• Tag : vlan


Dynamic CLI Access VLAN

Description Dynamic CLI Access VLAN is a command that sets the effective access VLAN in a port without changing the running configuration. The use case is to provide a means for a network management system to quarantine a port in a special VLAN where the device can update its anti-virus (for instance) before exposing the device to the rest of the network. Configuration The following command in the interface configuration node sets the dynamic CLI access VLAN: (config-if-et1)# switchport access vlan dynamic <VLANID> It’s worth emphasizing that even though this is issued in the interface configuration node, it doesn’t show...
Continue reading →


Hi, I have this MLAG topology below and the configure below. I would like to run multiple connections on each L3 link from MLAG peers to Routers. And I don’t want to use different cables for it. But instead use different vlans on each link for each connection. However because of MLAG, ping from Router 1 to Switch 2 via the VLAN does not work. Can someone explain why and how to overcome this. Thanks alot Here is my configuration: #switch-1# int e1 switchport mode trunk switch trunk allowed vlan 10,20 int vlan 10 ip address int vlan 20...
Continue reading →

configuring a port for switchport trunk/multiple vlans

This is a relatively simple question but I can’t seem to find the answers in the manuals. It’s also entirely possible I am asking the wrong questions, too. Quick description: I have a main switch where the building uplink comes into. I have TOR switches on each rack. There are two vlans on the network, 150 and 200 most of the servers on each rack are using vlan 150. I have two servers that want to use 200. So, I need to configure the link between main-switch and rack-switch to admit both 150 and 200. Then I need to configure...
Continue reading →

MAC based authentication vlan assignment

Hi, I’m setting up a network where we want to use MAC auth on the edge ports (i.e. only specific MACs will be allowed access to the network) and I want to be able to assign the MAC address to a specific vlan. In another vendor I’ve done the same sort of thing using a mac-based vlan with a RADIUS back end – the RADIUS server returns the vlan that the mac should be associated with. Is this possible in Arista’s implementation of .1x? I can’t find any documentation on doing this. Any help appreciated.

VLAN Aware PTP Boundary Clock – Single BMCA

Description This feature makes the PTP agent aware of VLANs, running with a single Best Master Clock Algorithm (BMCA). It allows you to enable PTP on certain VLANs on a trunk port, on which PTP packets will be sent and processed. By default, enabling PTP on a trunk port will follow the previous behaviour, which is to only egress PTP packets VLAN untagged on the native VLAN and process ingress PTP packets regardless of their VLAN tag. With this feature, PTP states are now per-port per-VLAN pair and ingress/egress PTP packets on a trunk port is based on the VLAN...
Continue reading →

Switchport VLAN on vEOS

I’m wanting to test out VLAN translation using the vEOS image, however it doesn’t appear switchport vlan translation is a valid command. localhost(config-if-Et1)# vlan not supported on this hardware platform localhost(config-if-Et1)#switchport vl Am I not able to test this feature in a lab environment?

Double tag on 7050S

Hi, I have a 7050S-52R (4.14.6M, inherited, we have no support contract) that receives a few vlans from our provider, that we use to connect with remote cities (We are an ISP). One of these VLANS has another VLAN encapsulated, that we need as a normal VLAN on another port, as following. The interface is configured as following: interface Ethernet1 description ARSAT-TEN load-interval 60 speed forced 10000full switchport trunk allowed vlan 100,110-114,120-121 switchport mode trunk On VLAN 112, we receive VLAN 25, inside, wich I need to trunk to another port of this switch. How can I acomplish this, if...
Continue reading →

Allowed vlan on trunk port

Hi all! I am a little bit confused about “switchport trunk allowed vlan” and “switchport trunk allowed vlan add” commands so can anyone help me to better understand what is difference between these two commands. Foe example, these commands configure Ethernet interface 8 as a trunk port: switch(config)#interface ethernet 8 switch(config-if-Et8)#switchport mode trunk Since by default, all VLANs are permitted on a port configured with ‘switchport mode trunk’, what would be result of the following command: switch(config-if-Et8)# switchport trunk allowed vlan add 100 //At this point does allowed list exist? What vlans are permitted on the trunk port at this...
Continue reading →

Tag VLAN ID on port interface

I would to ask that I have a computer which is sending untagged traffic on switch interface eth20. I want to tag that traffic with vlan 20. how can i do this? what command i run on switch interface eth20 to make it tagged VLAN 20.

VLAN counters on Arista vEOS

Hello, I’m running Arista vEOS 4.18.1F, and a configured vlan for either trunk and access mode interfaces and I’m not able to see the vlan counters: localhost(config)#show vlan counters Hardware VLAN Counters: Disabled    localhost(config)#show vlan VLAN  Name                             Status    Ports —– ——————————– ——— ——————————- 1     default                          active    Et1, Et2, Et3, Et4, Et7, Et10Et11, Et12 20    Federation                       active    Et5, Et6, Et8,...
Continue reading →

Double tagging vlans on one switch

we are looking at using our DCS-7050SX-64-R to connect to cloud providers via a layer 2 service and this requires QinQ. The outer (S) vlan is for the layer 2 service to use to know where to forward the frame (ie which cloud provider instance, then  outer tag is stripped and frame is forwarded) and the inner (c ) tag is needed by cloud provider to connect to their virtual routers.  In Cisco you can do this one once switch:  encapsulation dot1q 101 second–dot1q 1001 https://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html     How can I do this on an Arista, the “second-dot1q” command does not exist and I have spent ages looking into...
Continue reading →

