VSP4000 VLAN tagging

Check that 802.1q encapsulation is enabled on the two ports first -

encapsulation dot1q port 1/1-2

That should do it, otherwise it will behave exactly as it is currently.

Okay, wasn't aware that meant the dot1q encapsulation was on for the port, but reading through this -



it looks like with discard untagged frames disabled, the switch is just going to pass along the untagged traffic to any ports on the same VLAN without tagging it.

It seems to be about SMLT. Can you point the page please?

Page 67, it was the most relevant documentation I could find.

Thanks. You're probably referring to this:

It only means the port would let the untagged ports into the switch and tag it with PVID.

Concern 1: Documentation
---------------------------------------

You can find the procedure for configuring vlans on a port in the documentation


Page 35 - Adding or removing ports in a VLAN



Concern 2: making a "trunk" port _not_ to strip the Default VLAN tag
----------------------------------------------------------------------------------------------------

Whenever you configure a port for trunking / 802.1q you have an option to set a default vlan id on that port. On a tagged port it is expected to receive packets with tag. But whenever you receive a untagged packet on a trunk port we now classify those packets being part of the default vlan id. Switch bridges these packets on the default vlan id path. This is for packets ingressing into a trunk port.

On the egress side again you can send these default vlan id packets as tagged or untagged. By default Avaya switch sends the packets with tag. If you prefer to untag the default vlan id packets then you have to enable the port configuration "UNTAG DEFVLAN"

I have a VSP-4450GSX-PWR+ switch running VSP4000.4.1.0.0.GA software. With default config (UNTAG DEFVLAN - disabled) I am receiving default vlan id packets with tag. Whenever I am enabling the untag default vlan option (UNTAG DEFVLAN - enabled) then switch strips of the vlan tag and sends the packets.


My Topology:
-----------

Laptop1 ---->(1/12) VSP_4K (1/20) ---------> Laptop2

Untagged traffic is sent from Laptop1 and received at Laptop2.

Configurations:
--------------

VSP_4K:1(config)#sho interf gig vlan 1/12,1/20
================================================== ==============================
Port Vlans
================================================== ==============================
PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC
NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS
--------------------------------------------------------------------------------
1/12 enable false false 50 50,150 normal disable P
1/20 enable false false 50 50,150 normal disable P

--------------------------------------------------------------------------------
DYNAMIC VLAN Legend:
P=Protocol enabled.
VSP_4K:1(config)#
VSP_4K:1(config)#interf gig 1/20
VSP_4K:1(config-if)#interf gig 1/20
VSP_4K:1(config-if)#untag-port-default-vlan
VSP_4K:1(config-if)#exit
VSP_4K:1(config)#sho interf gig vlan 1/12,1/20
================================================== ==============================
Port Vlans
================================================== ==============================
PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC
NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS
--------------------------------------------------------------------------------
1/12 enable false false 50 50,150 normal disable P
1/20 enable false false 50 50,150 normal enable P

--------------------------------------------------------------------------------
DYNAMIC VLAN Legend:
P=Protocol enabled.
VSP_4K:1(config)#

*sigh*
I can _NOT_ find an instruction on how to make the port tagged or untagged in this document. The encapsulation dot1q and vlan tagging tagall commands are not even mentioned, that's just ridiculous.




Again, the problem is - the egress port can both untag and not_untag packets from vlan 50 (the default one) even with "UNTAG DEFVLAN" disabled.

Try your setup without changing the default vlan untag settings - that's what I was testing.
Simply add the VLAN 50 to both ports and configure both as trunks.

In my case, the laptops are able to ping each other and ingress/egress traffic is untagged.

I'm still not fully convinced that the switch isn't working exactly as configured. There's nothing in the documentation that says "Untagged traffic received on a tagged port will have an 802.1q tag added to the frame header, then sent to any ports on the corresponding VLAN and will not be untagged as long as UntagDefaultVLAN is disabled on the port it's being sent to." Maybe it doesn't insert an 802.1q tag in the header because it assumes you won't want a tag on an untagged packet? There's nothing in the documentation that says one way or another what exactly it will do to an untagged packet through this process, and since the switch isn't working as you expect it to work it seems very likely that it isn't doing what you think it's going to do.

Filtering untagged frames will cause the ports to behave exactly the way you want them to, and it's well documented as the recommended setup. If you want better documentation then you're going to have to reach out to Avaya (good luck), but I think if you opened a ticket with Avaya they will likely tell you that the device is behaving as expected.

These things are in the standard, that's how he Ethernet bridge works. If it doesn't insert a tag - what's the purpose of PVID anyway? How would you explain these packets appearing in trunks with exactly the VLAN 50 tag?

Avaya is reached, too.

Everyone thanks for reading, the case is closed.

Since the bug that simple can't stay unnoticed by Q&A and would definitely cause serious problems in the real networks, it is obvious the problem was in the setup itself.

I tried to replicate the problem with various routers and switches instead of the laptops, using trunk/access interfaces - FAIL.

Further investigation has shown the laptop NICs (Intel and Broadcom) behave in a weird way - they strip the VLAN tag (any VLAN tag) and move the packet to the higher protocols (IP in our case) instead of dropping the tagged packet.

No wonder they were able to ping each other.

Changing the registry settings for the NIC to keep VLAN tags:

For Intel: The new key (dword), either MonitorMode or MonitorModeEnabled should be placed at: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E972-E325-11CE-BFC1-08002BE10318}\00nn
Where nn is the physical instance of the network port where you want to capture the VLAN tags.

For Broadcom:

1. Search for "TxCoalescingTicks" and ensure this is the only instance that you have.
2. Right-click on the instance number (eg. 0008), add a new string value "PreserveVlanInfoInRxPacket" and give it the value "1".

With those settings enabled, NICs don't remove VLAN tags and consequently don't talk to each other anymore.

That solves the mystery of the tagged interface.


Also, a possibly useful trick found while investigating. There is always a VLAN 0 in the system. Adding a VLAN 0 as a PVID to a trunk would effectively block all the untagged traffic both ingress and egress on this port.