Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1Q tagged VLANs on the internal port

Tigeli_
Occasional Contributor
‎11-17-2008 12:09:AM
‎11-17-2008 12:09:AM

Re: 802.1Q tagged VLANs on the internal port

After months of waiting.. =)

From JTAC:

--cut--

It is working as implemented - We use the default VLAN IP as the gateway IP address in the DHCP request.



I would recommend you to contact your sales manager to raise a ENHANSMENT REQUEST [ ER]. Since the product is working as designed, the feature thatyou want can be obtained only by a enhansment request.

--cut--
0 Kudos
Munpe_Q_
Occasional Contributor
‎11-17-2008 04:42:PM
‎11-17-2008 04:42:PM

Re: 802.1Q tagged VLANs on the internal port

All,

From what I have gathered from this incredibly long thread is that you are trying to use the physical interface (which cannot be tagged) and sub-interfaces (which can be tagged). I'm going to talk Foundry since that's the evil I know. On a Foundry, there is what is called dual-mode. On the physical interface of the switch, you configure it for dual-mode, and tell the interface for what default VLAN you want untagged traffic dropped into. All other traffic will be tagged (802.1q) and will be dropped into the proper VLAN.

Example:

conf t

int e 1

dual-mode 111

vlan 112

tag e 1

vlan 113

tag e 1

vlan 111

untag e 1

Someone in the world of Crisco, can you confirm what I'm saying:

If a dot1q trunk receives a tagged frame on the native vlan, it drops it.

When a cisco trunk port receives untagged frames it forwards them to the native vlan #1 by default

So, if you want the native VLAN to be something other than 1, you can change the default VLAN, but this does not move STP or other Crisco things from VLAN 1.

Message Edited by Munpe_Q on 11-17-2008 05:54 PM
Message Edited by Munpe_Q on 11-17-2008 05:54 PM
0 Kudos
privatepile_
Contributor
‎11-17-2008 08:48:PM
‎11-17-2008 08:48:PM

Re: 802.1Q tagged VLANs on the internal port

On a Catalyst, I believe that if untagged traffic is received, then it is considered to be that of the "native vlan" (by default 1) and is global.

0 Kudos
kenlars_
Super Contributor
‎11-18-2008 06:35:AM
‎11-18-2008 06:35:AM

Re: 802.1Q tagged VLANs on the internal port

That is correct. I use this configuration on Catalysts, and all untagged traffic leaving the SA is put on the default VLAN on the turnk port of the switch.

Don't know if this suggestion will be useful, but I had some success getting Juniper to move on a "working as designed" issue that I had. I told them - through the JTAC engineer and my local SE - that if it was "working as designed", then it was "designed as stupid". I think that applies here too. If a role has its traffic assigned to a VLAN, and uses DHCP, it makes no sense to send the DHCP request out as untagged traffic. Or - at the least - you should have the option for the DHCP traffic to be sent on the VLAN.

Ken

Message Edited by kenlars on 11-18-2008 09:41 AM
0 Kudos
Munpe_Q_
Occasional Contributor
‎11-18-2008 07:42:AM
‎11-18-2008 07:42:AM

Re: 802.1Q tagged VLANs on the internal port

OK, so what I said was accurate then. It will send it to the default VLAN. The default VLAN on Crisco can be changed, but that doesn't move things like STP or Crisco proprietary stuff over, that still remains on VLAN 1.

Word.

0 Kudos
JeLonErtZ_
Not applicable
‎01-27-2009 04:32:AM
‎01-27-2009 04:32:AM

Re: 802.1Q tagged VLANs on the internal port

So, any news about this issue with external DHCP servers? I'm in contact with the JTAC but luck yet.

Regards.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.