RouterOS

  • A t tachments (0)
  • Page History
  • Page Information
  • Resolved comments
  • View in Hierarchy
  • View Source
  • Export to PDF
  • Export to Word

CRS1xx/2xx series switches

The Cloud Router Switch series are highly integrated switches with high-performance MIPS CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch, and wireless/wired unified packet processing. See Cloud Router Switch configuration examples

This article applies to CRS1xx and CRS2xx series switches and not to CRS3xx series switches. For CRS3xx series devices, read the   CRS3xx, CRS5xx series switches and CCR2116, CCR2216 routers   manual.

Cloud Router Switch models

This table clarifies the main differences between Cloud Router Switch models.

Abbreviations and Explanations

CVID - Customer VLAN id: inner VLAN tag id of the IEEE 802.1ad frame

SVID - Service VLAN id: outer VLAN tag id of the IEEE 802.1ad frame

IVL - Independent VLAN learning - learning/lookup is based on both MAC addresses and VLAN IDs.

SVL - Shared VLAN learning - learning/lookup is based on MAC addresses - not on VLAN IDs.

TPID - Tag Protocol Identifier

PCP - Priority Code Point: a 3-bit field which refers to the IEEE 802.1p priority

DEI - Drop Eligible Indicator

DSCP - Differentiated services Code Point

Drop precedence - internal CRS switch QoS attribute used for packet enqueuing or dropping.

Port Switching

In order to set up port switching on CRS1xx/2xx series switches, check the   Bridge Hardware Offloading   page.

Dynamic reserved VLAN entries (VLAN4091; VLAN4090; VLAN4089; etc.) are created in the CRS switch when switched port groups are added when a hardware offloaded bridge is created. These VLANs are necessary for internal operation and have lower precedence than user-configured VLANs.

Multiple switch groups

The CRS1xx/2xx series switches allow you to use multiple bridges with hardware offloading, this allows you to easily isolate multiple switch groups. This can be done by simply creating multiple bridges and enabling hardware offloading.

Multiple hardware offloaded bridge configuration is designed as a fast and simple port isolation solution, but it limits a part of VLAN functionality supported by the CRS switch-chip. For advanced configurations use one bridge within the CRS switch chip for all ports, configure VLANs and isolate port groups with port isolation profile configuration.

CRS1xx/2xx series switches are capable of running multiple hardware offloaded bridges with (R)STP enabled, but it is not recommended since the device is not designed to run multiple (R)STP instances on a hardware level. To isolate multiple switch groups and have (R)STP enabled you should isolate port groups with port isolation profile configuration.

Global Settings

CRS switch chip is configurable from the   /interface ethernet switch   console menu.

Sub-menu:   /interface ethernet switch

Port Settings

Sub-menu:   /interface ethernet switch port

Forwarding Databases

Unicast fdb.

The unicast forwarding database supports up to 16318 MAC entries.

Sub-menu:   /interface ethernet switch unicast-fdb

Multicast FDB

CRS125 switch-chip supports up to 1024 entries in MFDB for multicast forwarding. For each multicast packet, destination MAC or destination IP lookup is performed in MFDB. MFDB entries are not automatically learned and can only be configured.

Sub-menu:   /interface ethernet switch multicast-fdb

Reserved FDB

Cloud Router Switch supports 256 RFDB entries. Each RFDB entry can store either Layer2 unicast or multicast MAC address with specific commands.

Sub-menu:   /interface ethernet switch reserved-fdb

The VLAN table supports 4096 VLAN entries for storing VLAN member information as well as other VLAN information such as QoS, isolation, forced VLAN, learning, and mirroring.

Sub-menu:   /interface ethernet switch vlan

Egress VLAN Tag

Egress packets can be assigned different VLAN tag format. The VLAN tags can be removed, added, or remained as is when the packet is sent to the egress port (destination port). Each port has dedicated control on the egress VLAN tag format. The tag formats include:

The Egress VLAN Tag table includes 4096 entries for VLAN tagging selection.

Sub-menu:   /interface ethernet switch egress-vlan-tag

Ingress/Egress VLAN Translation

The Ingress VLAN Translation table allows for up to 15 entries for each port. One or multiple fields can be selected from the packet header for lookup in the Ingress VLAN Translation table. The S-VLAN or C-VLAN or both configured in the first matched entry are assigned to the packet.

Sub-menu:   /interface ethernet switch ingress-vlan-translation

Sub-menu:   /interface ethernet switch egress-vlan-translation

Below is a table of traffic that triggers a rule that has a certain VLAN format set, note that traffic that is tagged with VLAN ID 0 is a special case that is also taken into account.

If  VLAN-format  is set to  any , then  customer-vid/service-vid  set to  0  will trigger the switch rule with VLAN 0 traffic. In this case, the switch rule will be looking for untagged traffic or traffic with VLAN 0 tag, only  untagged-or-tagged  will filter out VLAN 0 traffic in this case.

Protocol Based VLAN

Protocol Based VLAN table is used to assign VID and QoS attributes to related protocol packet per port.

Sub-menu:   /interface ethernet switch protocol-based-vlan

MAC Based VLAN

MAC Based VLAN table is used to assign VLAN based on source MAC.

Sub-menu:   /interface ethernet switch mac-based-vlan

All CRS1xx/2xx series switches support up to 1024 MAC Based VLAN table entries.

1:1 VLAN Switching

1:1 VLAN switching can be used to replace the regular L2 bridging for matched packets. When a packet hits a 1:1 VLAN switching table entry, the destination port information in the entry is assigned to the packet. The matched destination information in UFDB and MFDB entry no longer applies to the packet.

Sub-menu:   /interface ethernet switch one2one-vlan-switching

Port Isolation/Leakage

The CRS switches support flexible multi-level isolation features, which can be used for user access control, traffic engineering and advanced security and network management. The isolation features provide an organized fabric structure allowing user to easily program and control the access by port, MAC address, VLAN, protocol, flow and frame type. The following isolation and leakage features are supported:

  • Port-level isolation
  • MAC-level isolation
  • VLAN-level isolation
  • Protocol-level isolation
  • Flow-level isolation
  • Free combination of the above

Port-level isolation supports different control schemes on source port and destination port. Each entry can be programmed with access control for either source port or destination port.

