Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

"Double" vlan tagging?

  • 1.  "Double" vlan tagging?

    Posted 06-03-2021 12:42
    This is just more of a general networking question. 

    When dealing with VLANS, I've noticed that you can configure a vlan ID setting at the device level (synology storage, VMware host, iDRAC for dell server management) and at the switch interface level (Juniper switch, Cisco switch). When both ends are configured with the same vlan ID, there is NO connections. It seems like the traffic can only be tagged once?

    Can someone elaborate on this a little so I can understand about vlan ID tagging, moreover the "double" vlan tagging issues that I have run into?

    Thanks,


  • 2.  RE: "Double" vlan tagging?

     
    Posted 06-03-2021 20:00
    I'm not following what you mean.  On a given ethernet port for a device like NAS or server there either is a vlan tag or the port is untagged.

    Should a tag be added the same tag does need to be configured on the connected switch port.

    Can you show a sample of a particular "double tag" with Juniper switch on the one side and one of your devices on the other?
    That would help me see what your are experiencing.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: "Double" vlan tagging?

    Posted 06-03-2021 22:27
    I don't have a screenshot to show you. Like I said it's more of a general networking question.

    If I configured a port on a juniper switch be on vlan 100 (ge-0/0/0). At the same time configured a NAS to be on vlan 100 through the NAS's web interface. I then connect the NAS to the port on the switch (ge-0/0/0) that was also configured to be on vlan 100 I won't get a connection. Now, lets say I go into the web interface of the NAS and remove that vlan tagging (vlan 100) because the traffic is being tagged at the switch's port level the traffic begins to flow again.

    This is where I'm coming up with the "double vlan" issue. Both at the switch port level and the device level are configured for vlan 100. 

    I hope this is making since?


  • 4.  RE: "Double" vlan tagging?

     
    Posted 06-04-2021 05:52
    I think I follow now.

    On the Juniper switch being a member of a vlan does not tag the port.  If a port is added to a vlan list the port is untagged in that vlan as an access port.

    Most devices like NAS do not require any port side vlan configuration by default.  They just present that interface also untagged.

    So you place the switch port into the desired vlan and connect the NAS with no other configuration except adding the desired ip address (or leaving it dhcp if supported).  This would be the routine way such devices are connected.

    If the device needs multiple vlans like a VMware server the procedure requires using vlan tags.

    On the server or device you configure all the vlan tags needed.

    On the switch you configure the port into trunk mode and add all the vlans needed by the device as members of that port.  These will then all have matching tags to the ones setup on the server.
    If an untagged management vlan is also in use that vlan id is added on the trunk port using the Native vlan command.

    Overview of access and tagged ports

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB11234

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: "Double" vlan tagging?

    Posted 08-02-2021 19:01
    If the port mode in the switch is set to be an access port, and the NAS sends frames tagged, the switch will drop the frames, and when it receives the frame untagged, it process the frame and forwards it according to the regular L2 forwarding rules. It seems to me that in your case, you are tagging the frames as they are sent towards the switch, and since the port is in access mode, it drops the frames.

    It is the plausible theory and it is probably due to that. You could either not tag the frames as they are sent to the switch access port or change the port in the switch to trunk and allow VLAN 100 (the VLAN set in the NAS).

    Elvin


  • 6.  RE: "Double" vlan tagging?

    Posted 06-04-2021 21:46
    I understand how it typically works by tagging on the switch port side and not the actually NAS device web interface side. My question is why is traffic not flowing when both ends are tagged? Why does this not work when the traffic is being tagged twice (device side and switchport side?

    I'm not sure if I'm explaining this correctly....



  • 7.  RE: "Double" vlan tagging?

     
    Posted 06-05-2021 09:09
    I think you are NOT tagging the Juniper side but configuring the port as an untagged access port.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 8.  RE: "Double" vlan tagging?

    Posted 06-13-2021 18:40
    "double" tagging produces a packet with a different ethertype and an extra 4 byte header. it's a different type of packet. if you aren't explicitly set to generate this packet, you are probably just misconfigured. you can't add another 802.1Q tag to a packet that already has a 0x8100 ethertype. post your interface configurations if you want a better explanation of what is going wrong in your error case.