Header Only - DO NOT REMOVE - Extreme Networks

Extreme equivalent of trunking


I am having difficulty understanding how multiple vlans are transported between extreme switches (not stacked) and how they are physically cabled. With cisco i create two trunk ports directly connected between switches and pass multiple vlans between these switches on the connected trunk ports or lags. How is this physically performed with extreme. What i see in the extreme documentation is tagging, but I find nothing pertaining to how these tags are assembled on a trunk like port and passed amongst switches...

43 replies

On Extreme you simply add all the vlans you want as tagged on the ports that link the switches, there is no special configuration required.

Just in case:
add vlan20 port 1:53 tagged

Hope that helps
Userlevel 3
This is one of those questions that is both very easy to answer, but also has some devil in the details.

One thing you need to understand that Cisco is very port-centric in terms of config, and Extreme is very VLAN-centric. This leads sometimes to some confusion as you go from one to the other. I use both and I slightly prefer the VLAN approach when doing other things (eg: L3 routing) as the VLAN makes a bit more sense as the logical entity to which other things (eg: ports, IP addresses, etc.) are attached.

With an Extreme switch, you create VLANs and then add ports to them, rather than specifying what VLAN(s) should be permitted on a port.

If you add a VLAN untagged to the port, you're making it an access port (or setting the native VLAN if there are multiple other tagged VLANs on the port). If you add one or more VLANs tagged to a port, then it is effectively a trunk port.

There's no direct concept of just setting a port mode to trunk port and telling it to carry all VLANs. On an Extreme switch, VLANs must be created and added to the ports in question - this can seem a real pain in the backside but you eventually end up liking it as it stops all manner of problems with loops. For this reason, STP is disabled by default on an Extreme switch as it isn't really needed.

So if I have three VLANs, 'work', 'guest' and 'wifi' I can do something like this on two switches:

create vlan work tag 10
create vlan guest tag 11
create vlan wifi tag 12
config vlan work add port 1 untagged
config vlan guest add port 2 untagged
config vlan wifi add port 3 untagged
config vlan work add port 24 tagged
config vlan guest add port 24 tagged
config vlan wifi add port 24 tagged

This will make port 24 a trunk port between the switches, and the VLANs mentioned will be on ports 1 2 and 3 (as access / native ports).

If I created a new vlan:
create vlan somethingelse tag 20

and then added it like this
config vlan somethingelse add port 4 untagged
on both switches, it wouldn't appear automatically on the trunk. You'd need to explicitly add it:
config vlan somethingelse add port 24 tagged

You could also add it untagged on the port:
config vlan somethingelse del port 24
config vlan somethingelse add port 24 untagged

That would make VLAN 'somethingelse' the native VLAN on the trunk, with VLANs 'work', 'guest' and 'wifi' the trunked (tagged) vlans.

You don't need to add 'untagged' to the end of the add port command, it is the default - but I've put it in here for clarity.

Paul.
Userlevel 6
Hi Brian,

When a packet egress a tagged port through let's say vlan tag 10 then the ethernet frame is increased by 4 bytes which includes the 802.1a tag/ID 10. The other side port must be also tagged for vlan 10 so it can check the ethernet frame 802.1q value (10 in this case) and then assign the traffic to the correct vlan (vlan 10).

Example:

PC1 port 1 ==== SW1 port 5 ================ port 5 SW2 port 1 ==== PC2

Vlans:

Sw1: Sw2:
vlan_10 tag 10 vlan_10 tag 10
vlan_20 tag 20 vlan_20 tag 20
vlan_30 tag 30 vlan_30 tag 30

Configuration for both switches:

create vlan vlan_10 tag 10
create vlan vlan_20 tag 20
create vlan vlan_30 tag 30

configure vlan vlan_10 add port 5 tagged
configure vlan vlan_20 add port 5 tagged
configure vlan vlan_30 add port 5 tagged

configure vlan vlan_10 add port 1 untagged
configure vlan vlan_20 add port 1 untagged
configure vlan vlan_30 add port 1 untagged

Based on the above example the following is true:
  • When a packet egress Sw1 port 5 through vlan_30, the packet will have 802.1q tagged frame (ID 30) included. When the packet ingress Sw2 port 5 it will read the ethernet frame 802.1q ID 30 and assign vlan_30 to it. When the packet egress port 1 (untagged) it will strip the 802.1q tagged frame (4 bytes) and then PC2 will be able to read the packet
  • Same behavior will happen when the packet egress/ingress from/to the other vlans (10 and 20)
Userlevel 7
Henrique wrote:

Hi Brian,

When a packet egress a tagged port through let's say vlan tag 10 then the ethernet frame is increased by 4 bytes which includes the 802.1a tag/ID 10. The other side port must be also tagged for vlan 10 so it can check the ethernet frame 802.1q value (10 in this case) and then assign the traffic to the correct vlan (vlan 10).

Example:

PC1 port 1 ==== SW1 port 5 ================ port 5 SW2 port 1 ==== PC2

Vlans:

Sw1: Sw2:
vlan_10 tag 10 vlan_10 tag 10
vlan_20 tag 20 vlan_20 tag 20
vlan_30 tag 30 vlan_30 tag 30

Configuration for both switches:

create vlan vlan_10 tag 10
create vlan vlan_20 tag 20
create vlan vlan_30 tag 30

configure vlan vlan_10 add port 5 tagged
configure vlan vlan_20 add port 5 tagged
configure vlan vlan_30 add port 5 tagged

configure vlan vlan_10 add port 1 untagged
configure vlan vlan_20 add port 1 untagged
configure vlan vlan_30 add port 1 untagged

Based on the above example the following is true:

  • When a packet egress Sw1 port 5 through vlan_30, the packet will have 802.1q tagged frame (ID 30) included. When the packet ingress Sw2 port 5 it will read the ethernet frame 802.1q ID 30 and assign vlan_30 to it. When the packet egress port 1 (untagged) it will strip the 802.1q tagged frame (4 bytes) and then PC2 will be able to read the packet
  • Same behavior will happen when the packet egress/ingress from/to the other vlans (10 and 20)

you meant

config vlan vlan_10 add port 5 tagged, etc.