  • When the entry is programmed with source port access control, the entry is

applied to the ingress packets.

  • When the entry is programmed with destination port access control, the entry

is applied to the egress packets.

Port leakage allows bypassing egress VLAN filtering on the port. Leaky port is allowed to access other ports for various applications such as security, network control and management. Note: When both isolation and leakage is applied to the same port, the port is isolated.

Sub-menu:   /interface ethernet switch port-isolation

Sub-menu:   /interface ethernet switch port-leakage

The Trunking in the Cloud Router Switches provides static link aggregation groups with hardware automatic failover and load balancing. IEEE802.3ad and IEEE802.1ax compatible Link Aggregation Control Protocol is not supported. Up to 8 Trunk groups are supported with up to 8 Trunk member ports per Trunk group. CRS Port Trunking calculates transmit-hash based on all following parameters: L2 src-dst MAC + L3 src-dst IP + L4 src-dst Port.

Sub-menu:   /interface ethernet switch trunk

Quality of Service

Traffic shaping restricts the rate and burst size of the flow which is transmitted out from the interface. The shaper is implemented by a token bucket. If the packet exceeds the maximum rate or the burst size, which means no enough token for the packet, the packet is stored to buffer until there is enough token to transmit it.

Sub-menu:   /interface ethernet switch shaper

Ingress Port Policer

Sub-menu:   /interface ethernet switch ingress-port-policer

The global QoS group table is used for VLAN-based, Protocol-based and MAC-based QoS group assignment configuration.

Sub-menu:   /interface ethernet switch qos-group

DSCP QoS Map

The global DSCP to QOS mapping table is used for mapping from the DSCP of the packet to new QoS attributes configured in the table.

Sub-menu:   /interface ethernet switch dscp-qos-map

DSCP To DSCP Map

The global DSCP to DSCP mapping table is used for mapping from the packet's original DSCP to new DSCP value configured in the table.

Sub-menu:   /interface ethernet switch dscp-to-dscp

Policer QoS Map

Sub-menu:   /interface ethernet switch policer-qos-map

Access Control List

Access Control List contains of ingress policy and egress policy engines and allows to configure up to 128 policy rules (limited by RouterOS). It is advanced tool for wire-speed packet filtering, forwarding, shaping and modifying based on Layer2, Layer3 and Layer4 protocol header field conditions.

See Summary section for Access Control List supported Cloud Router Switch devices.

Due to hardware limitations, it is not possible to match broadcast/multicast traffic on specific ports. You should use port isolation, drop traffic on ingress ports or use VLAN filtering to prevent certain broadcast/multicast traffic from being forwarded.

Sub-menu:   /interface ethernet switch acl

ACL condition part for MAC-related fields of packets.

ACL condition part for VLAN-related fields of packets.

ACL condition part for IPv4 and IPv6 related fields of packets.

ACL rule action part.

Filter bypassing part for ACL packets.

ACL Policer

Sub-menu:   /interface ethernet switch acl policer

  • CRS1xx/2xx series switches examples
  • CRS1xx/2xx VLANs with Trunks
  • Basic VLAN switching
  • Bridge Hardware Offloading
  • Spanning Tree Protocol
  • IGMP Snooping
  • DHCP Snooping and Option 82
  • MTU on RouterBOARD
  • Layer2 misconfiguration
  • Powered by Atlassian Confluence 8.7.2
  • Printed by Atlassian Confluence 8.7.2
  • Report a bug
  • Atlassian News

Troubleshooting VLANs & Trunks

Lesson Contents

In a previous lesson I explained some of the possible interface issues that we can encounter. Once you verified that your interface(s) are configured correctly and you are still having issues, the problem might be related to VLANs & Trunks. Let’s take a look at some common issues and how to solve them.

VLAN assignment issues

Here is the topology:

host 1 switch 1 host 2

H1 is unable to ping H2. There are no issues with the hosts, the problem is related to the switch. Let’s see what happens when we try a ping:

The two computers are unable to ping each other (what a surprise!). Let’s do a quick check if there are any interface errors:

The interfaces are looking good, no errors here. Let’s check the VLAN assignments:

At this moment it’s a good idea to check the VLAN information. You can use the show vlan command to quickly verify to which VLAN the interfaces belong. As you can see our interfaces are not in the same VLAN. Let’s fix this:

We’ll move interface Fa0/3 back to VLAN 1, both hosts are now in VLAN 1. Let’s try that ping again:

This solves our problem!

Lesson learned: Make sure the interface is in the correct VLAN.

Switchport mode issues

Time for another problem, same topology:

We verified that there are no interface errors, the interfaces are up and running:

The interfaces don’t show any errors. Let’s check the VLAN assignments:

Above you can see that FastEthernet 0/1 is in VLAN 10 but I don’t see FastEthernet 0/3 anywhere. Here are the possible causes:

  • Something is wrong with the interface. We proved this wrong because it shows up/up so it seems to be active.
  • The interface is not an access port but a trunk.

Let’s check the switchport information:

A quick look at the switchport information shows us what we need to know. We can confirm that interface fa0/3 is in trunk mode and the native VLAN is 1. This means that whenever H2 sends traffic and doesn’t use 802.1Q tagging that our traffic ends up in VLAN 1. Let’s turn this interface into access mode:

We’ll turn FastEthernet 0/3 into access mode and make sure it’s in VLAN 10. Let’s verify this:

Both interfaces are now active in VLAN 10. Checking the operational mode is also a good idea:

It now shows up as access mode. Let’s try that ping again:

Now I can send a ping from H1 to H2…problem solved!

Lesson learned: Make sure the interface is in the correct switchport mode (access or trunk mode).

VACL (VLAN Access-List) issues

Same two computers, same switch, different problem:

This scenario is a bit more interesting though. The computers are unable to ping each other so let’s walk through our list of “possible” errors:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic . Explained As Simple As Possible.
  • Try for Just $1 . The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 784 Lessons . More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

791 Sign Ups in the last 30 days

satisfaction-guaranteed

Forum Replies

Thanks alot Rene, these lessons are very helpful. Keep up the good work.

