VSP4000 VLAN tagging

[sbilde]

I'm testing various VLAN modes on VSP400 and have difficulties making a "trunk" port _not_ to strip the Default VLAN tag from outgoing packets.

Testbed:
There is a single VSP4450 rel 4.1 and two laptops with IPs 10.1.1.1/8 and 10.1.1.2/8 connected to 1/1 and 1/2

First surprise is that there is almost nothing on how to configure VLANs on a port in the most recent doc collection or anywhere else.
There seem to be two commands: encapsulation dot1q and vlan tagging tagall to switch between Trunk and Access modes.

Anyway, ports are trunks now, untag default VLAN is disabled.

Code:

VSP-4450GSX-PWR+:1(config)#sh interfaces gigabitEthernet vlan

================================================================================
                                   Port Vlans
================================================================================
PORT          DISCARD DISCARD   DEFAULT VLAN         PORT     UNTAG    DYNAMIC
NUM   TAGGING TAGFRAM UNTAGFRAM VLANID  IDS          TYPE     DEFVLAN  VLANS
--------------------------------------------------------------------------------
1/1   enable  false   false     50      50,150       normal   disable  P
1/2   enable  false   false     50      50,150       normal   disable  P
1/3   disable false   false     1       1            normal   disable  P
1/4   disable false   false     1       1            normal   disable  P
...

There shall be no ping between 1/1 and 1/2 since all the incoming packets are tagged with PVID and all the outgoing packets shall be tagged as well.
Yet the ping continues.
Enabling/disabling untag-port-default-vlan makes no difference.

Assumptions?

[zakabog]

I'm not quite sure what you're doing but if you build a trunk port it's not going to tag the VLANs, you're going to be able to ping between port 1 and port 2 because the VLANs exist on both ports. Are you sure you need trunk ports and not access ports?

[sbilde]

Quote:

Originally Posted by zakabog

if you build a trunk port it's not going to tag the VLANs, you're going to be able to ping between port 1 and port 2 because the VLANs exist on both ports.

Did you mean "Access port"? On trunk port I'm expecting all the outgoing traffic to be tagged - and that' exactly what's not happening.

I keep investigating and it turns out that two ports with identical settings in the same VLAN are able to pass both tagged and untagged packets depending on what kind of host is connected (I have a Laptop and a Cisco3750 as hosts, untagged and tagged correspondingly).

It all looks and works like an AutoPVID feature, only there shall be no AutoPVID on the VSP platform and there is no way to disable it.
Weird.

[zakabog]

I'm sorry, I mant to say it IS going to tag the VLANs but since the VLANs exist on both ports and you're using a subnet that overlaps, there is nothing keeping the two networks from communicating.

[sbilde]

Quote:

Originally Posted by zakabog

I'm sorry, I mant to say it IS going to tag the VLANs but since the VLANs exist on both ports and you're using a subnet that overlaps, there is nothing keeping the two networks from communicating.

Well, a laptop doesn't understand tagged traffic. Therefore if a port sends tagged traffic a laptop won't be able to read it and the ping stops.

[zakabog]

Do you have the VSP set to discard untagged frames on those two ports?

[sbilde]

Quote:

Originally Posted by zakabog

Do you have the VSP set to discard untagged frames on those two ports?

Nope, because they shall not _send_ untagged frames in the first place with this configuration.
It is explicitly configured NOT to untag the default VLAN.

[smanjunath]

Concern 1: Documentation
---------------------------------------

You can find the procedure for configuring vlans on a port in the documentation

https://downloads.avaya.com/css/P8/documents/101007454
Page 35 - Adding or removing ports in a VLAN



Concern 2: making a "trunk" port _not_ to strip the Default VLAN tag
----------------------------------------------------------------------------------------------------

Whenever you configure a port for trunking / 802.1q you have an option to set a default vlan id on that port. On a tagged port it is expected to receive packets with tag. But whenever you receive a untagged packet on a trunk port we now classify those packets being part of the default vlan id. Switch bridges these packets on the default vlan id path. This is for packets ingressing into a trunk port.