“l2-protocol encapsulation” Command

We implement attached topology with configuration:   A-R#sh run   interface Ethernet1    no switchport    ip address ! interface Ethernet1.10 ! interface Ethernet1.20    encapsulation dot1q vlan 20    ip address ! interface Ethernet2 ! interface Ethernet3 ! interface Management1 ! ip routing ! ! end A-SW#sh run   vlan 10,20,30,50 ! interface Ethernet1    switchport mode trunk ! interface Ethernet2    switchport access vlan 10 ! interface Ethernet3    switchport access vlan 20 ! interface Management1 ! no ip routing ! ! end when deploy this config VPC2 can reach router interface eth1.20 but VPC1 can’t...
Continue reading →

VLAN translation and q-in-q

Hello I am looking at purchasing some DCS-7050S switches and wanting to know if there is any way to translate a VLAN that is received as a C-VLAN to an standard vlani.e to map a C-VLAN to an S-VLAN Here is an example eth 1 is a dot1q-tunnel and receives a number of vlans SVID: 100 with CVID’s of 200, 400 & 600 I want to map CVID 400 from eth1 to a VLAN that I can pass as a standard VLAN trunk to another port.e.g eth4 being a trunk and passing that CVID  400 as something like VLAN 40...
Continue reading →

bandwidth on trunk vlan.

Hello Being new on Arista I have a small question. Status of the project : Part of my job is to deliver internet access has several customers in an incubator, however I must necessarily go through a network owned a incubator. The incubator delivers me VLANS for each customer and I have a ARISTA DCS-7048T-A. On my Arista I have two ports connected to a CISCO NEXUS (which belongs to the incubator). So on the Arista I’ll have to configure two ports in trunk of VLANs. However I have not found a way to make a limitation of bandwidth (upload...
Continue reading →

How to Configure EoGRE tunnel from Arista AP to GRE Endpoint

Introduction Tunneling provides a mechanism to transport packets of one protocol within another protocol. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the transport protocol and can be used to encapsulate many different protocols. The tunnel behaves as a virtual point-to-point link that has two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint. The diagram below shows the encapsulation process of a GRE packet as it traverses the Arista AP and enters the GRE tunnel interface: Arista APs support two types of GRE tunneling. EoGRE (Ethernet-over-Generic Routing Encapsulation) in bridge mode...
Continue reading →

How do we tag a VLAN without using a port as access or trunk in Arista (device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)).

I have an device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1) which is configured with 25Gig Speed and connected to servers. I need to set VLAN ID TAGGED for a port without using port mode as trunk or access. The device has not support to TAP option can anyone suggest me in tagging VLAN ID for an port without using TRUNK or ACCESS mode. Attaching the commands supported by device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)

Why Can't I Display the Client Username?

Introduction This article explains why Arista devices may not be able to identify the client username in certain scenarios. When you add a VLAN to be monitored by an Arista AP/Sensor and connect the Sensor to a trunk port, it will become a part of the broadcast domain for all the VLANs that its monitoring. It will act like a device connected to each VLAN. Additionally, the devices send gratuitous ARPs to collect information on wired devices from the monitored VLAN. Wired 802.1x Communication The only part where the communication is plain text:   EAPOL START (Client to switch) –...
Continue reading →

VXLAN to VLAN trunk port – multiple multicast-groups?

Hello everybody, I have configured the following VXLAN networks using VMware vShield which should be mapped to VLANs on a virtual Arista Switch (vEOS 4.15.OF): VNI5000 / Multicast / Map to VLAN 500 VNI5001 / Multicast / Map to VLAN 501 VNI5002 / Multicast / Map to VLAN 503 But on the interface vxlan 1, I can only set one multicast-group on the interface vxlan 1. Is there the possibility to set multiple multicast-group on this interface (one multicast-group per VNI)? I also cannot create more than one VXLAN interface – is this a general limitation or...
Continue reading →

Find the next free VLAN id

If you have a lot of VLANs to manage, finding unused, available VLAN ids can be a challenge. Here’s a short alias to do exactly that (with the help of our customer Mateusz Blaszczyk): alias next-vlan show vlan | awk -v a=`echo %1 ` '$1 ~ /[0-9]/ && $1==a { ++a }; END { print a }' alias next-vlan-h bash echo -e "\nUsage: next-vlan <STARTING-ID>\n\nWhere <STARTING-ID> is the VLAN id to start looking for unused VLAN ids\n"   Description: The script analyses the output of the “show vlan” command for consequently rising VLAN ids, starting with the given one. It...
Continue reading →

Tap Aggregation – Filtering with Port ACLs

  1) Introduction   This article details the filtering of traffic across the Tap Aggregator by using port ACL. The filters allow granular selection of Layer2, Layer3, and Layer4 traffic on a per-port basis. The following other features might also be of interest, but are out of scope of this article: VLAN membership filters Traffic Steering   2) Filtering Overview   The well known MAC and IP Access-List filtering is used to filter traffic in Tap Aggregation mode, just like it does in switching mode. The Layer2/3/4 ACLs can be applied on Tap ports, ingress on Tool ports, egress  ...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: