Skip to main content
Start a Conversation

Unsolved

B

BuyMeAPetMonkey

3 Posts

119

October 26th, 2023 00:14

How to tunnel all traffic from one port to another except management VLAN

I'm trying to configure an N2048 with what is probably an unusual use case and am having trouble getting exactly what I need. What I'd like to do is take all traffic (tagged or untagged) received at port A and send it out port X, except for management traffic, which is configured for VLAN 100, which should go to port Y.

I've come up with a few configurations that have almost worked, but not quite.

Configuration 1:

I started out trying to use "switchport trunk native." This mostly works. But I found that frames tagged with a CVLAN are not received at port X.

Configuration 2:

I then tried "switchport mode dot1q-tunnel." This resolves the CVLAN limitation and correctly forwards all traffic to port X, but I can't figure out a way to get the management traffic to port Y.

Configuration 3:

I went back to experimenting with trunk mode and figured out that I can get the CVLAN traffic to pass if I change the dot1q ethertype to something nonstandard, but then that once again breaks the VLAN100 management traffic. Possibly because that traffic is now also using the configured nonstandard ethertype?

Is there any way to have one configuration that doesn't have either of these limitations?

DELL-Young E

Moderator

 • 

3.9K Posts

October 26th, 2023 04:58

Hello thanks for choosing Dell.

 

https://dell.to/471BqVp

This can help configure with general port concepts to share traffic between two Vlans without management traffic.

 

example configuration:

 

 

Current Configuration:
!System Description "Dell Networking N2024P, 6.0.1.3, Linux 3.6.5-320b2282"
!System Software Version 6.0.1.3
!
configure
vlan 47
name "Aerohive Management"
vlan association subnet 192.168.47.0 255.255.255.0
exit
vlan 48
name "Client Company Wired Production"
vlan association subnet 192.168.48.0 255.255.255.0
exit
vlan 49
name "Client Company Wireless Production"
vlan association subnet 192.168.49.0 255.255.255.0
exit
vlan 50
name "Client Company Wireless Guest"
vlan association subnet 192.168.50.0 255.255.255.0
exit
vlan 47-50
exit              
hostname "AS-CSW01"

ip routing
ip route 0.0.0.0 0.0.0.0 192.168.48.1
interface vlan 1
exit
interface vlan 47
ip address 192.168.47.254 255.255.255.0
ip helper-address 192.168.48.31
exit
interface vlan 48
ip address 192.168.48.254 255.255.255.0
exit
interface vlan 49
ip address 192.168.49.254 255.255.255.0
ip helper-address 192.168.48.31
exit
interface vlan 50 
ip address 192.168.50.254 255.255.255.0
ip helper-address 192.168.48.31
exit
username ´(output omitted)
ip ssh server
!
interface Gi1/0/1
description "AS-APFL1-01" (Aerohive AP trunk port)
switchport mode general
switchport general pvid 47
switchport general allowed vlan add 47
switchport general allowed vlan add 48-50 tagged
switchport general allowed vlan remove 1
exit
!
(Output omitted for brevity)
!
interface Gi1/0/18 (A regular access port)
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan remove 1
exit
!
!
interface Gi1/0/21
description "AS-ESW02"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 48
exit
!
interface Gi1/0/22
description "AS-ESW01"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 48
exit
!
interface Gi1/0/23
description "SonicWall X0"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
exit
!
interface Gi1/0/24
description "Uplink to NetGear"
switchport mode general
switchport general pvid 48
switchport general allowed vlan add 48
switchport general allowed vlan add 47,49-50 tagged
switchport general allowed vlan remove 1
exit
!
exit
snmp-server engineid local 800002a203f8b1564d9fb4
snmp-server community "public" ro
exit

Respectfully,

 

(edited)

BuyMeAPetMonkey

3 Posts

October 26th, 2023 21:36

Thank you for this suggestion, but it seems to have the same problem as my "configuration 1" attempt. It drops frames tagged with a CVLAN (in other words, ethertype 0x8100). I need both SVLANs and CVLANs to work (0x8100 and 0x88a8). Below is the relevant parts of my config based on your suggestion:

interface Gi1/0/35 (This is "Port A")
switchport mode general
switchport general pvid 635
switchport general ingress-filtering disable
switchport general allowed vlan add 635
switchport general allowed vlan add 100 tagged
no lldp transmit
no lldp receive
no lldp med
exit

!

interface Gi1/0/47 (This is "Port Y" where management goes)
spanning-tree disable
switchport mode general
switchport general pvid 100
switchport general allowed vlan add 100
no lldp transmit
no lldp receive
no lldp med
exit
!

interface Te1/0/1 (This is "Port X" where everything besides VLAN 100 should go (tagged or untagged)
switchport mode general
switchport general allowed vlan add 635
switchport general allowed vlan remove 1
no lldp transmit
no lldp receive
no lldp med
exit
!

DELL-Young E

Moderator

 • 

3.9K Posts

27-10-2023 02:55 AM

Hello could you please have a read on this? 
https://dell.to/498uxU8
How to Configure Switchport Modes on Dell EMC Networking N Series Switch | Dell Malaysia
Respectfully,


Professionnel des médias sociaux et des communautés
#IWork4Dell

BuyMeAPetMonkey

3 Posts

October 27th, 2023 23:24

I have read that, but it unfortunately doesn't have the answers I'm looking for, as far as I can tell. There's no mention of ethertypes in that document at all.

I did think of another potential solution, but then I realized it won't work either. It actually would have worked for the problem as I presented it above, but I had simplified the scenario a bit. To help further explain, here's an image:

What I'm essentially trying to do is make an N-to-1 topography, with everything (besides management VLAN 100) ingressed at ports A, B, and C egressed at Port X. Traffic also goes the other way, but that's always tagged with a unique VLAN for one of the ports A, B, or C, so that's easy to handle. It's the traffic flowing from A,B,C to X that is problematic.
To recap, all solutions tried so far have either only allowed SVLAN-tagged frames (thertype 0x88a8) and failed to pass CVLAN-tagged traffic (ethertype 0x8100). Or they've failed to properly handle the management traffic on VLAN 100. Configuration 1 and the one that you helped me with have the first problem. Configuration 2 and 3 have the second problem.
The next solution I thought about was to explicitly add all tagged VLANs to ports A, B, C, and X (1 - 4093 or whatever the possible range is). From my testing, when a VLAN is explicitly allowed, it accepts both ethertypes. And I could still also separately allow VLAN100 for Port Y. For a moment, I thought I had figured it out. But then I realized my problem would be that traffic ingressed at Port A would egress at port B, C, and X (and I only want it at X).
So now we're up to 5 possible configurations that don't quite work.

DELL-Young E

Moderator

 • 

3.9K Posts

October 29th, 2023 22:53

https://dell.to/3QCsq3O

Page# 897

Actually I think you’d like to configure QinQ or double VLAN in your environment.

I advise upgrading firmware 6.7.x.x on the switch. 

if possible you can raise an official ticket so that the team can check out your switch logs from for analysis.

Respectfully,

View More

View All

No Events found!

Top