Hi Renee, With switchport trunk allowed vlan xx, do you have to specify this on both sides of the trunk link or is one side enough?

Regards, Hans de Roode.

Best to do it on both sides. Your switch(es) will complain when you receive traffic for VLANs that are not allowed on the trunk. It’s best practice to ensure that both ends of the trunk have the same configuration.

Hello Rene. Could you explain me what’s the difference between show ip interface brief and show interface fa0/x switchport? I’m asking this because you use first the show ip interface to check the status of a swichport (up/down) and the other to check operational mode. My question is why you don’t use only interface fa0/x switchport to get both information ( status and operatinal mode?

Hello Rodrigo

There are various ways to show the status of interfaces and each command provides different information and in different formats. The command initially chosen by Rene is the show ip interface brief will show the status and protocol of all the interfaces in a list, so you get a general picture of all interfaces with one command. If any of those interfaces are configured with IP addresses, those are also displayed.

The show interface fa0/x switchport command will show the switchport configuration of a single port in detail . This can be used when

10 more replies! Ask a question or join the discussion by visiting our Community Forum

Introduction to port-based VLAN

Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN.

Port link type

You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods:

An access port belongs to only one VLAN and sends traffic untagged. It is usually used to connect a terminal device unable to recognize VLAN tagged-packets or when there is no need to separate different VLAN members.

A trunk port can carry multiple VLANs to receive and send traffic for them. Except traffic of the default VLAN, traffic sent through a trunk port will be VLAN tagged. Usually, ports connecting network devices are configured as trunk ports.

Like a trunk port, a hybrid port can carry multiple VLANs to receive and send traffic for them. Unlike a trunk port, a hybrid port allows traffic of all VLANs to pass through VLAN untagged. You can use hybrid ports to interconnect network devices or connect to terminals.

Default VLAN

By default, VLAN 1 is the default VLAN for all ports. You can configure the default VLAN for a port as required.

Use the following guidelines when configuring the default VLAN on a port:

Because an access port can join only one VLAN, its default VLAN is the VLAN to which it belongs and cannot be configured.

Because a trunk or hybrid port can join multiple VLANs, you can configure a default VLAN for the port.

You can use a nonexistent VLAN as the default VLAN for a hybrid or trunk port but not for an access port. After you remove the VLAN that an access port resides in with the undo vlan command, the default VLAN of the port changes to VLAN 1. The removal of the VLAN specified as the default VLAN of a trunk or hybrid port, however, does not affect the default VLAN setting on the port.

The following table shows how ports of different link types handle frames:

© Copyright 2015 Hewlett Packard Enterprise Development LP

Logo

  • CCNA 200-301
  • CCNA 200-301 Labs
  • CCNP 350-401 ENCOR
  • CCNP 350-401 ENCOR Labs
  • CCNP 300-410 ENARSI

CCIE Enterprise Infrastructure

  • Cisco Packet Tracer Lab Course
  • NRS II IRP Course
  • NRS II MPLS Course
  • NRS II Service Architecture
  • Nokia Configuration Course
  • Nokia SRC Program
  • JNCIA Junos
  • HCIA (HCNA)
  • HCIA Configuration Course
  • What is Huawei R&S Certification?
  • Huawei ICT Certifications
  • Python Course
  • IPv6 Course
  • IP Multicast Course
  • NRS I Configuration Course
  • Cisco Packet Tracer How To Guide
  • Online Courses
  • Udemy Courses
  • CCNA Flashcard Questions
  • Protocol Cheat Sheets
  • Subnetting Cheat Sheet
  • Linux Cheat Sheet
  • Python Cheat Sheet
  • CLI Commands Cheat Sheets
  • Miscellaneous Cheat Sheets
  • Cisco Packet Tracer Labs
  • Cisco GNS3 Labs
  • Huawei eNSP Labs
  • Nokia GNS3 Labs
  • Short Config Videos
  • Network Tools
  • IPCisco on Social Media
  • Network Engineer Interview Questions
  • Personality Interview Training
  • Sign In/Up | Members
  • Lost password
  • Sign In/Sign Up
  • ENROLL HERE

Logo

  • VLAN Port Types and Port Assignment

vlan port assignment

In this lesson, we will focus on some of the key lessons of VLANs. We will learn how to assign ports to VLAN, VLAN Port types and VLAn Tagging.

Table of Contents

Static and Dynamic VLAN Assignments

VLANs can be assigned statically and dynamically . Static configuration is more common, but dynamic is also used.

Static VLAN assignment is like its name. You will statically assign the ports to the VLAN.

Dynamic VLAN assignment can be done by VLAN Membership Policy Server(VMPS) . VMPS needs VLAN-MAC address relationship database. Here, we will use the static one, like many network engineer.

vlan(virtual local area network) port assignment

VLAN Port Types

There are two type port used in VLANs. These are: – Access Ports, – Trunk Ports

Access ports are the ports that are member of a single VLAN . Host devices are connected to it. This is also default Cisco switch port type.

Trunk ports are the ports that are member of more than one VLAN or all VLANs . This ports are used between switches. To span VLANs between more than one switch, some ports are needed to carry VLAN information accross the switches. These ports are trunk ports. You can also carry each VLAN without using any trunk port. But this way is not efficient and not common.

vlan(virtual local area network) port types, access port, trunk port

VLAN Frame Tagging

While carrying the frames between VLANs across multiple swithes, frame tagging is required. Because the other end switch need to understand that where the frame will go ( to which VLAN) on the other end. And tagging is used only for the frames going out a trunk port. This is not used for access ports, and anyway this is not necessary.

no vlan frame tagging require

No VLAN Frame Tagging Require

drop if no vlan assignment on ports

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • IPv6 Configuration on Cisco
  • TACACS+ Configuration on Packet Tracer

Access-Lists (ACLs)

