Arista Portal

  • Tag : vlan

 
 

VLAN-based Port Security

Posted on June 15, 2021 by   |   116 Views

Definitions Port-wide port security: Port security with address limit on the port configured by the existing shutdown mode port security command VLAN-wide port security: Port security with address limit on VLANs configured by the new VLAN-based port security command Port-level limit: Maximum address number configured on the port for port-wide port security VLAN-level limit: Maximum address number configured on VLANs for VLAN-wide port security Description This feature adds the support for configuring port security on a per-VLAN basis for each port. It is an extension of the existing shutdown mode port security. In the existing shutdown mode port-wide port security,...
Continue reading →

layer3 routing vlan(s)

Posted on March 26, 2021 by   |   0 Views

I am running into some configuration issues when setting up some basic layer3 vlan routing, and im sure multiple ways exist to handle this..   To make it simple, lets say i have only 2 vlans that i want to talk on the same switch (7060sx2)   interface vlan 10 – 10.0.0.1/24 applied to port 10 interface vlan 20 – 10.0.20.1/24 applied to port 20   What is the cleanest way to handle this? i simply would like packets to flow from this 10.0.20.1/24 network to the 10.0.0.1/24 bidirectionally. Perhaps using a sub-interface attached to one of the interface eth 10...
Continue reading →

dot1Q tag native on EOS

Posted on October 29, 2020 by   |   0 Views

I’m trying to replicate some functionality cisco has on an arista switch.  The global command “vlan dot1Q tag native” is a common command found on ciscos devices which makes the native vlan on trunk ports require a tag or its dropped (essentially drops all untagged traffic on trunk ports).  I’m not seeing this command in EOS. I see that you can enact this command on a per port basis “switchport trunk native vlan tag”, but how do I accomplish this globally on an arista?

Dynamic CLI Access VLAN

Posted on August 21, 2020 by   |   97 Views

Description Dynamic CLI Access VLAN is a command that sets the effective access VLAN in a port without changing the running configuration. The use case is to provide a means for a network management system to quarantine a port in a special VLAN where the device can update its anti-virus (for instance) before exposing the device to the rest of the network. Configuration The following command in the interface configuration node sets the dynamic CLI access VLAN: (config-if-et1)# switchport access vlan dynamic <VLANID> It’s worth emphasizing that even though this is issued in the interface configuration node, it doesn’t show...
Continue reading →

MLAG L3 VLAN

Posted on July 28, 2020 by   |   0 Views

Hi, I have this MLAG topology below and the configure below. I would like to run multiple connections on each L3 link from MLAG peers to Routers. And I don’t want to use different cables for it. But instead use different vlans on each link for each connection. However because of MLAG, ping from Router 1 to Switch 2 via the VLAN does not work. Can someone explain why and how to overcome this. Thanks alot Here is my configuration: #switch-1# int e1 switchport mode trunk switch trunk allowed vlan 10,20 int vlan 10 ip address 10.10.10.1/30 int vlan 20...
Continue reading →

configuring a port for switchport trunk/multiple vlans

Posted on December 4, 2019 by   |   0 Views

This is a relatively simple question but I can’t seem to find the answers in the manuals. It’s also entirely possible I am asking the wrong questions, too. Quick description: I have a main switch where the building uplink comes into. I have TOR switches on each rack. There are two vlans on the network, 150 and 200 most of the servers on each rack are using vlan 150. I have two servers that want to use 200. So, I need to configure the link between main-switch and rack-switch to admit both 150 and 200. Then I need to configure...
Continue reading →

MAC based authentication vlan assignment

Posted on September 19, 2019 by   |   0 Views

Hi, I’m setting up a network where we want to use MAC auth on the edge ports (i.e. only specific MACs will be allowed access to the network) and I want to be able to assign the MAC address to a specific vlan. In another vendor I’ve done the same sort of thing using a mac-based vlan with a RADIUS back end – the RADIUS server returns the vlan that the mac should be associated with. Is this possible in Arista’s implementation of .1x? I can’t find any documentation on doing this. Any help appreciated.

