Questions[trunk](server)

Windows Server 2012R2 ,with hyper-v. for hyper-v 's guest os connecting to multi vlan, host 's NIC connect to trunk port on switch hub. but I want set host os with VLAN ID(VLAN 10) ,for with a VLAN 10 IP address.

Just to start off with I am a Cisco guy that got placed into an HP project.

Basic topology overview from outside in:

• ASA 5505 with two Ethernet connections to a 2610 switch.
• This switch is then trunking* to a 2626 switch passing vlan 1 (untagged) and 100 (tagged) between them. (* - the Cisco definition of trunking rather than the HP definition of trunking)
• I created SVIs on each of the switches for both VLANs for testing purposes.

I cannot get vlan 100 to pass across this link. I also have trunks configured to APs connected to the switch and cannot ping the vlan 100 BVI on the APs but can reach the vlan 1 BVI.

• Port 25 on Access layer 2626 physically connects to port A1 of the Distribution layer 2610.
• STP is not running at all on any switch (this is not my network I can't change this nor did I design this)

Distribution Sw 2610:

MP1-0# show run
ip default-gateway 10.100.100.100
vlan 1
name "DATA"
untagged 1-22,24-A1,B1
ip address 10.100.100.6 255.255.255.0
no untagged 23
exit
vlan 100
name "GUEST"
untagged 23
tagged 24-A1
ip address 10.100.102.6 255.255.255.0
exit

Access Sw 2626:

ip default-gateway 10.100.100.100
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 10.100.100.5 255.255.255.0
exit
vlan 100
name "GUEST"
ip address 10.100.102.5 255.255.255.0
tagged 15,25
exitt

From the ASA I can ping the vlan 100 SVI of the 2610 but not the 2626, i.e. it does not seem to be passing the "trunk" traffic

If I plug into an access port vlan 100 of the 2626 I can ping the SVI for vlan 100 as intended. I cannot ping across the "trunk" over vlan 100 but I can across vlan 1.

There may be something obvious I'm missing but please review my configuration and thank you for the assistance.

Suppose you connect a trunk port from a VLAN capable network switch to a (VLAN incapable) consumer-grade network switch via a direct cable. Now the former switch send the later switch a 802.1Q-tagged Ethernet frame. What should the later switch do? Drop the frame? Forward the frame? Undefined behavior?

If the behavior is undefined, what is most probable?

1. How it handles frames with 0x8100 in the EtherType field¹
2. How it handles jumbo frames, or frames with payload larger than 1500 bytes

Wikipedia has a nice diagram comparing an untagged and a tagged Ethernet frame:

There are reports that some consumer-grade switches pass VLAN-tagged frames just fine.

_{¹ or more precisely, where an EtherType field is expected for non-tagged frames}

I appear to have some fundamental misunderstanding of how VLANs work on Linux, and I'm hoping the good people here can educate me.

Cast: One Cisco 3560, one VLAN, and one Linux box [1].

Cisco  ---------------  Linux
    ge0/1           eth0

The Cisco has a Vlan 37 interface, with IP address 10.40.37.252/24. I want to place 10.40.37.1/24 on the Linux box.

When the Cisco de-encapsulates vlan 37, everything works fine [2]:

# Cisco 
interface Vlan37
    ip address 10.40.37.252/24

interface GigabitEthernet 0/1
    switchport mode access
    switchport access vlan 37

# Linux
ip link set eth0 up
ip addr add 10.40.37.1/24 dev eth0

$ ping 10.40.37.252 && echo It works

However, when I set the port to trunking and assign vlan 37 on the Linux side, it stops working:

# Cisco
interface GigabitEthernet 0/1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    ! [3] [4] [7]

# Linux
vconfig add eth0 37
ip link set eth0.37 up
ifconfig eth0 0.0.0.0 up # ensure no address
ip addr add 10.40.37.1/24 dev eth0.37

$ ping 10.40.37.252 || echo Why does this not work

What am I missing here?

Edit: Solutions:

Shane's question about the mac address table led me to a solution: Use "ip addr" to set different unique L2 (MAC) addresses on each of the VLAN sub-interfaces, and it suddenly works.

Another possible solution that I didn't try (because my hardware is too old) is using "ethtool" to disable VLAN offloading by the NIC itself, and forcing the kernel to deal with the tags.

Thank you Shane!

Edit: More info as per comments:

The overall goal is to have three vlans (public, private, oam&p) terminating on three individual IP addresses on the linux box, with different applications binding to the local addresses. I can expand further if necessary, but I'm trying to keep the problem description and discussion simple, since before I can have three vlans working, I kind of need one to be working. :)

Antoine --> ifup versus ifconfig makes no difference.

Pepoluan --> I'm assuming this is what you were looking for. Note the lack of references by phy drivers is apparently normal. [5]

$ lsmod | grep 802
    8021q   25545 1 cxgb3

Handyman -->

$ ifconfig eth0
    eth0  Link encap: Ethernet HWaddr 00:17:08:92:87:22
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 [...]
    TX packets:31932 errors:0 dropped:0 overruns:0 carrier:0 

$ ifconfig eth0.37
    eth0.37 Link encap: Ethernet HWaddr 00:17:08:92:87:22
    UP BROADCAST RUNNING MULTICAST MUT:1500 Metric:1
    RX packets: 0 [...]
    TX packets:32024 errors:90 dropped:0 overruns:0 carrier:0

$ cat /proc/net/vlan/config
    VLAN Dev Name | VLAN ID
    Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
    eth0.37 | 37 | eth0

Chuck --> wireshark and/or tcpdump do not show the tags, but this is apparently a normal limitation on Linux, due to the processing order of vlan handling and pcap in the kernel [6]. Also, the untagged VLAN is set to 1 [7].

[1] I've tried this with both CentOS 5.5 and Ubuntu 11.04, and both have the same issue.

[2] Note the configs are not a cut&paste, so any typos here are simply my bad memory.

[3] "nonegotiate" on or off has no effect on the problem.

[4] Vlan 37 is shown as active & non-pruned on the link, so "allowed" is not the problem.

[5] serverfault: Enabling 8021q on a nic

[6] http://wiki.wireshark.org/CaptureSetup/VLAN#Linux

[7] The native (untagged) VLAN is 1. Manually setting it with "switchport trunk native vlan 1" has no effect.

What are VLANs? What problems do they solve?

I'm helping a friend learn basic networking, as he's just become the sole sysadmin at a small company. I've been pointing him at various questions/answers on Serverfault relating to various networking topics, and noticed a gap - there doesn't appear to be an answer which explains from first principles what VLANs are. In the spirit of How does Subnetting Work, I thought it would be useful to have a question with a canonical answer here.

Some potential topics to cover in an answer:

• What are VLANs?
• What problems were they intended to solve?
• How did things work before VLANs?
• How do VLANs relate to subnets?
• What are SVIs?
• What are trunk ports and access ports?
• What is VTP?

EDIT: to be clear, I already know how VLANs work - I just think that Serverfault should have an answer that covers these questions. Time permitting, I'll be submitting my own answer as well.