  • Extended Access List Configuration
  • Standard ACL Configuration With Packet Tracer
  • Access Control Lists for Traffic Control
  • OSPF Virtual-Link Configuration On Packet Tracer
  • OSPF SPF and Cost
  • OSPF Overview
  • OSPF Adjacency Mechanims
  • OSPF Packet Types
  • OSPF LSA Types
  • OSPF Area Types
  • OSPF Network Types
  • OSPF Miscellenaous
  • Single Area OSPF Configuration on Cisco IOS
  • OSPFv3 Configuration on Cisco IOS
  • OSPF Standard Area and Backbone Area
  • OSPF External Routes
  • OSPF Stub Area and Totally-Stub Area
  • OSPF NSSA and Totally NSSA

Link Aggregation

  • PAgP Configuration
  • Link Aggregation on Cisco IOS XR
  • LACP Configuration
  • VLAN Configuration Example 2
  • VLAN Configuration Example
  • VLAN Frame Tagging Protocols
  • RIP Configuration Example
  • RIPng Configuration Example

Neighbor Discovery

  • IPv6 NDP (Neighbour Discovery Protocol)
  • CDP Configuration Example
  • LLDP Configuration Example
  • Neighbour Discovery Protocols

Routing Fundamentals

  • CIR and PIR
  • IPv6 Static and Default Route Configuration
  • Static Route Configuration
  • Dynamic Routing Protocols
  • BFD (Bidirectional Forwarding Detection)
  • EIGRP For IPv6 Configuration Example
  • EIGRP for IPv6
  • EIGRP Configuration Example
  • EIGRP Miscellenaous
  • EIGRP Packet Types and Neighbourship Establishment
  • EIGRP Tables Types
  • Inter VLAN Routing
  • SVI Configuration Example
  • Inter VLAN Routing Configuration Example
  • Frame-Relay Configuration with both Inverse-ARP and Frame-Relay Map
  • Multipoint Frame Relay Configuration
  • Frame Relay Point-to-Point Configuration
  • Metro Ethernet

First Hop Redundancy

  • HSRP Configuration Example
  • First Hop Redundancy Protocols
  • VRRP Configuration Example
  • GLBP Configuration Example
  • Cisco BGP Route Reflector Config on GNS3
  • BGP Confederation
  • BGP Route Reflector
  • BGP Community
  • Path Attributes: MED
  • Path Attributes: Origin
  • Path Attributes: AS Path
  • Path Attributes : Local Preference
  • Path Attributes: Weight
  • BGP Next Hop Self
  • BGP Configuration Example
  • BGP Path Attributes
  • IBGP versus EBGP
  • BGP Peers, BGP Sessions and BGP Messages
  • ISIS for IPv6
  • ISIS For IPv6 Configuration on Cisco IOS
  • ISIS Configuration Example on Cisco IOS
  • IS-IS versus OSPF
  • IS-IS Adjacency
  • IS-IS Packet Types
  • IS-IS Addresses
  • SNMP Configuration Example
  • Private VLANs
  • Private VLAN Configuration on Cisco
  • DHCP Snooping Configuration on Packet Tracer
  • DHCP Option 82
  • DHCP Operation
  • How to Configure DHCP on Cisco Routers?
  • What is DHCP?
  • What is DHCP Snooping?
  • Gratuitous ARP
  • SCTP (Stream Control Transmission Protocol)
  • TCP Header Flags
  • TCP Window Size, Checksum and Urgent Pointer
  • TCP Header Options
  • TCP Header Overview
  • TCP Sequence & Acknowledgement Number
  • TCP versus UDP

Switch Security

  • Switch Port Security
  • Switch Port Security Configuration Example
  • What is Protected Port ?

VTP, GVRP, MVRP

  • MVRP Configuration on Cisco
  • GVRP Configuration on Cisco
  • VTP Configuration Example
  • PVST+ and Rapid PVST+Configuration on Packet Tracer
  • PVST+ and Rapid PVST+
  • MST (Multiple Spanning Tree)
  • MST Configuration on Cisco
  • Portfast, Root Guard, BPDU Filter and BPDU Guard
  • Loop Guard, Uplink Fast, Backbone Fast and UDLD
  • STP Operation
  • STP Configuration Example
  • RSTP Configuration Example
  • STP Portfast Configuration Example
  • SDN Components
  • New Features Coming with SDN
  • Traditional Networks Versus SDN
  • SDN Overview

IGMP and MLD

  • CGMP (Cisco Group Management Protocol)
  • IGMP Snooping
  • Cisco IGMP Configuration Example
  • MLD Snooping Configuration Example
  • MLD Operations
  • MLD Configuration Example
  • Unicast, Broadcast, Multicast, Anycast
  • Multicast IP Addressing
  • Multicast MAC Addresses
  • QoS Policing and Shaping
  • QoS Classification and Marking
  • MPSL Label Distribution
  • Enabling MPLS On Cisco Routers
  • Cisco VPLS Configuration
  • MPLS Label Switching Mechanims
  • MPLS Basics
  • MPLS VPN Labelling

LDP and RSVP

  • LDP Label Distribution

IPv4 and IPv6

  • IPv4 Subnetting
  • IPv4 Addressing
  • IPv6 Addressing
  • IPv6 Address Types

Traffic Capture

  • ERSPAN Configuration on Packet Tracer
  • Remote SPAN Configuration on Packet Tracer
  • Cisco SPAN Overview
  • Local SPAN Configuration on Packet Tracer

Cisco SD-WAN

  • Cisco SD-WAN Verification
  • Cisco vSmart Controller Configuration
  • Cisco vBond Initial Configuration
  • Cisco SD-WAN Components
  • SD-WAN Architecture

Network Security

  • Access Control Lists
  • 802.1x (Port Based Network Access Control)
  • EAPoL (Extensible Authentication Protocol over LAN)

Network Time Protocol

  • NTP (Network Time Protocol)
  • Cisco NTP Configuration

Route Redistribution

  • Route Redistribution: OSPF and EIGRP
  • Connected Networks and Static Routes Redistribution

Other Lessons

  • VPN Types and Protocols of VPN
  • Configuration Register
  • Ethernet Collisions and Troubleshooting