On the egress side again you can send these default vlan id packets as tagged or untagged. By default Avaya switch sends the packets with tag. If you prefer to untag the default vlan id packets then you have to enable the port configuration "UNTAG DEFVLAN"

I have a VSP-4450GSX-PWR+ switch running VSP4000.4.1.0.0.GA software. With default config (UNTAG DEFVLAN - disabled) I am receiving default vlan id packets with tag. Whenever I am enabling the untag default vlan option (UNTAG DEFVLAN - enabled) then switch strips of the vlan tag and sends the packets.


My Topology:
-----------

Laptop1 ---->(1/12) VSP_4K (1/20) ---------> Laptop2

Untagged traffic is sent from Laptop1 and received at Laptop2.

Configurations:
--------------

VSP_4K:1(config)#sho interf gig vlan 1/12,1/20
================================================== ==============================
Port Vlans
================================================== ==============================
PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC
NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS
--------------------------------------------------------------------------------
1/12 enable false false 50 50,150 normal disable P
1/20 enable false false 50 50,150 normal disable P

--------------------------------------------------------------------------------
DYNAMIC VLAN Legend:
P=Protocol enabled.
VSP_4K:1(config)#
VSP_4K:1(config)#interf gig 1/20
VSP_4K:1(config-if)#interf gig 1/20
VSP_4K:1(config-if)#untag-port-default-vlan
VSP_4K:1(config-if)#exit
VSP_4K:1(config)#sho interf gig vlan 1/12,1/20
================================================== ==============================
Port Vlans
================================================== ==============================
PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC
NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS
--------------------------------------------------------------------------------
1/12 enable false false 50 50,150 normal disable P
1/20 enable false false 50 50,150 normal enable P

--------------------------------------------------------------------------------
DYNAMIC VLAN Legend:
P=Protocol enabled.
VSP_4K:1(config)#

[sbilde]

Quote:

Originally Posted by smanjunath

Concern 1: Documentation
---------------------------------------

You can find the procedure for configuring vlans on a port in the documentation

https://downloads.avaya.com/css/P8/documents/101007454
Page 35 - Adding or removing ports in a VLAN

*sigh*
I can _NOT_ find an instruction on how to make the port tagged or untagged in this document. The encapsulation dot1q and vlan tagging tagall commands are not even mentioned, that's just ridiculous.

Quote:

Originally Posted by smanjunath

Concern 2: making a "trunk" port _not_ to strip the Default VLAN tag
----------------------------------------------------------------------------------------------------

.....

On the egress side again you can send these default vlan id packets as tagged or untagged. By default Avaya switch sends the packets with tag. If you prefer to untag the default vlan id packets then you have to enable the port configuration "UNTAG DEFVLAN"

Again, the problem is - the egress port can both untag and not_untag packets from vlan 50 (the default one) even with "UNTAG DEFVLAN" disabled.

Try your setup without changing the default vlan untag settings - that's what I was testing.
Simply add the VLAN 50 to both ports and configure both as trunks.

In my case, the laptops are able to ping each other and ingress/egress traffic is untagged.

[zakabog]

I'm still not fully convinced that the switch isn't working exactly as configured. There's nothing in the documentation that says "Untagged traffic received on a tagged port will have an 802.1q tag added to the frame header, then sent to any ports on the corresponding VLAN and will not be untagged as long as UntagDefaultVLAN is disabled on the port it's being sent to." Maybe it doesn't insert an 802.1q tag in the header because it assumes you won't want a tag on an untagged packet? There's nothing in the documentation that says one way or another what exactly it will do to an untagged packet through this process, and since the switch isn't working as you expect it to work it seems very likely that it isn't doing what you think it's going to do.

Filtering untagged frames will cause the ports to behave exactly the way you want them to, and it's well documented as the recommended setup. If you want better documentation then you're going to have to reach out to Avaya (good luck), but I think if you opened a ticket with Avaya they will likely tell you that the device is behaving as expected.