VLAN Aware PTP Boundary Clock – Single BMCA

Posted on August 30, 2019 by   |   1656 Views

Description This feature makes the PTP agent aware of VLANs, running with a single Best Master Clock Algorithm (BMCA). It allows you to enable PTP on certain VLANs on a trunk port, on which PTP packets will be sent and processed. By default, enabling PTP on a trunk port will follow the previous behaviour, which is to only egress PTP packets VLAN untagged on the native VLAN and process ingress PTP packets regardless of their VLAN tag. With this feature, PTP states are now per-port per-VLAN pair and ingress/egress PTP packets on a trunk port is based on the VLAN...
Continue reading →

Switchport VLAN on vEOS

Posted on July 22, 2019 by   |   0 Views

I’m wanting to test out VLAN translation using the vEOS image, however it doesn’t appear switchport vlan translation is a valid command. localhost(config-if-Et1)# vlan not supported on this hardware platform localhost(config-if-Et1)#switchport vl Am I not able to test this feature in a lab environment?

Double tag on 7050S

Posted on June 18, 2019 by   |   0 Views

Hi, I have a 7050S-52R (4.14.6M, inherited, we have no support contract) that receives a few vlans from our provider, that we use to connect with remote cities (We are an ISP). One of these VLANS has another VLAN encapsulated, that we need as a normal VLAN on another port, as following. The interface is configured as following: interface Ethernet1 description ARSAT-TEN load-interval 60 speed forced 10000full switchport trunk allowed vlan 100,110-114,120-121 switchport mode trunk On VLAN 112, we receive VLAN 25, inside, wich I need to trunk to another port of this switch. How can I acomplish this, if...
Continue reading →

Allowed vlan on trunk port

Posted on May 16, 2019 by   |   0 Views

Hi all! I am a little bit confused about “switchport trunk allowed vlan” and “switchport trunk allowed vlan add” commands so can anyone help me to better understand what is difference between these two commands. Foe example, these commands configure Ethernet interface 8 as a trunk port: switch(config)#interface ethernet 8 switch(config-if-Et8)#switchport mode trunk Since by default, all VLANs are permitted on a port configured with ‘switchport mode trunk’, what would be result of the following command: switch(config-if-Et8)# switchport trunk allowed vlan add 100 //At this point does allowed list exist? What vlans are permitted on the trunk port at this...
Continue reading →

Tag VLAN ID on port interface

Posted on April 11, 2019 by   |   0 Views

I would to ask that I have a computer which is sending untagged traffic on switch interface eth20. I want to tag that traffic with vlan 20. how can i do this? what command i run on switch interface eth20 to make it tagged VLAN 20.

VLAN counters on Arista vEOS

Posted on March 30, 2018 by   |   0 Views

Hello, I’m running Arista vEOS 4.18.1F, and a configured vlan for either trunk and access mode interfaces and I’m not able to see the vlan counters: localhost(config)#show vlan counters Hardware VLAN Counters: Disabled    localhost(config)#show vlan VLAN  Name                             Status    Ports —– ——————————– ——— ——————————- 1     default                          active    Et1, Et2, Et3, Et4, Et7, Et10Et11, Et12 20    Federation                       active    Et5, Et6, Et8,...
Continue reading →

Double tagging vlans on one switch

Posted on September 14, 2017 by   |   0 Views

we are looking at using our DCS-7050SX-64-R to connect to cloud providers via a layer 2 service and this requires QinQ. The outer (S) vlan is for the layer 2 service to use to know where to forward the frame (ie which cloud provider instance, then  outer tag is stripped and frame is forwarded) and the inner (c ) tag is needed by cloud provider to connect to their virtual routers.  In Cisco you can do this one once switch:  encapsulation dot1q 101 second–dot1q 1001 https://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html     How can I do this on an Arista, the “second-dot1q” command does not exist and I have spent ages looking into...
Continue reading →