Latest Lessons

  • Cisco Switch Configuration on Cisco Packet Tracer Part of: CCNA 200-301
  • Switch Configuration on Cisco Packet Tracer Part of: Cisco Packet Tracer Lab Course
  • REST API Security Part of: CCNP Enterprise 350-401 ENCOR
  • Network Security: Cisco Threat Defense Part of: CCNP Enterprise 350-401 ENCOR
  • IPv6 Floating Static Routing Part of: CCNP Enterprise 350-401 ENCOR
  • IPv6 Link Local Addresses Part of: CCNP Enterprise 350-401 ENCOR
  • IPv6 Neighbour Discovery Protocol Part of: CCNP Enterprise 350-401 ENCOR
  • IPv6 Configuration Example on Packet Tracer Part of: CCNP Enterprise 350-401 ENCOR
  • Private IPv4 Address Ranges Part of: CCNP Enterprise 350-401 ENCOR
  • APIPA Addresses Part of: CCNP Enterprise 350-401 ENCOR
  • More Lessons

Latest Blog Posts

how-ransomware-attack-works-ipcisco.com

WHAT YOU WILL FIND?

  • 250.000+ Students All Over The World
  • 8.000+ Questions & Answers
  • 100+ Lab Files & Cheat Sheets
  • 30+ IT/Network Courses
  • A Real Desire To Help You
  • Daily Social Media Shares
  • %100 Satisfaction
  • CISCO Courses
  • NOKIA Courses
  • HUAWEI Courses
  • JUNIPER Courses
  • PYTHON Course
  • KEY Courses
  • VIDEO Courses
  • UDEMY Courses
  • Cheat Sheets
  • Configuration Files
  • Interview Questions
  • IPCisco On Social Media
  • Pärnu mnt. 139c – 14, 11317, Tallinn, Estonia
  • [email protected]

Configuring VLANs on Aruba Switches

The Aruba switches support the following types of VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. :

  • Port-based VLANs—In the case of trusted interfaces, all untagged traffic is assigned a VLAN based on the incoming port.
  • Tag-based VLANs—In the case of trusted interfaces, all tagged traffic is assigned a VLAN based on the incoming tag.

The Aruba Mobility Access Switch also supports the following types of VLANs:

  • Voice VLANs—You can use voice VLANs to separate voice traffic from data traffic when the voice and data traffic are carried over the same Ethernet Ethernet is a network protocol for data transmission over LAN. link.
  • MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based VLANs—In the case of untrusted interfaces, you can associate a client to a VLAN based on the source MAC of the packet. Based on the MAC, you can assign a role to the user after authentication.

Adding VLAN Details

By default, all ports in the Switches are assigned to VLAN 1. However, if the ports are assigned to different VLANs, the VLANs page displays their details.

To add a VLAN, complete the following steps:

  • Set the filter to a group containing at least one switch. The dashboard context for the group is displayed.
  • Under Manage , click Devices > Switches .
  • Click the Config icon to view the switch configuration dashboard.
  • Set the filter to Global or a group containing at least one switch.
  • Under Manage , click Devices > Switches . A list of switches is displayed in the List view.
  • Click a switch under Device Name . The dashboard context for the switch is displayed.
  • Under Manage , click Device . The tabs to configure the switch is displayed.
  • Click Interface > VLANs . The VLANs page is displayed.
  • In the Ports table, select the port number(s).
  • Tagged Ports
  • Untagged Ports
  • To assign the VLAN to a trunk group, select the trunk group in the Trunk Groups table.
  • Click Save Settings .

When you upgrade to Aruba Central version 2.5.2, the static IP address configured at group level for VLANs is migrated to device level and preserved as overrides. The static IP assignment is available only at the device level.

Editing the VLAN Details

To edit the details of a VLAN, point to the row for the VLAN, and click the edit icon in the Actions column, and configure the parameters.

Deleting VLAN Details

To delete the VLAN details, complete the following steps:

  • Ensure that the VLANs are not tagged to any ports.
  • Point to the row for the VLAN, and click the edit icon in the Actions column.

VLAN 1 is the primary VLAN and cannot be deleted.

Configuring DHCP Relay Settings

You can configure a switch as a DHCP relay agent for transmitting DHCP messages between the DHCP server and client. You can also configure the option-82 feature for the switch to include DHCP relay information in the forwarded DHCP request messages.

To configure a switch as a DHCP relay agent, complete the following steps:

  • Expand the DHCP Relay Settings accordion.

DHCP Relay option is enabled by default.

  • To enable option-82 feature, move the DHCP Relay Option 82 toggle switch to the on position.

drop if no vlan assignment on ports

  • Skip to content
  • Skip to search
  • Skip to footer

Dynamic VLAN Assignment and Auto Smartport Configuration on a SG350X and SG550X

Available languages, download options.

  • PDF (4.0 MB) View with Adobe Reader on a variety of devices
  • ePub (3.9 MB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle) (3.7 MB) View on Kindle device or Kindle app on multiple devices

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

This document provides instructions on how to configure the Generic VLAN Registration Protocol (GVRP) settings and Auto Smartport on your switches.

If you are unfamiliar with some terms in this document, check out Cisco Business: Glossary of New Terms .

Introduction

Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol or Generic VLAN Registration Protocol (GVRP) allows devices to dynamically exchange Virtual Local Area Network (VLAN) configuration information to make configuration of VLANs easier. When GVRP is globally enabled, the manually/statically created VLANs will automatically propagate the VLAN ID to interconnecting switches and interfaces. Dynamic VLAN Assignment is used to eliminate the chance for error when configuring VLANs when working with large networks. When the switch receives VLAN information through GVRP and GVRP Registration, the receiving interface joins that VLAN. If an interface attempts to join a VLAN that does not exist and Dynamic VLAN creation is enabled, the switch automatically creates the VLAN.

It is important to note that in order for this to work on an access port, the end device has to be GVRP enabled (GVRP enabled NICs if they are servers or PCs).

Smartport is an interface to which a built-in or user-defined macro may be applied. These macros are designed to provide a means of quickly configuring the device to support the communication requirements and utilize the features of various types of network devices. The network access and QoS requirements vary if the interface is connected to an IP phone, a printer, a router, and/or Access Point (AP).

