- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
VLAN noob need assistance - please explain tagged, untagged, trunks, etc
Posted on 2/19/15 at 9:59 am
Posted on 2/19/15 at 9:59 am
I haven't messed with VLANs, I understand the basic concept but all the terminology is a little confusing.
Let's say to simplify my setup that I have a couple of VLAN switches (Procurves in this case if it matters).
What we want to do is have 3 VLANs. One for the main corporate network, a second for guests, and a 3rd for the phone system. The 3rd (phone system) needs to be able to talk to both of the other VLANs.
So, what is the idea here? What ports should be untagged members, which should be tagged members, which should be trunks, etc.
We don't want to have to configure any of the PCs or phones to tag their own traffic with the VLANs, we'd prefer the switch to tag the traffic as a VLAN based on which port the devices are plugged into. Is this possible or does this need to be planned out differently?
Let's say to simplify my setup that I have a couple of VLAN switches (Procurves in this case if it matters).
What we want to do is have 3 VLANs. One for the main corporate network, a second for guests, and a 3rd for the phone system. The 3rd (phone system) needs to be able to talk to both of the other VLANs.
So, what is the idea here? What ports should be untagged members, which should be tagged members, which should be trunks, etc.
We don't want to have to configure any of the PCs or phones to tag their own traffic with the VLANs, we'd prefer the switch to tag the traffic as a VLAN based on which port the devices are plugged into. Is this possible or does this need to be planned out differently?
2
Posted on 2/19/15 at 11:16 am to Casty McBoozer
Yes, that's possible. You should really hire someone to do that for you.
Posted on 2/19/15 at 11:26 am to Casty McBoozer
I'm not really familiar with Procurves, but here is a general overview of VLANs and how you should set up switches for them. Vernacular among switch manufacturers sometimes changes and makes it more confusing than it is.
Tagging:
"Tagging" traffic means that at layer 2, part of the encapsulation process is wrapping the traffic with a VLAN identifier.
"Untagged" traffic means no VLAN has been specified prior to arriving at the switch. Switches, by default, will dump this traffic in VLAN 1. Not very secure, but it works.
Trunk ports:
Trunk ports accept traffic that is already tagged with a VLAN. IP Phones can tag their PC port and Switch port with VLANs. You can either just set a trunk port to accept all tagged traffic (default, but not recommended imo), or specify which VLANs you want to allow. If you're tagging at the phones, then you need to have your switch port configured as a trunk port and accepting the proper VLANs (or all VLANs.. again, not recommended).
There's also the option to set your trunk port to tag any untagged traffic with a specified VLAN. On Cisco devices, it's known as a "native VLAN". Most devices use the same vernacular, but Brocade switches call it "dual-mode"ing a port. This is great for devices that need to boot up in one VLAN but traffic passes over other VLANs, such as access points and IP phones that have computers that plug into their PC port.
Access ports:
Access ports will accept untagged traffic and tag it with whatever VLAN you specify.
So, if you're using separate physical ports for all 3 VLANs, then all you need are access ports that specify which VLAN you want the switch to tag. You then need trunk ports between switches to pass the tagged traffic to wherever it needs to go.
If you're plugging computers into the phones and the phones have the capability to tag the PC port, then you need trunk ports on the interfaces that connect to phones.
Side note: Again, I'm not familiar with ProCurves. If they use STP (Spanning Tree Protocol), I recommend turning it off on ports that connect to end devices. It can causes weird, wonky problems sometimes. The Cisco command is "spanning-tree portfast" on the interface.
If you'd like to go into further detail about what you're doing and let me make some recommendations, email me. hulkkontd@gmail.com
Tagging:
"Tagging" traffic means that at layer 2, part of the encapsulation process is wrapping the traffic with a VLAN identifier.
"Untagged" traffic means no VLAN has been specified prior to arriving at the switch. Switches, by default, will dump this traffic in VLAN 1. Not very secure, but it works.
