRI"
   untagged 1,3,5,7,9,11,13,15,17,19
   ip address 10.51.0.4 255.255.255.0
   exit
vlan 900
   name "VLAN900"
   untagged 21-24
   ip address 10.52.0.2 255.255.255.0
   tagged 1-20
   exit

-------------------------------------------------

 

On switch A

I can ping

 

10.51.0.3

10.50.0.4

10.52.0.1

10.52.0.2 - So I am crossing the vlan 900 inface to the other switch

 

On switch A

I can ping

 

10.51.0.4

10.50.0.5

10.52.0.2

10.52.0.1 - So I am crossing the vlan 900 inface to the other switch

 

 

So even though I have tagged ports 1-20 on each switch on vlan 900 I can't seem to reach completely from one side to the other.

 

Will this not work or am I missing something rediculously obvious?

 

Thanks in advance.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.