Applicable Devices

  • SG350X Series
  • SG550X Series

Software Version

To configure Dynamic VLAN Assignment and Auto Smartport Configuration, follow the guideline below:

drop if no vlan assignment on ports

Note: The 2 non-active switches are not connected to the active switch until the conclusion.

The port that is being configured with GVRP must be configured in truck mode or general mode as GVRP requires support for tagging. When the VLAN's propagate from the active switch to the non-active switches via GVRP, it would be considered as dynamic VLANs.

Note : If there is an error "vlan not created by user", then only static VLANs (manually created) can be added to a port configured as an access port. GVRP does not work the same as VTP (Server – Client).

The steps below are configured in Advanced mode in the Display Mode field at the top of the web configuration page .

drop if no vlan assignment on ports

Table of Contents

  • Configuring Auto Smartports on the SG350XG and SG550XG
  • Configure GVRP settings on the SG550X-24 (active)
  • Setting up VLAN settings on the SG550X-24 (active)
  • How to Configure Interface settings on SG550X-24 (active)
  • How to Set Up Port VLAN Membership on the active Switch
  • Configuring GVRP on the Non-active switch
  • Setting up Interface settings on the Non-active switch

Verification

Configure gvrp settings on the sg550x-24 (active).

To learn more about configuring GVRP Settings on a switch, click here .

Step 1. Log in to the web-based utility of your active switch and navigate to VLAN Management > GVRP Settings .

Note: In this example, one of the SG550X-24 will be the active switch.

drop if no vlan assignment on ports

Step 2. Check the Enable checkbox to enable GVRP Global Status to globally enable GVRP on the switch.

drop if no vlan assignment on ports

Step 3. Click Apply to enable GVRP features.

drop if no vlan assignment on ports

Step 4. Click the radio button of the interface on which you would like to configure GVRP. Then click Edit...  to modify the GVRP settings for the selected interface.

Note: In this example, we will be configuring GE23 and GE24.

drop if no vlan assignment on ports

Step 5. The Edit GVRP Setting window appears.

drop if no vlan assignment on ports

Step 6. (Optional) Click the appropriate radio button and choose a new interface from the Port or Link Aggregation Group (LAG) drop-down list to change the interface whose settings you want to change. LAG bundles individual Ethernet links into a single logical link that can increase the throughput further than a single connection can support.

drop if no vlan assignment on ports

Step 7. Check the Enable checkbox in the GVRP State field to enable GVRP features on this interface.

drop if no vlan assignment on ports

Step 8. Check the  Enable  check box in the Dynamic VLAN Creation field to have a VLAN dynamically created if it does not exist when GVRP information is received for that VLAN on the selected interface. If Dynamic VLAN Creation is disabled, the switch only recognizes VLANs that have been manually created.

Note: This is enabled by default.

drop if no vlan assignment on ports

Step 9. (Optional) Check the  Enable  check box in the GVRP Registration field to have the selected interface join a VLAN when GVRP information is received for that VLAN on the selected interface. If GVRP registration is disabled, an interface only associates with a VLAN that it is manually configured to be on.

drop if no vlan assignment on ports

Step 10. Click Apply to save the updated GVRP settings for the selected interface and then click Close to exit the Edit GVRP Setting window.

drop if no vlan assignment on ports

Step 11. (Optional) To copy the GVRP settings of one interface to several other interfaces, click the radio button of the desired interface and click Copy Settings . The Copy Settings window appears.

drop if no vlan assignment on ports

Step 12. (Optional) Enter the interface number(s) or interface name(s) of the interface(s) to which you wish to copy the settings of the chosen interface in the provided field. Then click Apply to save your changes or click Close to cancel your changes.

drop if no vlan assignment on ports

Setting Up VLAN Settings on the SG550X-24 (active)

Step 1. Navigate to VLAN Management > VLAN Settings .

drop if no vlan assignment on ports

Step 2. Click Add...  to create new VLANs. The Add VLAN window appears.

Note: There are two ways to create a VLAN. You can create a single VLAN or you can set a range of new VLANs. In this example, we will be creating a range of VLANs.

drop if no vlan assignment on ports

Step 3. To create a single VLAN, click the VLAN radio button. Then enter the following information:

  • VLAN ID — The ID of the new VLAN.
  • VLAN Name — The name of the new VLAN

drop if no vlan assignment on ports

Step 4. To create a range of VLANs, click the Range radio button. Then enter the following information:

  • VLAN Range — The range, according to the number of VLANs you want to create. For example, if you want to create 10 VLANs, then enter a range that will fit your needs. In this example, we will create VLAN 10 to 20.

drop if no vlan assignment on ports

Step 5. Click Apply to save your configuration.

drop if no vlan assignment on ports

How to Configure Interface Settings on the SG550X-24 (active)

Step 1. Navigate to VLAN Management > Interface Settings .

drop if no vlan assignment on ports

Step 2. Select a Global Ethertype Tagging method. The options are:

  • Dot1q-8100 — Also known as IEEE 802.1Q. It is the standard for tagging frames on a trunk and supports up to 4096 VLANs. The TPID is usually set to 0x8100 to identify the frame as an IEEE802.1Q frame.
  • Dot1ad-88a8 — implements a standard protocol for double tagging of data by using a feature called QinQ. Data traffic coming from the customer side are double tagged in the provider network where the inner tag is the customer-tag (C-tag) and the outer tag is provider-tag (S-tag). S-VLAN tag or S-tag is known as Service tag which is used to forward packets into the provider network. The S-tag segregate traffic between various customers, while preservice the customer VLAN tags. This is done with QinQ which provides isolation between service provider networks and customers' networks. The device is a provider bridge that supports port-based c-tagged service interface.
  • 9100 — Non-standard QinQ ethertype
  • 9200 — Non-standard tagging.

Note: In this example, we used the default Dot1q-8100 for the Global Ethertype Tagging.

drop if no vlan assignment on ports

Step 3. Click Apply .

drop if no vlan assignment on ports

Step 4. Click the radio button of the interface that you have configured GVRP. Ports that are configured with GVRP needs to be configured as trunk ports.

