Extreme equivalent of trunking

  • 1
  • 1
  • Question
  • Updated 3 weeks ago
  • Answered
I am having difficulty understanding how multiple vlans are transported between extreme switches (not stacked) and how they are physically cabled. With cisco i create two trunk ports directly connected between switches and pass multiple vlans between these switches on the connected trunk ports or lags. How is this physically performed with extreme. What i see in the extreme documentation is tagging, but I find nothing pertaining to how these tags are assembled on a trunk like port and passed amongst switches...
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of David Coglianese

David Coglianese, Embassador

  • 5,944 Points 5k badge 2x thumb
On Extreme you simply add all the vlans you want as tagged on the ports that link the switches, there is no special configuration required.

Just in case:
add vlan20 port 1:53 tagged

Hope that helps
Photo of Paul Thornton

Paul Thornton

  • 1,374 Points 1k badge 2x thumb
This is one of those questions that is both very easy to answer, but also has some devil in the details.

One thing you need to understand that Cisco is very port-centric in terms of config, and Extreme is very VLAN-centric.  This leads sometimes to some confusion as you go from one to the other.  I use both and I slightly prefer the VLAN approach when doing other things (eg: L3 routing) as the VLAN makes a bit more sense as the logical entity to which other things (eg: ports, IP addresses, etc.) are attached.

With an Extreme switch, you create VLANs and then add ports to them, rather than specifying what VLAN(s) should be permitted on a port.

If you add a VLAN untagged to the port, you're making it an access port (or setting the native VLAN if there are multiple other tagged VLANs on the port).  If you add one or more VLANs tagged to a port, then it is effectively a trunk port.

There's no direct concept of just setting a port mode to trunk port and telling it to carry all VLANs.  On an Extreme switch, VLANs must be created and added to the ports in question - this can seem a real pain in the backside but you eventually end up liking it as it stops all manner of problems with loops.  For this reason, STP is disabled by default on an Extreme switch as it isn't really needed.

So if I have three VLANs, 'work', 'guest' and 'wifi' I can do something like this on two switches:

create vlan work tag 10
create vlan guest tag 11
create vlan wifi tag 12
config vlan work add port 1 untagged
config vlan guest add port 2 untagged
config vlan wifi add port 3 untagged
config vlan work add port 24 tagged
config vlan guest add port 24 tagged
config vlan wifi add port 24 tagged

This will make port 24 a trunk port between the switches, and the VLANs mentioned will be on ports 1 2 and 3 (as access / native ports).

If I created a new vlan:
create vlan somethingelse tag 20

and then added it like this
config vlan somethingelse add port 4 untagged
on both switches, it wouldn't appear automatically on the trunk.  You'd need to explicitly add it:
config vlan somethingelse add port 24 tagged

You could also add it untagged on the port:
config vlan somethingelse del port 24
config vlan somethingelse add port 24 untagged

That would make VLAN 'somethingelse' the native VLAN on the trunk, with VLANs 'work', 'guest' and 'wifi' the trunked (tagged) vlans.

You don't need to add 'untagged' to the end of the add port command, it is the default - but I've put it in here for clarity.

Paul.
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Brian,

When a packet egress a tagged port through let's say vlan tag 10 then the ethernet frame is increased by 4 bytes which includes the 802.1a tag/ID 10. The other side port must be also tagged for vlan 10 so it can check the ethernet frame 802.1q value (10 in this case) and then assign the traffic to the correct vlan (vlan 10).

Example:

PC1 port 1 ==== SW1 port 5 ================ port 5 SW2 port 1 ==== PC2

Vlans:

Sw1:                                             Sw2:
vlan_10 tag 10                              vlan_10 tag 10
vlan_20 tag 20                              vlan_20 tag 20
vlan_30 tag 30                              vlan_30 tag 30

Configuration for both switches:

create vlan vlan_10 tag 10
create vlan vlan_20 tag 20
create vlan vlan_30 tag 30

configure vlan vlan_10 add port 5 tagged
configure vlan vlan_20 add port 5 tagged
configure vlan vlan_30 add port 5 tagged

configure vlan vlan_10 add port 1 untagged
configure vlan vlan_20 add port 1 untagged
configure vlan vlan_30 add port 1 untagged

Based on the above example the following is true:
  • When a packet egress Sw1 port 5 through vlan_30, the packet will have 802.1q tagged frame (ID 30) included. When the packet ingress Sw2 port 5 it will read the ethernet frame 802.1q ID 30 and assign vlan_30 to it. When the packet egress port 1 (untagged) it will strip the 802.1q tagged frame (4 bytes) and then PC2 will be able to read the packet
  • Same behavior will happen when the packet egress/ingress from/to the other vlans (10 and 20)
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,372 Points 10k badge 2x thumb
you meant

config vlan vlan_10 add port 5 tagged, etc.

