- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: 2800 Series Switch and vlan config
Switches, Hubs, and Modems
1748021
Members
4885
Online
108757
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 11:40 AM
тАО08-07-2007 11:40 AM
Hi all,
I have been reading about vlans and have a few questions:
1. If a port is untagged into a vlan, will it strip an existing vlan tag from a 802.1q compliant device if it existed and retag it?
2. Similarly, if a port is tagged onto one vlan and the device is setup for another, I assume the switch will drop the packets?
3. If I had a switch that had GVRP enabled, and I had two vlans that were from a security point of view needing to be isolated reliably, are there any ramifications to having ports untagged in the secure isolated vlan and auto in the default vlan? Does that present a security issue under any possible circumstance?
4. I have a pair of switches in two buildings separated by fiber with a couple of GBIC's trunked in each switch setup using LACP. I also have 5 HP servers with NIC teaming setup in the host and both switch ports they each use are trunked (as the docs a former IT helper suggests). What is the correct config for these two different scenarios, or is this correct? Is it correct to team the NIC's and trunk the two ports on the switch?
Thanks so much!
I have been reading about vlans and have a few questions:
1. If a port is untagged into a vlan, will it strip an existing vlan tag from a 802.1q compliant device if it existed and retag it?
2. Similarly, if a port is tagged onto one vlan and the device is setup for another, I assume the switch will drop the packets?
3. If I had a switch that had GVRP enabled, and I had two vlans that were from a security point of view needing to be isolated reliably, are there any ramifications to having ports untagged in the secure isolated vlan and auto in the default vlan? Does that present a security issue under any possible circumstance?
4. I have a pair of switches in two buildings separated by fiber with a couple of GBIC's trunked in each switch setup using LACP. I also have 5 HP servers with NIC teaming setup in the host and both switch ports they each use are trunked (as the docs a former IT helper suggests). What is the correct config for these two different scenarios, or is this correct? Is it correct to team the NIC's and trunk the two ports on the switch?
Thanks so much!
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 05:59 PM
тАО08-07-2007 05:59 PM
Re: 2800 Series Switch and vlan config
1.Not so simple 8)) That packets will be rejected by the switch.
2.The same.Port tagged for one vlan can't receive packets assigned to another vlan.
3.Seems to me there is not security issue on that configuration.
4.All your scenarios are correct, be care 8))))
2.The same.Port tagged for one vlan can't receive packets assigned to another vlan.
3.Seems to me there is not security issue on that configuration.
4.All your scenarios are correct, be care 8))))
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 02:06 AM
тАО08-08-2007 02:06 AM
Re: 2800 Series Switch and vlan config
Thanks for the reply Andrew,
So what is the difference between scenario 1 and 2? Just that scenario 1 will allow a non 802.1q device into a vlan where as scenario 2 will require an 802.1q device before it will pass traffic?
Also, scenario 3 with devices in vlan 1 having a vlan2 set as auto isn't there a possibility they could attain membership in vlan2? If it was imperative they not ever be in vlan2, shouldn't it be setup as forbid? Can't the auto status ever untag the traffic into it or worse allow an 802.1q device to tag his traffic into it?
Thanks!
So what is the difference between scenario 1 and 2? Just that scenario 1 will allow a non 802.1q device into a vlan where as scenario 2 will require an 802.1q device before it will pass traffic?
Also, scenario 3 with devices in vlan 1 having a vlan2 set as auto isn't there a possibility they could attain membership in vlan2? If it was imperative they not ever be in vlan2, shouldn't it be setup as forbid? Can't the auto status ever untag the traffic into it or worse allow an 802.1q device to tag his traffic into it?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 08:13 PM
тАО08-08-2007 08:13 PM
Solution
--------------------------------------------
So what is the difference between scenario 1 and 2? Just that scenario 1 will allow a non 802.1q device into a vlan where as scenario 2 will require an 802.1q device before it will pass traffic?
--------------------------------------------
There is no diiference between scenario 1 and 2
from point of view any networking device , as simple- it "think" "if I receive packet could not understood by me I reject him anymore".Non-802.1q compilant network device will reject tagged packets and untagged switch port will not send to "switch core" any tagged packet - it just bring it to own "null device"
------------------------------------------
Also, scenario 3 with devices in vlan 1 having a vlan2 set as auto isn't there a possibility they could attain membership in vlan2?
------------------------------------------
No.If that devices configured with VID corresponding to vlan2 - they NEVER WILL BE member of vlan1.And opposite are right - devices configured as members of vlan1 never will be in vlan2 too.
-------------------------------------------
If it was imperative they not ever be in vlan2, shouldn't it be setup as forbid? Can't the auto status ever untag the traffic into it or worse allow an 802.1q device to tag his traffic into it?
------------------------------------------
So what is the difference between scenario 1 and 2? Just that scenario 1 will allow a non 802.1q device into a vlan where as scenario 2 will require an 802.1q device before it will pass traffic?
--------------------------------------------
There is no diiference between scenario 1 and 2
from point of view any networking device , as simple- it "think" "if I receive packet could not understood by me I reject him anymore".Non-802.1q compilant network device will reject tagged packets and untagged switch port will not send to "switch core" any tagged packet - it just bring it to own "null device"
------------------------------------------
Also, scenario 3 with devices in vlan 1 having a vlan2 set as auto isn't there a possibility they could attain membership in vlan2?
------------------------------------------
No.If that devices configured with VID corresponding to vlan2 - they NEVER WILL BE member of vlan1.And opposite are right - devices configured as members of vlan1 never will be in vlan2 too.
-------------------------------------------
If it was imperative they not ever be in vlan2, shouldn't it be setup as forbid? Can't the auto status ever untag the traffic into it or worse allow an 802.1q device to tag his traffic into it?
------------------------------------------
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP