Networking General

62xx,8xxx,M6xxx,M8xxx: Trunk: all vlans tagged, no native (untagged) vlans, vlan 1 not allowed General: can choose multiple tagged and untagged vlans, pvid allow classification of untagged vlans, default is untagged

Thanks for the information, but it looks like it needs an update: trunk mode will also allow VLAN 1.

E.g. traffic for VLAN 1 seems to be able to pass just fine through the LAG connecting two PowerConnect 6248 switches with firmware version 3.2.0.7 with the following config:

interface port-channel 1

switchport mode trunk

switchport trunk allowed vlan add 1

Is that a feature of the new firmware version?

Thanks.

Just one comment - native (untagged) vlans on  trunks are the common source of misconfigurations, loops and also serious security issue (vlan hopping attack).

Thus for switch-to-switch interconnections I'd strongly recommend using 'switchport mode trunk' which on 62xx enforces tagging for all vlans and disallows the user to configure any untagged vlan.

I think I'll use the trunk mode instead of general mode for the interconnection between the two PC6248 switches.

But since we still have some legacy equipment on VLAN 1 and we need to interconnect the newer PC6248 switch with an older PC5324 switch, it looks like we're forced to use the general mode for that interconnection, since the trunk mode for the PC6248 will tag VLAN 1 packets, while the same mode on the PC5324 won't, correct?

Or is there a way to force the PC5324 to also tag VLAN 1 packets?

Thanks.

There is a chance that 5324 just blocks vlan 1 because it's the native vlan by default and the same vlan couldn't be both tagged and untagged. Try creating some dummy vlan (e.g. vlan 4000) and then assign it as native to your interconnection:

interface xy

switchport mode trunk

switchport trunk native vlan 4000

switchport trunk allowed vlan add 1

If this succeeds, you'll have tagged vlan 1 also on 5324.

I don't understand at all diffrence between general i trunk mode. I have pc 6248, 1/g10 is in general mode, i set few vlans as untagged. What happend when untagged frame will enter the port ? what vlan will be associate to this frame ? Could You explain ?

thank You

Popo

#show interfaces switchport ethernet 1/g10      

Port: 1/g10
VLAN Membership mode:General Mode

Operating parameters:
PVID: 1      
Ingress Filtering: Enabled    
Acceptable Frame Type: Admit All   
Default Priority: 0           
GVRP status:Disabled
Protected:Disabled

Port 1/g10 is member in:

VLAN    Name                              Egress rule   Type
----    --------------------------------- -----------   --------
1       Default                           Untagged      Default 
58                                        Untagged      Static  
59                                        Untagged      Static  
60                                        Untagged      Static  

                    


Static configuration:
PVID: 1      
Ingress Filtering: Enabled    
Acceptable Frame Type: Admit All   

Port 1/g10 is statically configured to:

VLAN    Name                              Egress rule
----    --------------------------------- -----------
58                                        Untagged 
59                                        Untagged 
60                                        Untagged

on 6200:

Trunk mode- all traffic is transmitted with a vlan tag in the selected vlans.  All incoming traffic must be tagged in the selected vlans or it is dropped.

General mode is much more flexible:  At its simplest, general mode ports can transmit tagged or untagged packets in the selected vlans.  Incoming traffic can be tagged or untagged. The PVID sets the vlan of incoming untagged packets.  You may also classify incoming traffic wiith MAC/IP association.

In your example, the PVID is 1, so untagged traffic will be switched in vlan 1.

Although late reaction, someone else might be helped with the answer/extra information:

For the above described situation you could use both trunk as general mode: in both cases you can define which traffic (VLAN's) are allowed on the link and in both cases you can include VLAN1 as allowed traffix.

When you connect to a Cisco switch that has a trunk configured to your Dell 62xx, M6xxx or M8xxx you will need the general mode as on a Cisco trunk the native VLAN (often Vlan1 but can be another one) is UNtagged.

Because the Dell switches in trunk mode expect all traffic (ingress) to be tagged and sends all outgoing (egress) tagged the traffic to/from native VLAN configured on the Cisco switch won't be recognized by the Dell switch and this can result in STP topology changes and thus flapping interfaces.

So when you connect your Dell switch to a Cisco switch with more then one VLAN of traffic on it use the general mode on the Dell switch as explained above.