Note: In this example, we will be configuring GE23 and GE24 as trunk ports.

drop if no vlan assignment on ports

Step 5. Click Edit...  to edit the interface. The Edit Interface Settings windows opens.

drop if no vlan assignment on ports

Step 6. (Optional) Click the appropriate radio button and choose a new interface from the Port or LAG drop-down list to change the interface whose settings you want to change.

drop if no vlan assignment on ports

Step 7. Select either Layer 2 or Layer 3 in the Switchport Mode field.

Note: In this example, the default (Layer 2) was selected.

drop if no vlan assignment on ports

Step 8. Select Trunk in the Interface VLAN Mode  drop-down list. The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs.

drop if no vlan assignment on ports

Step 9. Select an Ethertype Tagging method for the S-VLAN tag. The options are:

  • Use Global Setting (Dot1q)
  • Dot1q - 8100
  • Dot1ad - 88a8

Note: In this example, we used the default value: Use Global Setting (Dot1q) .

drop if no vlan assignment on ports

Step 10. Then click Apply to save the changes.

drop if no vlan assignment on ports

Step 11. (Optional) If you have configured GVRP on more than one interface then you can select the interface that you have just configured and click Copy Settings... . This will allow you to copy the configuration that you have just configured to other interfaces.

drop if no vlan assignment on ports

Step 12. (Optional) In the pop-up window that appears, enter the port where you wish to apply the same settings and click Apply .

Note: In this example, the settings from GE23 are going to be copied to GE24 only.

drop if no vlan assignment on ports

How to Set Up Port VLAN Membership Settings on the active Switch

Step 1. Navigate to VLAN Management > Port VLAN Membership .

drop if no vlan assignment on ports

Step 2. Click the radio button of the interfaces that you have configured as trunk port.Then click Join VLAN...  to edit the VLAN membership of that interface.

drop if no vlan assignment on ports

Step 3. (Optional) Click the appropriate radio button and choose a new interface from the Port or LAG drop-down list to change the interface whose settings you want to change.

drop if no vlan assignment on ports

Step 4. When the port is in Trunk mode, it will be a member of this VLAN. Select the Native VLAN ID in the Native VLAN ID drop-down list.

Note: In this example, we will be using VLAN 1 as the native VLAN ID.

drop if no vlan assignment on ports

Step 5. Select User Defined radio button in the Tagged VLANs field. Then enter the VLAN ID's that you want this port to be a member of.

Note: In this example, we will be using VLAN: 1, 10-20 for GE23 and GE24.

drop if no vlan assignment on ports

Step 6. Then click Apply to save your changes.

Note: Repeat steps 2-6 if you have more interfaces that needs to be configured.

drop if no vlan assignment on ports

Step 7. Press the Save button on the top to save your configuration to the startup configuration file.

drop if no vlan assignment on ports

Configuring GVRP Settings on the Non-active Switch

Step 1. Log into the web configuration page of the non-active switch and navigate to VLAN Management > GVRP Settings . The GVRP Settings page opens.

Note: Since the non-active switches is not connected to the active switch, the default IP address is 192.168.1.254. You would have to put your PC to have a static IP address in that network in order to connect to it.

drop if no vlan assignment on ports

Proceed to configure the same way as the section: Configure GVRP Settings on SG550X-24 (active) for both of the non-switches. Configure only the port that is going to be connected to the active SG550X-24 switch. In this example, both of the non-active switch is using port 24 to connect to the active switch.

Setting Up Interface Settings on SG550X-24 Non-active Switch

Step 1. Navigate to VLAN Management > Interface Settings . The Interface Settings page opens.

drop if no vlan assignment on ports

Proceed to configure the same way as: How to Configure Interface Settings on the SG550X-24 (active) for both of the non-switches. Configure only the port that is connected to the active switch as trunk port. In this example, GE24 is configured as trunk for both of the switches.

Before we can verify that GVRP is working, there is a few more steps that needs to be done. Follow the last few steps below:

Step 1. Connect the cable from your non-active switch to the active switch.

Note: In this example, we will be connecting one of the non-active SG550X-24 (port 24) to the active SG550X-24 (port 23).

Step 2. Connect the cable from your second non-active switch to the active switch.

Note: In this example, we will be connecting the other non-active SG550X-24(port 24) to the active SG550X-24 (port 24).

Note: If you don't see any VLANs created by GVRP automatically in the VLAN Management > Create VLAN. A reboot may be required for your switches.

Step 3. Navigate to VLAN Management > Create VLAN on the non-active switch to see if VLAN 10-20 has been created.

drop if no vlan assignment on ports

Step 4. Navigate to Status and Statistics > View Log > RAM Memory and check to see if GVRP has created VLAN 10-20 for both of the non-active switches.

drop if no vlan assignment on ports

You have now successfully configured Dynamic VLANs and Auto Smartport configuration.

Check out the following links to view related videos:

Configuring Generic VLAN Registration Protocol (GVRP) on Cisco RV345

Smartport Configuration

Was this Document Helpful?

Feedback

Contact Cisco

login required

  • (Requires a Cisco Service Contract )

drop if no vlan assignment on ports

IMAGES

  1. VLAN Port Assignment and VLAN Port Types ⋆ IpCisco

    drop if no vlan assignment on ports

  2. Adding or changing a VLAN port assignment (Menu)

    drop if no vlan assignment on ports

  3. Adding or changing a VLAN port assignment (Menu)

    drop if no vlan assignment on ports

  4. How To Check The VLAN Assignment For A Huawei Switch Port

    drop if no vlan assignment on ports

  5. VLAN Port Assignment and VLAN Port Types ⋆ IpCisco

    drop if no vlan assignment on ports

  6. Workaround for VLAN Management IP Address Assignment

    drop if no vlan assignment on ports

VIDEO

  1. Travel Healthcare Is Unpredictable: Plans For Our Next Travel Assignment Away From Home

  2. Konfigurasi VLAN PTSA 3.3.12 (januari 2024)

  3. VLAN Access Ports || Explained concept & Configuration || CCNA Routing & Switching

  4. Just drop no scan self checkout

  5. TP-Link 8 Port Gigabit Switch

  6. Network Security and Scanning

COMMENTS

  1. Configure Port to VLAN Interface Settings on a Switch through ...

    vlan-id - Specifies the VLAN to which the port is configured. none - Specifies that the access port cannot belong to any VLAN. Note: In this example, the range of ports is assigned to VLAN 30. Step 7. (Optional) To return the port or range of ports to the default VLAN, enter the following: SG350X(config-if-range)#no switchport access vlan. Step 8.