With 16.1 and later, you can also do :

config vlan 10,20,30 add port 5 tagged
Photo of Drew C.

Drew C., Community Manager

  • 36,970 Points 20k badge 2x thumb
Good catch :)
I updated Henrique's post (with his permission).
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
thanks for the speedy replies... it is a different paradigm than what i'm used to...
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
thank you...
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
yes, i've already done those... are there any more like that?
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
or more like that, but in pdf's?
Photo of Drew C.

Drew C., Community Manager

  • 36,778 Points 20k badge 2x thumb
Those are the only ones I'm aware of, but that doesn't mean there isn't more.
If it exists, it should be here: http://www.extremenetworks.com/education
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
most everything else is classroom stuff... there must be some extreme blogs in the wild... i'll go hunting... if you bump into anything please let me know...

thanks a million...
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port.  If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering.  Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to 

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween.  Cisco makes it easy, but it is less secure by default.
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Likewise, on Extreme you create a vlan:

create vlan Classroom102 tag 102
configure Classroom102 add ports 1-48 untagged
configure Classroom102 add ports 52 tagged

Sadly, I don't think there is a faster way to do it with Extreme.  The naming of vlans is cool, but it would be nice to be able to tag multiple vlans on a port at once.

But you get the idea.
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
yeah, i'm coming around to it... i prefer the cisco way, but it is what it is...
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 11,400 Points 10k badge 2x thumb
You may have missed my comment above. With 16.1 and later, you can do :

config vlan 10,20,30 add port 5 tagged
Photo of brian osgoiod

brian osgoiod

  • 170 Points 100 badge 2x thumb
oh not at all, i saw that... i like that a lot better, and thank you...
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Oh thank god!
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb
Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb

This is the test that is done for the communication between vlan's
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,362 Points 20k badge 2x thumb
sorry my fault it's "show port status ge.1.2-3" to see whether the port is admin/operational up

we'd need to bring the VLAN interface in operational state up or it will not work
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb
Hi, I just told you that I could only do pihg between computations only, disable the computer's fireware and that's it. With this it must work without problem.
Photo of Sushruth Sathyamurthy

Sushruth Sathyamurthy, Employee

  • 630 Points 500 badge 2x thumb
Hi Brian,

https://gtacknowledge.extremenetworks.com/articles/How_To/Understanding-EXOS-VLANS-and-tagged-and-un...

This article along with the links in that article should give you some background on how VLANs work with EXOS.
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb
Hi, finally the sw enterasys connects to a sw core cisco, my questions are: Will I have to configure the trunk port of the enterasys differently? How can I change the administration vlan with ip from sw enterasys?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,362 Points 20k badge 2x thumb
To set a switch mgmt IP/VLAN you'd use the following commands...

i.e. for IP 172.25.25.153/24 in VLAN#100

set ip address 172.25.25.153 mask 255.255.255.0 gateway 172.25.25.254
set host vlan 100
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,362 Points 20k badge 2x thumb
Will I have to configure the trunk port of the enterasys differently?
Not sure what you mean, a trunk is a trunk, but sure a Extreme/Enterasys uses different commands then a C.

i.e. Trunk with untagged VLAN#100 and tagged VLAN#200

C:

conf t
int gi1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100,200


EOS:
set port vlan ge.1.24 100 modify-egress
set vlan egress 200 ge.1.24 tagged
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb
I thank you that you are solving my doubts about the sw enterasys. You can also ask about sw and router cisco or you have another page to ask about cisco?
Photo of Omar Trejo

Omar Trejo

  • 150 Points 100 badge 2x thumb
Good afternoon! You can help me, I require a port in trunk mode for the Enterasys sw for a physical server. Note: Enable a port in the sw to communicate with a router and it is pulling without problems.