Posted on November 28, 2015 5:08 pm
 |  Asked by Martin Sermak
 |  10267 views
RESOLVED
0
0
Print Friendly, PDF & Email

Assuming Ethernet1 goes to our internet provider that requires
all packets to be tagged with VLAN 1500, how would we go about
untagging everything that arrives on Eth1, and tagging all outgoing
packets out of Eth1? (Eth2 would be going to our network)

Alternatively, if more ports are needed to untag (that don’t have
an ip address assigned to them, etc.) we could tag/untag Eth3
and then just loop back into Eth1 …

interface Ethernet1
no switchport
ip address 22.23.24.123/30
!
interface Ethernet2
no switchport
ip address 10.0.0.1/24

Marked as spam
0
Posted by Martin Sermak
Answered on November 30, 2015 5:24 pm

Just a follow up… Would this be the right way?

vlan 1500

interface ethernet 1
no switchport
ip address 22.23.24.123/30
switchport mode trunk
switchport vlan mapping 1500 1

interface Ethernet2
no switchport
ip address 10.0.0.1/24

Now with our devices going to Eth2, it will translate
from VLAN1500 to 1 coming from Eth1 and out of Eth2,
and tag VLAN1500 for Eth2 communicating out of Eth1.

0
Posted by Alexis Dacquay
Answered on November 30, 2015 8:38 pm

Hi Martin,

When you want to tag with VLAN 1500 onto Eth1 or untag receiving from Eth1, are there possibly further 802.1Q ? Or is all traffic towards your network completely untagged ?

 

On your interface eth1 config you provided, remember that a port can only be one of the two, either:

- routed port with an IP address (no switchport). This is for routing

- or a switchport (either access untagged or tagging trunk)

 

Your configuration with both ”switchport mode trunk” and ”no switchport” is invalid, you would end up with routing only. The switchport configuration (mode trunk, vlap mapping) would not take effect.

Hence a question: do you want that port to be Layer2 (receiving 802.1Q traffic) or Layer3 (routing)?

Why do you need an IP address for?

If you need both routing and multiple VLANs then you could have IP addresses on either SVI (switch vlan interface , for example ”interface vlan 1500”), or sub-interfaces on a routed port.

If I understood your descriptions correctly, you could have, for the Layer2 side.

interface eth1
   switchport
   switchport mode trunk
   switchport trunk allow vlan 1500
!
interface eth2
   switchport
   switchport mode access
   switchport access vlan 1500
!

 

Trunk ports expect 802.1Q tags. The traffic is bridged, and get out on the access port without 802.1Q tag.

Note that if there are underlaying additional 802.1Q tags then you might need to consider Q-in-Q.

 

As off the IP address, please clarify what it is for, why did you want to put it on your service-provider facing interface. A /30 subnet length seem for point-to-point addressing; will you run some routing protocols on it ?

Then as previously mention, add that IP address either on SVI 1500 (”interface vlan 1500”) or on a sub-interface: int e1 would be ”no switchport” and then interface e1.1500 has got encapsulation 802.1q 1500.

 

Regards,

Alexis

 

0
Posted by Martin Sermak
Answered on November 30, 2015 10:24 pm

Yes, on Eth1 I need the IP address, plus tag/un-tag VLAN 1500.
I now realize what I had was invalid, thanks for your suggestions.

I think I’ve tested this config and it seems to do what I need using SVI.

I’ve changed IP addresses because I’m just testing, but basically this
will make Eth1 un-tag/tag and have an IP address 192.168.10.1 towards our fiber,
and then Eth2 will point towards our network using 192.168.20.1 for now …

vlan 1500
!
interface Ethernet1
switchport trunk allowed vlan 1500
switchport mode trunk
!
interface Ethernet2
no switchport
ip address 192.168.20.1/24
!
interface Vlan1500
ip address 192.168.10.1/24

Marked as spam

Post your Answer

You must be logged in to post an answer.