“l2-protocol encapsulation” Command

Posted on May 15, 2017 by   |   0 Views

We implement attached topology with configuration:   A-R#sh run   interface Ethernet1    no switchport    ip address 10.10.10.1/24 ! interface Ethernet1.10 ! interface Ethernet1.20    encapsulation dot1q vlan 20    ip address 20.20.20.1/24 ! interface Ethernet2 ! interface Ethernet3 ! interface Management1 ! ip routing ! ! end A-SW#sh run   vlan 10,20,30,50 ! interface Ethernet1    switchport mode trunk ! interface Ethernet2    switchport access vlan 10 ! interface Ethernet3    switchport access vlan 20 ! interface Management1 ! no ip routing ! ! end when deploy this config VPC2 can reach router interface eth1.20 but VPC1 can’t...
Continue reading →

VLAN translation and q-in-q

Posted on May 5, 2017 by   |   0 Views

Hello I am looking at purchasing some DCS-7050S switches and wanting to know if there is any way to translate a VLAN that is received as a C-VLAN to an standard vlani.e to map a C-VLAN to an S-VLAN Here is an example eth 1 is a dot1q-tunnel and receives a number of vlans SVID: 100 with CVID’s of 200, 400 & 600 I want to map CVID 400 from eth1 to a VLAN that I can pass as a standard VLAN trunk to another port.e.g eth4 being a trunk and passing that CVID  400 as something like VLAN 40...
Continue reading →

bandwidth on trunk vlan.

Posted on August 25, 2016 by   |   0 Views

Hello Being new on Arista I have a small question. Status of the project : Part of my job is to deliver internet access has several customers in an incubator, however I must necessarily go through a network owned a incubator. The incubator delivers me VLANS for each customer and I have a ARISTA DCS-7048T-A. On my Arista I have two ports connected to a CISCO NEXUS (which belongs to the incubator). So on the Arista I’ll have to configure two ports in trunk of VLANs. However I have not found a way to make a limitation of bandwidth (upload...
Continue reading →

How to Configure EoGRE tunnel from Arista AP to GRE Endpoint

Posted on August 1, 2016 by   |   646 Views

Introduction Tunneling provides a mechanism to transport packets of one protocol within another protocol. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the transport protocol and can be used to encapsulate many different protocols. The tunnel behaves as a virtual point-to-point link that has two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint. The diagram below shows the encapsulation process of a GRE packet as it traverses the Arista AP and enters the GRE tunnel interface: Arista APs support two types of GRE tunneling. EoGRE (Ethernet-over-Generic Routing Encapsulation) in bridge mode...
Continue reading →

How do we tag a VLAN without using a port as access or trunk in Arista (device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)).

Posted on January 20, 2016 by   |   0 Views

I have an device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1) which is configured with 25Gig Speed and connected to servers. I need to set VLAN ID TAGGED for a port without using port mode as trunk or access. The device has not support to TAP option can anyone suggest me in tagging VLAN ID for an port without using TRUNK or ACCESS mode. Attaching the commands supported by device: arista (DCS-7060CX-32S, EOS-4.15.1FX-7060X.1)

VXLAN to VLAN trunk port – multiple multicast-groups?

Posted on June 5, 2015 by   |   0 Views

Hello everybody, I have configured the following VXLAN networks using VMware vShield which should be mapped to VLANs on a virtual Arista Switch (vEOS 4.15.OF): VNI5000 / Multicast 225.1.1.1 / Map to VLAN 500 VNI5001 / Multicast 225.1.1.2 / Map to VLAN 501 VNI5002 / Multicast 225.1.1.3 / Map to VLAN 503 But on the interface vxlan 1, I can only set one multicast-group on the interface vxlan 1. Is there the possibility to set multiple multicast-group on this interface (one multicast-group per VNI)? I also cannot create more than one VXLAN interface – is this a general limitation or...
Continue reading →

« Older posts
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: