2 Replies Latest reply on Aug 28, 2014 9:54 AM by bign8a

    Tag Native VLAN on 1238P

    bign8a New Member

      Hello,

       

      I'm currently setting up a Netvanta 1238P with a firewall which will not recognize both tagged and untagged traffic on the same trunk port. Right now the switch is configured with default VLAN 1, VLAN 10, and VLAN 101. The solution around this would be to tag default VLAN 1 on the 1238P, but this appears to be impossible based on what I've read so far. I've avoided this issue before on Cisco switches by creating VLAN 2 and assigning a PVID of 2 to untagged traffic, but I'm not sure how to configure this on the Adtran. Can anyone provide any guidance?

       

      Thanks,

       

      Nate

        • Re: Tag Native VLAN on 1238P
          vmaxdawg05 Past_Featured_Member

          The NetVanta AoS doesn't use Tagged and Untagged terms in configuration.  When programming an 802.1Q trunk port on the switch, the NATIVE vlan is the "Untagged" VLAN and the others are tagged by default.  That is to say, all untagged packets are placed in the native VLAN.  In fact, all VLANs are assumed tagged unless you specify in the configuration to allow only certain VLANS.  The following Examples should help.

           

          The first being a basic trunk port with VLAN 1 as being native (untagged).    All other VLANs all other VLAN(s) will be accepted on this trunk as long as the VLAN is defined the configuration.

           

          1.  Simple trunk port with two VLANs tagged and native VLAN 1  Since vlan 10 and 101 are defined.  The port will pass untagged packets to VLAN 1 and packets that are tagged with VLAN ID 10 and 101 are passed to their respective VLAN.

           

          vlan 10

          name VLAN10

          !

          vlan 101

          name VLAN101

          !

           

          interface switch 0/1

          description Link to Firewall

          switchport mode trunk

          no shutdown

           

          The second is the same as the first, but in this case we want to limit the VLAN(s) on the trunk to 1, 10, and 101

           

          interface switch 0/1

          description Link to Firewall

          switchport mode trunk

          switchport trunk allowed vlan 1,10,101

          no shutdown

           

           

          The two work the same, but if you later create more VLAN(s), the second example will not automatically allow them.

           

          I hope this helps.

           

          If your router/firewall will only accept tagged packets, then this would work.  All three VLANs are tagged as VLAN 2 is native/untagged.

           

          vlan 10

          name VLAN10

          !

          vlan 101

          name VLAN101

          !

          vlan 2

          name NOTUSED

           

          interface switch 0/1

          description Link to Firewall

          switchport mode trunk

          switchport trunk native vlan 2

          no shutdown

           

          R\

          1 of 1 people found this helpful
            • Re: Tag Native VLAN on 1238P
              bign8a New Member

              Thanks for the answer! While that configuration would allow all VLANs on the trunk port, it would not actually tag any traffic that is entering the switch untagged, correct?

               

              I suppose I should explain the problem in more detail. The NetVanta is configured with trunk ports connected to Mitel phones that are then connected to workstations. The Mitel tags the phone traffic with VLAN 101 and the workstation traffic is untagged. Since the firewall can't capture the untagged traffic on its trunk port, we were hoping to have it tagged by the NetVanta.

               

              Setting the PVID on a Cisco switch will tag untagged traffic entering the port with a VLAN ID, and I was looking for something similar on the NetVanta.

               

              However, we were able to workaround this problem by installing a dumb switch between the NetVanta and the firewall. We configured a separate trunk port and access port on the firewall and ran cables between them and the dumb switch, which was then connected to the trunk port on the NetVanta. All the traffic from the NetVanta trunk port is hitting both ports on the firewall, but the access port is only capturing the untagged VLAN 1 and the trunk port is only capturing VLAN 101 and VLAN 10.