Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 5
Registered: ‎01-10-2014

VLANs over fiber and FastIrons. Can someone help me out?

[ Edited ]

What I need is: 2 VLANs across Foundry FastIrons, traversing Fiber. Default VLAN would run administrative traffic and VLAN 02, would run guest traffic.

SO, I setup VLAN02 successfully on a FWS624, with an internet connection, DHCP, and firewall. I'm able to plug into the same switch on a port designated for VLAN 02 and successfully connect to the internet, and not able to see my main network.

I am able to successfully tag ports on VLAN 02.  

 

What I cannot do, is get VLAN02 on switch1 to talk to VLAN02 on switch2.  I think this is because I need to configure VLAN02 to traverse over the fiber port... but I'm not sure exactly how to do this?  The fiber port is on DEFAULT VLAN.  This is because all other ports on the switch are also part of DEFAULT VLAN, and its really just a few ports that I want to make a part of VLAN 02.

 

What am I missing??

 

Thanks, Irene

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: VLANs over fiber and FastIrons. Can someone help me out?

Hi Irene,

  You are on the right track, you need to setup VLAN 2 on the second switch as a tagged port on VLAN2.  Also will need to setup the few untagged ports that you want in VLAN2.

 

like;

switch(config)#vlan 2

switch(config-vlan-2)#tag ether 0/24

switch(config-vlan-2)#untag ether 0/1 to 0/5

 

Thanks

Michael.

Thanks
Michael
Occasional Contributor
Posts: 5
Registered: ‎01-10-2014

Re: VLANs over fiber and FastIrons. Can someone help me out?


mschipp@gmail.com wrote:

Hi Irene,

  You are on the right track, you need to setup VLAN 2 on the second switch as a tagged port on VLAN2.  Also will need to setup the few untagged ports that you want in VLAN2.

 

like;

switch(config)#vlan 2

switch(config-vlan-2)#tag ether 0/24

switch(config-vlan-2)#untag ether 0/1 to 0/5

 

Thanks

Michael.


Thank you for your answer - I will try this.  Would you be so kind as to explain why this is the correct configuration?  I was under the impression that the tagging the port tagged the packet with the VLAN information?  I think this might be where my understanding is incorrect.

 

Thank you for your patience, Irene

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: VLANs over fiber and FastIrons. Can someone help me out?

You are correct Irene, tagging the interface addes the VLAN tag or field to the pactiing, but this must be done on both side of the link/s that carries the VLAN.  If on one side only, then the reciving port will drop the frame as with no tagging on that VLAN it assuemes the traffic is not for anthing on that switch.

Thanks
Michael
Occasional Contributor
Posts: 5
Registered: ‎01-10-2014

Re: VLANs over fiber and FastIrons. Can someone help me out?

[ Edited ]

mschipp@gmail.com wrote:

You are correct Irene, tagging the interface addes the VLAN tag or field to the pactiing, but this must be done on both side of the link/s that carries the VLAN.  If on one side only, then the reciving port will drop the frame as with no tagging on that VLAN it assuemes the traffic is not for anthing on that switch.


OK - one more question if you don't mind - So the fiber port that talks between switches, it should be both a member of VLAN 1 and VLAN 2 ?  

 

 Also, why would I include untagged ports?  There are a total of 5 switches spread across fiber, VLAN 1 going to its own DHCP/storage/AD network, and VLAN 2 going to its own DHCP/wireless guest network... all ports (or connections) that need to traverse the fiber between switches need to be tagged... correct?

Frequent Contributor
Posts: 105
Registered: ‎07-12-2011

Re: VLANs over fiber and FastIrons. Can someone help me out?

I would typically avoid using the default VLAN for anything, too easy to bring a port up accidentally and loop something or cause a disruption. And VLAN 1 is often the native or default VLAN, this can cause headaches with cross-vendor implementations of Spanning-Tree

 

You would use untagged ports typically for access ports, meaning PC's or Servers. You can tag the port and then set a tag up on the device itself depending on it's capabilities.

 

If you are running multiple VLAN's over an interface, the port needs to be tagged so traffic is properly switched.

 

If just one vlan on an interface, you can leave the interfaces untagged in the desired VLAN, but I would suggest tagging anyway in case you need to add in the future.

Occasional Contributor
Posts: 5
Registered: ‎01-10-2014

Re: VLANs over fiber and FastIrons. Can someone help me out?


john.liehr wrote:

I would typically avoid using the default VLAN for anything, too easy to bring a port up accidentally and loop something or cause a disruption. And VLAN 1 is often the native or default VLAN, this can cause headaches with cross-vendor implementations of Spanning-Tree

 

You would use untagged ports typically for access ports, meaning PC's or Servers. You can tag the port and then set a tag up on the device itself depending on it's capabilities.

 

If you are running multiple VLAN's over an interface, the port needs to be tagged so traffic is properly switched.

 

If just one vlan on an interface, you can leave the interfaces untagged in the desired VLAN, but I would suggest tagging anyway in case you need to add in the future.


OK so I'm understanding correctly.  

 

The fiber port hosting multiple VLAN traffic between switches needs to be a member of both ADMIN VLAN and GUEST VLAN.  It also needs to be tagged.

 

Ports that are connected devices in the VLAN do not need to be tagged.  These ports will know to use the tagged port for communication between switches.

 

THANKS!

Occasional Contributor
Posts: 15
Registered: ‎06-27-2014

Re: VLANs over fiber and FastIrons. Can someone help me out?

Coming from Cisco background, it took me a while to understand "tagged" and "untagged". In layman's terms, that's how I prefer to define "tagged" and "untagged" ports.

 

tagged: A device that is capable of including the tag information in the frame, which is being sent to the switch, then that port on the switch needs to be defined as "tagged" in Brocade. For example, IP Phones are capable of including VLAN tag.

 

untagged: A device that CANNOT include the tag information in frame, then that port on switch needs to be defined as "untagged". A port can support only one "untagged" VLAN. Think of it in terms of ingress. If there are multiple "untagged" VLANs on single port, then to which VLAN should the switch put the data on?

 

dual-mode: In this case, a port can accept both tagged and untagged data and on different VLANs as well.

 

Additionally, in case of uplink ports between two switches, both ports should either be "tagged" in same VLANs or both uplink ports should be "untagged" (and untagging can be of different VLANs) too.

 

Regards

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook