• Tag : vlan

 
 

MAC based authentication vlan assignment

Hi, I’m setting up a network where we want to use MAC auth on the edge ports (i.e. only specific MACs will be allowed access to the network) and I want to be able to assign the MAC address to a specific vlan. In another vendor I’ve done the same sort of thing using a mac-based vlan with a RADIUS back end – the RADIUS server returns the vlan that the mac should be associated with. Is this possible in Arista’s implementation of .1x? I can’t find any documentation on doing this. Any help appreciated.

VLAN Aware PTP Boundary Clock – Single BMCA

Description This feature makes the PTP agent aware of VLANs, running with a single Best Master Clock Algorithm (BMCA). It allows you to enable PTP on certain VLANs on a trunk port, on which PTP packets will be sent and processed. By default, enabling PTP on a trunk port will follow the previous behaviour, which is to only egress PTP packets VLAN untagged on the native VLAN and process ingress PTP packets regardless of their VLAN tag. With this feature, PTP states are now per-port per-VLAN pair and ingress/egress PTP packets on a trunk port is based on the VLAN...
Continue reading →

Switchport VLAN on vEOS

I’m wanting to test out VLAN translation using the vEOS image, however it doesn’t appear switchport vlan translation is a valid command. localhost(config-if-Et1)# vlan not supported on this hardware platform localhost(config-if-Et1)#switchport vl Am I not able to test this feature in a lab environment?

Double tag on 7050S

Hi, I have a 7050S-52R (4.14.6M, inherited, we have no support contract) that receives a few vlans from our provider, that we use to connect with remote cities (We are an ISP). One of these VLANS has another VLAN encapsulated, that we need as a normal VLAN on another port, as following. The interface is configured as following: interface Ethernet1 description ARSAT-TEN load-interval 60 speed forced 10000full switchport trunk allowed vlan 100,110-114,120-121 switchport mode trunk On VLAN 112, we receive VLAN 25, inside, wich I need to trunk to another port of this switch. How can I acomplish this, if...
Continue reading →

Allowed vlan on trunk port

Hi all! I am a little bit confused about “switchport trunk allowed vlan” and “switchport trunk allowed vlan add” commands so can anyone help me to better understand what is difference between these two commands. Foe example, these commands configure Ethernet interface 8 as a trunk port: switch(config)#interface ethernet 8 switch(config-if-Et8)#switchport mode trunk Since by default, all VLANs are permitted on a port configured with ‘switchport mode trunk’, what would be result of the following command: switch(config-if-Et8)# switchport trunk allowed vlan add 100 //At this point does allowed list exist? What vlans are permitted on the trunk port at this...
Continue reading →

Tag VLAN ID on port interface

I would to ask that I have a computer which is sending untagged traffic on switch interface eth20. I want to tag that traffic with vlan 20. how can i do this? what command i run on switch interface eth20 to make it tagged VLAN 20.

VLAN counters on Arista vEOS

Hello, I’m running Arista vEOS 4.18.1F, and a configured vlan for either trunk and access mode interfaces and I’m not able to see the vlan counters: localhost(config)#show vlan counters Hardware VLAN Counters: Disabled    localhost(config)#show vlan VLAN  Name                             Status    Ports —– ——————————– ——— ——————————- 1     default                          active    Et1, Et2, Et3, Et4, Et7, Et10Et11, Et12 20    Federation                       active    Et5, Et6, Et8,...
Continue reading →

Double tagging vlans on one switch

we are looking at using our DCS-7050SX-64-R to connect to cloud providers via a layer 2 service and this requires QinQ. The outer (S) vlan is for the layer 2 service to use to know where to forward the frame (ie which cloud provider instance, then  outer tag is stripped and frame is forwarded) and the inner (c ) tag is needed by cloud provider to connect to their virtual routers.  In Cisco you can do this one once switch:  encapsulation dot1q 101 second–dot1q 1001 https://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html     How can I do this on an Arista, the “second-dot1q” command does not exist and I have spent ages looking into...
Continue reading →

“l2-protocol encapsulation” Command

We implement attached topology with configuration:   A-R#sh run   interface Ethernet1    no switchport    ip address 10.10.10.1/24 ! interface Ethernet1.10 ! interface Ethernet1.20    encapsulation dot1q vlan 20    ip address 20.20.20.1/24 ! interface Ethernet2 ! interface Ethernet3 ! interface Management1 ! ip routing ! ! end A-SW#sh run   vlan 10,20,30,50 ! interface Ethernet1    switchport mode trunk ! interface Ethernet2    switchport access vlan 10 ! interface Ethernet3    switchport access vlan 20 ! interface Management1 ! no ip routing ! ! end when deploy this config VPC2 can reach router interface eth1.20 but VPC1 can’t...
Continue reading →

VLAN translation and q-in-q

Hello I am looking at purchasing some DCS-7050S switches and wanting to know if there is any way to translate a VLAN that is received as a C-VLAN to an standard vlani.e to map a C-VLAN to an S-VLAN Here is an example eth 1 is a dot1q-tunnel and receives a number of vlans SVID: 100 with CVID’s of 200, 400 & 600 I want to map CVID 400 from eth1 to a VLAN that I can pass as a standard VLAN trunk to another port.e.g eth4 being a trunk and passing that CVID  400 as something like VLAN 40...
Continue reading →

bandwidth on trunk vlan.

Hello Being new on Arista I have a small question. Status of the project : Part of my job is to deliver internet access has several customers in an incubator, however I must necessarily go through a network owned a incubator. The incubator delivers me VLANS for each customer and I have a ARISTA DCS-7048T-A. On my Arista I have two ports connected to a CISCO NEXUS (which belongs to the incubator). So on the Arista I’ll have to configure two ports in trunk of VLANs. However I have not found a way to make a limitation of bandwidth (upload...
Continue reading →

How do we tag a VLAN without using a port as access or trunk in Arista (device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)).

I have an device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1) which is configured with 25Gig Speed and connected to servers. I need to set VLAN ID TAGGED for a port without using port mode as trunk or access. The device has not support to TAP option can anyone suggest me in tagging VLAN ID for an port without using TRUNK or ACCESS mode. Attaching the commands supported by device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)

VXLAN to VLAN trunk port – multiple multicast-groups?

Hello everybody, I have configured the following VXLAN networks using VMware vShield which should be mapped to VLANs on a virtual Arista Switch (vEOS 4.15.OF): VNI5000 / Multicast 225.1.1.1 / Map to VLAN 500 VNI5001 / Multicast 225.1.1.2 / Map to VLAN 501 VNI5002 / Multicast 225.1.1.3 / Map to VLAN 503 But on the interface vxlan 1, I can only set one multicast-group on the interface vxlan 1. Is there the possibility to set multiple multicast-group on this interface (one multicast-group per VNI)? I also cannot create more than one VXLAN interface – is this a general limitation or...
Continue reading →

Find the next free VLAN id

If you have a lot of VLANs to manage, finding unused, available VLAN ids can be a challenge. Here’s a short alias to do exactly that (with the help of our customer Mateusz Blaszczyk): alias next-vlan show vlan | awk -v a=`echo %1 ` '$1 ~ /[0-9]/ && $1==a { ++a }; END { print a }' alias next-vlan-h bash echo -e "\nUsage: next-vlan <STARTING-ID>\n\nWhere <STARTING-ID> is the VLAN id to start looking for unused VLAN ids\n"   Description: The script analyses the output of the “show vlan” command for consequently rising VLAN ids, starting with the given one. It...
Continue reading →

Tap Aggregation – Filtering with Port ACLs

  1) Introduction   This article details the filtering of traffic across the Tap Aggregator by using port ACL. The filters allow granular selection of Layer2, Layer3, and Layer4 traffic on a per-port basis. The following other features might also be of interest, but are out of scope of this article: VLAN membership filters Traffic Steering   2) Filtering Overview   The well known MAC and IP Access-List filtering is used to filter traffic in Tap Aggregation mode, just like it does in switching mode. The Layer2/3/4 ACLs can be applied on Tap ports, ingress on Tool ports, egress  ...
Continue reading →

Tap Aggregation – VLAN List Filtering

  1) Introduction   A list of allowed VLANs simply specifies, under an interface in Tap Aggregation mode, which VLAN traffic is allowed. Removing VLANs from the allowed list means those VLANs would be blocked. It allows filtering traffic in a flexible manner, directly from the interface command, without creating ACLs or steering policies. This article details how to configure the VLAN list, and combine them to achieve multi-stage VLAN filtering.   2) Allowed VLAN List Definition   An allowed VLAN list is simply a definition of VLAN IDs. By default, all VLANs are allowed. The below commands illustrate the...
Continue reading →

In the output of sh vlan brief command output what are ‘PEt’ interfaces

When I execute the command “sh vlan brief” in the output I see a few interfaces with “PEt” (see below). What exactly are these interfaces where are they coming from?   Core_Router# sh vlan brief VLAN  Name                             Status    Ports ----- -------------------------------- --------- ------------------------------- 1     default                          active 563   User_Segment1           active    Cpu, Et9, Et10, Et11, Et12 Et13, Et14, Et15, Et16, Et17 PEt9, PEt10, PEt11, PEt12 PEt13, PEt14, PEt15, PEt16 PEt17, Po100

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: