Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 10
Registered: ‎08-25-2015

Tagged and Untagged

Hi ,

 

I am a little confused about these tagged and untagged ports as to when they can be used.

 

I know tagged means trunk it can carry multiple vlans and untagged means cisco's access mode, it can carry just one vlan.

 

First question what should the port be tagged or untagged for a ESXi host that has host in multiple subnets? Only one subnet is part of a vlan (used for management) while the rest subnets are DMZ and local lan which is not configured as vlan. We are in the process of shifting to a datacenter setup which will have subnet with vlans and subnets without vlans like DMZ.

 

Second question I am using port based vlans. let's say I have a vlan 4000 on the Brocade switch which works on subnet 172.16.0.1/24.

So if a port that tagged in vlan 4000 and I want to connect a Server with IP address that does not belong to that subnet for example 1.1.1.1/24 will it work? My routing is done through Juniper Firewall which has a DMZ port without vlan and a port configured with vlan for management.

 

Third question What do i use to connect ports from firewall like DMZ port without vlans, tagged or untagged ports ?

Contributor
Posts: 37
Registered: ‎02-27-2015

Re: Tagged and Untagged

Hi,

 

Here my answers:

 

1) If you are tagging vlans at ESXI side you must tagged those vlans on Brocade side too.

 

2 also 3 )

You should use route-only interface to communicate with Firewalls which have no vlan config on it:

Example:

SSH@ICX7450-24P Router(config)#int e 1/1/24
SSH@ICX7450-24P Router(config-if-e1000-1/1/24)#rou
route-only Disable Layer 2 switching
SSH@ICX7450-24P Router(config-if-e1000-1/1/24)#route-only
SSH@ICX7450-24P Router(config-if-e1000-1/1/24)#ip address 1.1.1.2 255.255.255.0

 

so you can communicate with 1.1.1.1 over L3 interface. Just static routing/default gw is needed on both Brocade and Juniper Firewall side.

 

If you have any questions please dont hestitate to ask.

--
Best Regards
Destan YILANCI
Occasional Contributor
Posts: 10
Registered: ‎08-25-2015

Re: Tagged and Untagged

Thanks Destan for your response.

 

You are right regarding tagging and untagging.

 

For my ESXi since it is not tagged with any vlan I will be able to pass traffic using default vlan 1 untagged interfaces.

 

My DMZ firewall interface on Juniper SRX cluster is not on a vlan so same as above.

 

I cannot use router commands because unfortunetly I use ICX 6430 switch which does not support these commands.

 

I am still in the testing phase. I will post more results as soon as I am finished.

Contributor
Posts: 23
Registered: ‎06-16-2015

Re: Tagged and Untagged

The Brocade ICX 6430 should support the route-only command. Basic routing is included in the base license. If you will have multiple VLANs on the ESXi host I would recommend tagging all VMware traffic VLANs. I would use a separate interface for ESXi management and a separate interface for VMmotion as well (if applicable).

Jacob Bartlett
http://bartlett.network
https://www.linkedin.com/in/jacobbartlett
Occasional Contributor
Posts: 14
Registered: ‎06-19-2013

Re: Tagged and Untagged

The 6430 does not support routing of any kind. You are allowed a management interface IP, and that's it.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook