07-08-2013 07:13 AM
We have a customer that has active switchports on the default VLAN(1). As part of our best practices, we are trying to move ALL ports out of the default vlan. We have tagged VLANs on the switch uplink ports, but none of them are VLAN1. So, I would expect that anything plugged into a port still on VLAN1 would be effectively isolated to that switch, correct?
I created a new VLAN and moved the ports on the switch from VLAN1 to a new VLAN.... then the customer informs me that they had servers in those ports that are now offline. I'm confused as to how anything would have been getting out on VLAN1 previously that now wouldn't when moved to a different VLAN.
Is there some sort of default VLAN behavior that I'm unaware of that allows it to get traffic off the switch? It's almost as though vlan1 is untagged over the uplink ports....
It's not that we can't work around the problem- I'm just wondering how the heck it was working as configured.
07-08-2013 10:09 AM
Could you tell me which switch you are talking about here? I am assuming its one of the FastIron switches? After reading the config guide, I did not happen to find anything relevant. But let me further research & see what I can find on this.
07-08-2013 01:48 PM
Hello dcp138, By default all the ports are part of default vlan & are untagged.
When the ports are added to another Vlan (tagged), they will be removed from the default vlan. Any traffic flowing through those ports will now be affected which is why I believe you are seeing the Servers go offline. Is this what you are looking for?
07-09-2013 05:04 AM
What we had was a switch with some ports still in the default vlan. There were also some ports untagged in a different VLAN (access ports). Finally, the uplink port on the switch is tagged with the created VLAN.
It almost seems like VLAN1 was still untagged over the uplink port even though it had a tagged VLAN on it as well. I thought this is what the dual mode command was for. Is VLAN1 still untagged by default even if the same port has tagged VLANs on it?
If so, I guess dual mode only comes into play if you need an untagged vlan other than 1?