Trunk ports:
Trunk ports accept traffic that is already tagged with a VLAN. IP Phones can tag their PC port and Switch port with VLANs. You can either just set a trunk port to accept all tagged traffic (default, but not recommended imo), or specify which VLANs you want to allow. If you're tagging at the phones, then you need to have your switch port configured as a trunk port and accepting the proper VLANs (or all VLANs.. again, not recommended).
There's also the option to set your trunk port to tag any untagged traffic with a specified VLAN. On Cisco devices, it's known as a "native VLAN". Most devices use the same vernacular, but Brocade switches call it "dual-mode"ing a port. This is great for devices that need to boot up in one VLAN but traffic passes over other VLANs, such as access points and IP phones that have computers that plug into their PC port.
Access ports:
Access ports will accept untagged traffic and tag it with whatever VLAN you specify.
So, if you're using separate physical ports for all 3 VLANs, then all you need are access ports that specify which VLAN you want the switch to tag. You then need trunk ports between switches to pass the tagged traffic to wherever it needs to go.
If you're plugging computers into the phones and the phones have the capability to tag the PC port, then you need trunk ports on the interfaces that connect to phones.
Side note: Again, I'm not familiar with ProCurves. If they use STP (Spanning Tree Protocol), I recommend turning it off on ports that connect to end devices. It can causes weird, wonky problems sometimes. The Cisco command is "spanning-tree portfast" on the interface.
If you'd like to go into further detail about what you're doing and let me make some recommendations, email me. hulkkontd@gmail.com
This post was edited on 2/19/15 at 11:38 am
Posted on 2/19/15 at 12:05 pm to Hulkklogan
One problem here is that Cisco and HP use these terms VERY differently.
For HP, a "Tagged" port is generally the same as a "Trunk" port on a Cisco device. Also, a "Trunk" port on an HP is simillar to a "Port-Channel" on a Cisco device. So you need to be careful when using these terms as it can mean very different things depending on the vendor.
Check out this article and see if it helps with your understanding of the different terms and what they mean for different vendors.
Cisco vs. HP
ETA:
HP Quick Refrence:
Untagged members will likely be your access ports where your host are connected.
Tagged ports will be your inter-switch connections most likely using 802.1Q encapsulation.
Trunk Ports will be some type of link aggregation (virtual interface consisting of multiple physical interfaces typically using LACP as the negotiation protocol.).
For HP, a "Tagged" port is generally the same as a "Trunk" port on a Cisco device. Also, a "Trunk" port on an HP is simillar to a "Port-Channel" on a Cisco device. So you need to be careful when using these terms as it can mean very different things depending on the vendor.
Check out this article and see if it helps with your understanding of the different terms and what they mean for different vendors.
Cisco vs. HP
ETA:
HP Quick Refrence:
Untagged members will likely be your access ports where your host are connected.
Tagged ports will be your inter-switch connections most likely using 802.1Q encapsulation.
Trunk Ports will be some type of link aggregation (virtual interface consisting of multiple physical interfaces typically using LACP as the negotiation protocol.).
This post was edited on 2/19/15 at 12:10 pm
Posted on 2/19/15 at 1:26 pm to LSUDropout
Yeah I was worried about that.
I know Cisco, Juniper, Adtran, and Brocade. I have no experience outside of those brands.
I know Cisco, Juniper, Adtran, and Brocade. I have no experience outside of those brands.
Posted on 2/19/15 at 1:42 pm to Hulkklogan
Yeah, I've actually never logged into a HP switch before (I'm almost ALL Cisco), but I've had to learn the difference in lingo over the years from trying to help friends/customers with configuration on their HP gear.
To the OP, it sounds like what you're trying to do can certainly be done, but will require a bit of planning. Also, keep in mind, once you move to the VLAN setup, if you want traffic to pass between the VLANS you'll need some mechanism to route between them.
To the OP, it sounds like what you're trying to do can certainly be done, but will require a bit of planning. Also, keep in mind, once you move to the VLAN setup, if you want traffic to pass between the VLANS you'll need some mechanism to route between them.
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News