1. Home
  2. Ethernet LAN
  3. 802.1Q questions

802.1Q questions

Hi,

My Internet Access Provider has a citywide optical Ethernet, using

802.1Q VLANS. Basically, they've taken each IP address range they have, subclassed them and tied each of the subclassed address ranges to its own VLAN. For better or worse, this is my environment.

Now that we are getting 5 new sub-class-C address spaces, I need to be able to work with our providers 802.1Q tagging. I got a decent switch with an ssh and https management interface, so now I have to figure out how to make this thing work.

Unfortunately, I haven't really been able to google up definitive information on how to go about implementing this, and we don't feel like paying the access providers slightly exorbitant consulting fees.

From what sources I've been able to find, I know for sure I can have my web servers (Linux-based, Intel PRO/100 Nics) handle 802.1Q tagged frames, incoming and outgoing. Is it also true that I can have the switch strip out and add the 802.1Q tags as needed? If so, this would seem like a bit less work.

Can anyone point me towards good information on this stuff? I fell asleep reading the IEEE standard ... ;)

Reply to
Christopher L. Everett
Loading thread data ...

SMC 6724AL2, firmware version 2.0.5.0.

The price was right, the documentation leaves a lot to be desired.

It would be nice, but not necessary to have a recipe. But I badly need a general idea of how to proceed.

Reply to
ceverett

In article , Christopher L. Everett wrote: :Now that we are getting 5 new sub-class-C address spaces, I need to :be able to work with our providers 802.1Q tagging.

:Is it also true that I can have the :switch strip out and add the 802.1Q tags as needed?

Usually, but not universally so. For example some of the older IOS releases for some of the Cisco products allow passing through of trunks, but do not allow access ports to place traffic into those trunks.

You didn't mention your switch model or software version, so I'm not going to make guesses about what -exactly- you have to do in order to set ports to untag vlans on egress and tag into the vlan on ingress. It is very common to be able to do this, but different vendors do it in different ways and sometimes use different terminology.

Reply to
Walter Roberson
[re: stripping 802.1Q tags]

:SMC 6724AL2, firmware version 2.0.5.0.

Looks like they pretty much stole the CLI from Cisco.

Page 2-115 of the management manual.

e.g. [taken from the documentation]

vlan database vlan 2 name R&D media ethernet state active end

interface ethernet 1/1 switchport allowed vlan add 2 tagged

interface ethernet 1/2 switchport allowed vlan add 2 untagged

The first part creates the vlan and activates it. Use the VLAN numbers your ISP gives you. The 'name' is expected to be a single 'word', but you can probably use a double-quoted string there. You might as well create all your vlans first.

The second part tells the switch that you want interface ethernet 1/1 to be a tagged member of vlan 2. Repeat the 'add' command for all vlans your ISP is providing to you, on the interface that you are going to connect to your WAN.

The third part tells the switch that you want interface ethernet 1/2 to be an untagged member of vlan 2. This would mean that any packets received for VLAN 2 will be sent out the port, but that the 802.1Q tag will be stripped off before the packets are sent. Conversely, when any packet comes in to the port, the switch will tag it with vlan #2 and will then direct it to all the appropriate places that are part of vlan #2. This is thus the mechanism you use to break the ISP supplied vlans out for particular hosts: you attach the host to a port, and you set the port to be an untagged member of the VLAN corresponding to the IP range the port should be in.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.