  2. CRS1xx/2xx series switches

    Ports which drop frames if no MAC-based, Protocol-based VLAN assignment or Ingress VLAN Translation is applied. drop-if-invalid-or-src-port- -not-member-of-vlan-on-ports ( ports ; Default: none ) Ports that drop invalid and other port VLAN id frames.

  3. Troubleshooting VLANs & Trunks

    You can use the show vlan command to quickly verify to which VLAN the interfaces belong. As you can see our interfaces are not in the same VLAN. Let's fix this: SW1(config)#interface fa0/3 SW1(config-if)#switchport access vlan 1. We'll move interface Fa0/3 back to VLAN 1, both hosts are now in VLAN 1. Let's try that ping again:

  4. VLAN Port Assignments > VLANs and Trunking

    After creating a VLAN, you can manually assign a port to that VLAN and it will be able to communicate only with or through other devices in the VLAN. Configure the switch port for membership in a given VLAN as follows: Statically assign a VLAN: COS. set vlan number mod/port. IOS. (global) interface type mod/port.

  5. VLAN Best Practices and Security Tips for Cisco Business Routers

    Best Practice #1 - VLAN Port Assignment Port Assignment Basics. Each LAN port can be set to be an access port or a trunk port. VLANs that you don't want on the trunk should be excluded. ... Select the drop-down menu for any of the LAN interfaces for VLANs listed to edit the VLAN tagging. Click Apply.

  6. Managing VLAN Ports with VLAN Port Assignment

    VLAN Port Assignment is an application that displays device, port, and related VLAN information for an associated VTP domain in a tabular format and helps you manage ports on your network's VLANs. Use VLAN Port Assignment to: • Assign or move ports to a VLAN. • View port, device, and trunk attributes. • View and find port information in a ...

  7. PDF Packet Tracer

    Part 3: Maintain VLAN Port Assignments and the VLAN Database In Part 3, you will change port VLAN assignments and remove VLANs from the VLAN database. Step 1: Assign a VLAN to multiple interfaces. From the Desktop Tab on each PC, use Terminal to continue configuring both network switches. Open configuration window a.

  8. Introduction to port-based VLAN

    Drop the frame if its VLAN ID is different from the default VLAN ID. Remove the VLAN tag and send the frame. Check whether the default VLAN is permitted on the port: If yes, tag the frame with the default VLAN tag. If not, drop the frame. Receive the frame if its VLAN is carried on the port. Drop the frame if its VLAN is not carried on the port.

  9. 3.4.6 Lab

    Part 3: Maintain VLAN Port Assignments and the VLAN Database. Step 1: Assign a VLAN to multiple interfaces. Step 2: Remove a VLAN assignment from an interface. Step 3: Remove a VLAN ID from the VLAN database. Part 4: Configure an 802.1Q Trunk Between the Switches. Step 1: Use DTP to initiate trunking on F0/1.

  10. Understanding VLAN Assignments

    The assignment of VLANs are (from lowest to highest precedence): 1. The default VLAN is the VLAN configured for the WLAN (see Virtual AP Profiles ). 2. Before client authentication, the VLAN can be derived from rules based on client attributes (SSID, BSSID, client MAC, location, and encryption type).

  11. PDF Assign an Interface VLAN as an Access or Trunk Port on a Cisco Business

    Private VLAN-Promiscuous - Select to set the interface as promiscuous. VLAN Mapping-Tunnel - Select to set the interface as a VLAN tunnel edge port. VLAN Mapping-One to One - Select to set the interface as to be used as a VLAN mapping one to one edge port. Note: For this example, Trunk was chosen. Step 5. Click€Apply. Step 6.

  12. VLAN Port Types and Port Assignment ⋆ IpCisco

    VLAN Port Types. There are two type port used in VLANs. These are: - Access Ports, - Trunk Ports. Access ports are the ports that are member of a single VLAN. Host devices are connected to it. This is also default Cisco switch port type. Trunk ports are the ports that are member of more than one VLAN or all VLANs.

  13. vlan management without assigning an interface to the vlan

    3. Add VLAN 40 as a trunked/tagged VLAN on the uplink port of the switch. This will make it active (since it has an active interface) and allow you to reach it in the first place if you are coming from a remote switch. Share. Improve this answer.

  14. Configure Dynamic VLAN Assignment with ISE and Catalyst 9800 ...

    Complete these steps: From the ISE GUI, navigate to Administration > Identity Management > Identities and select Add. Complete the configuration with the username, password, and user group as shown in the image: Step 3. Configure the RADIUS (IETF) attributes used for dynamic VLAN Assignment.

  15. VLAN Port Types and Port Assignment ⋆ IpCisco

    VLAN Port Types. There are two type port used in VLANs. These are: - Access Ports, - Trunk Ports. Access ports are the ports that are member of a single VLAN. Host devices are connected to it. This is also default Cisco switch port type. Trunk ports are the ports that are member of more than one VLAN or all VLANs.

  16. Configuring VLANs on Aruba Switches

    Under Manage, click Device. The tabs to configure the switch is displayed. Click Interface > VLANs. The VLANs page is displayed. In the VLANs Settings accordion, click + to add a VLAN and configure the following parameters. Table 1: Configuring and Viewing VLAN Parameters. Name.

  17. Dynamic VLAN Assignment and Auto Smartport Configuration on a ...

    Step 4. When the port is in Trunk mode, it will be a member of this VLAN. Select the Native VLAN ID in the Native VLAN ID drop-down list. Note: In this example, we will be using VLAN 1 as the native VLAN ID. Step 5. Select User Defined radio button in the Tagged VLANs field. Then enter the VLAN ID's that you want this port to be a member of.