Junos OS

Expand all | Collapse all

"Double" vlan tagging?

  • 1.  "Double" vlan tagging?

    Posted 20 days ago
    This is just more of a general networking question. 

    When dealing with VLANS, I've noticed that you can configure a vlan ID setting at the device level (synology storage, VMware host, iDRAC for dell server management) and at the switch interface level (Juniper switch, Cisco switch). When both ends are configured with the same vlan ID, there is NO connections. It seems like the traffic can only be tagged once?

    Can someone elaborate on this a little so I can understand about vlan ID tagging, moreover the "double" vlan tagging issues that I have run into?

    Thanks,


  • 2.  RE: "Double" vlan tagging?

     
    Posted 20 days ago
    I'm not following what you mean.  On a given ethernet port for a device like NAS or server there either is a vlan tag or the port is untagged.

    Should a tag be added the same tag does need to be configured on the connected switch port.

    Can you show a sample of a particular "double tag" with Juniper switch on the one side and one of your devices on the other?
    That would help me see what your are experiencing.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: "Double" vlan tagging?

    Posted 20 days ago
    I don't have a screenshot to show you. Like I said it's more of a general networking question.

    If I configured a port on a juniper switch be on vlan 100 (ge-0/0/0). At the same time configured a NAS to be on vlan 100 through the NAS's web interface. I then connect the NAS to the port on the switch (ge-0/0/0) that was also configured to be on vlan 100 I won't get a connection. Now, lets say I go into the web interface of the NAS and remove that vlan tagging (vlan 100) because the traffic is being tagged at the switch's port level the traffic begins to flow again.

    This is where I'm coming up with the "double vlan" issue. Both at the switch port level and the device level are configured for vlan 100. 

    I hope this is making since?


  • 4.  RE: "Double" vlan tagging?

     
    Posted 20 days ago
    I think I follow now.

    On the Juniper switch being a member of a vlan does not tag the port.  If a port is added to a vlan list the port is untagged in that vlan as an access port.

    Most devices like NAS do not require any port side vlan configuration by default.  They just present that interface also untagged.

    So you place the switch port into the desired vlan and connect the NAS with no other configuration except adding the desired ip address (or leaving it dhcp if supported).  This would be the routine way such devices are connected.

    If the device needs multiple vlans like a VMware server the procedure requires using vlan tags.

    On the server or device you configure all the vlan tags needed.

    On the switch you configure the port into trunk mode and add all the vlans needed by the device as members of that port.  These will then all have matching tags to the ones setup on the server.
    If an untagged management vlan is also in use that vlan id is added on the trunk port using the Native vlan command.

    Overview of access and tagged ports

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB11234

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: "Double" vlan tagging?

    Posted 19 days ago
    I understand how it typically works by tagging on the switch port side and not the actually NAS device web interface side. My question is why is traffic not flowing when both ends are tagged? Why does this not work when the traffic is being tagged twice (device side and switchport side?

    I'm not sure if I'm explaining this correctly....



  • 6.  RE: "Double" vlan tagging?

     
    Posted 18 days ago
    I think you are NOT tagging the Juniper side but configuring the port as an untagged access port.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 7.  RE: "Double" vlan tagging?

    Posted 10 days ago
    "double" tagging produces a packet with a different ethertype and an extra 4 byte header. it's a different type of packet. if you aren't explicitly set to generate this packet, you are probably just misconfigured. you can't add another 802.1Q tag to a packet that already has a 0x8100 ethertype. post your interface configurations if you want a better explanation of what is going wrong in your error case.