With 16.1 and later, you can also do :

config vlan 10,20,30 add port 5 tagged
Userlevel 7
Henrique wrote:

Hi Brian,

When a packet egress a tagged port through let's say vlan tag 10 then the ethernet frame is increased by 4 bytes which includes the 802.1a tag/ID 10. The other side port must be also tagged for vlan 10 so it can check the ethernet frame 802.1q value (10 in this case) and then assign the traffic to the correct vlan (vlan 10).

Example:

PC1 port 1 ==== SW1 port 5 ================ port 5 SW2 port 1 ==== PC2

Vlans:

Sw1: Sw2:
vlan_10 tag 10 vlan_10 tag 10
vlan_20 tag 20 vlan_20 tag 20
vlan_30 tag 30 vlan_30 tag 30

Configuration for both switches:

create vlan vlan_10 tag 10
create vlan vlan_20 tag 20
create vlan vlan_30 tag 30

configure vlan vlan_10 add port 5 tagged
configure vlan vlan_20 add port 5 tagged
configure vlan vlan_30 add port 5 tagged

configure vlan vlan_10 add port 1 untagged
configure vlan vlan_20 add port 1 untagged
configure vlan vlan_30 add port 1 untagged

Based on the above example the following is true:

  • When a packet egress Sw1 port 5 through vlan_30, the packet will have 802.1q tagged frame (ID 30) included. When the packet ingress Sw2 port 5 it will read the ethernet frame 802.1q ID 30 and assign vlan_30 to it. When the packet egress port 1 (untagged) it will strip the 802.1q tagged frame (4 bytes) and then PC2 will be able to read the packet
  • Same behavior will happen when the packet egress/ingress from/to the other vlans (10 and 20)

Good catch 🙂
I updated Henrique's post (with his permission).
thanks for the speedy replies... it is a different paradigm than what i'm used to...
Userlevel 7
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

Brian, you may want to take a look at the EXOS Quick Guide.
There's also an "EXOS Cheat Sheet" that someone has put together.
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

yes, i just finished reading the quick guide.. i'll take a look at the cheat sheet...also looking at the user guide which the quick guide references as most useful... any other suggested reading sources are welcome... thank you
Userlevel 7
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

Here's a thread that you may find helpful: Extreme Networks Self-Paced Training
Also, welcome to The Hub!
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

thank you...
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

yes, i've already done those... are there any more like that?
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

or more like that, but in pdf's?
Userlevel 7
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

Those are the only ones I'm aware of, but that doesn't mean there isn't more.
If it exists, it should be here: http://www.extremenetworks.com/education
brian osgoiod wrote:

thanks for the speedy replies... it is a different paradigm than what i'm used to...

most everything else is classroom stuff... there must be some extreme blogs in the wild... i'll go hunting... if you bump into anything please let me know...

thanks a million...
The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.
Jeremy Gibbs wrote:

The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.

Likewise, on Extreme you create a vlan:

create vlan Classroom102 tag 102
configure Classroom102 add ports 1-48 untagged
configure Classroom102 add ports 52 tagged

Sadly, I don't think there is a faster way to do it with Extreme. The naming of vlans is cool, but it would be nice to be able to tag multiple vlans on a port at once.

But you get the idea.
Jeremy Gibbs wrote:

The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.

yeah, i'm coming around to it... i prefer the cisco way, but it is what it is...
Userlevel 7
Jeremy Gibbs wrote:

The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.

You may have missed my comment above. With 16.1 and later, you can do :

config vlan 10,20,30 add port 5 tagged
Jeremy Gibbs wrote:

The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.

oh not at all, i saw that... i like that a lot better, and thank you...
Jeremy Gibbs wrote:

The way cisco does it is, you set a port as a trunk and ALL vlans will egress that trunk port. If you want to restrict the vlans that egress that trunk, you explicitly deny that to pass through the trunk with filtering. Extreme / Enterasys and most everyone else... you simply just add each vlan to the port by tagging it.

So for enterasys:

set vlan egree 2,3,4,5,6,7,8,9,10 ge.1.1 tagged

That would be similar to

switchport encap dot1q
switchport mode trunk

On the cisco side, I would have to chop off vlan 4 and 5 from being egressed if I didn't want them to go over the trunk, everyone else you just simply don't include those vlans when tagging them on the port.

That being said, you need to be sure to tag the vlans on the uplinks and everyone inbetween. Cisco makes it easy, but it is less secure by default.

Oh thank god!
Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you
Userlevel 7
Omar Trejo wrote:


Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you

what switch model is it?
Omar Trejo wrote:


Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you

the model is Enterasys B3G124-48
Userlevel 7
Omar Trejo wrote:


Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you

could you please provide the output of "show vlan portinfo port ge.1.x" for both of the ports with the clients connected.
Omar Trejo wrote:


Hi. I am configuring an enterasys sw and I have a communication problem between computers. create a vlan 10 with ip 10.10.1.1 and mask 255.255.2355.0, the vlan I put it to two ports of the sw and I have 254 ip to make tests with computers, to 2 computers I put ip's of that segement, the test that I do it with a ping but it tells me that the host is unreachable. Could you please help me. Thank you

Ok,

Reply