Need 2 untagged vlans on one port.


I have an wireless access point that has 2 different VLANs. One for secured wireless and one for public. In setting this up, I need to configure an port that will allow 2 untagged VLANs on one port. On my 3com switch, I did this with using an hybrid port. I have not been able to configure this using my extreme network switch which is an X440-48t. Any suggestions???

7 replies

Userlevel 7
Hi Sandra,

I don't think that you can have more then one untagged VLAN on a port on a ETS/Extreme switch.

What type of AP is used in your deployment, could you tag one of the SSIDs so you'd use a standard trunk port configuration.

Kind regards,
Ron
Userlevel 6
Hey Sandra

From my understanding a hybrid port is simply an uplink port. The standard is very clear that you can have only one untagged port on a VLAN using 802.1Q. On the Extreme side the way we would allow two VLANs on the same port is either tagging one VLAN (802.1Q) or by using protocol based VLANs. Protocol based VLANs allows for the switch port to determine which VLAN the traffic is destined for by protocol type only.

Having two VLANs both untagged with no protocol match is not supported. In addition I don't see the reason as the two end nodes, the AP and the Switch, would have no way to determine if a packet is for the private or public VLAN.

I am curious how the AP is allowing the two VLANs to go out the Ethernet without tagging one of them

I hope that helps
P
I have a different application that requires two untagged vlans on a single port.

I have an IP phone with a pass thru connector to a PC. On my cisco device I have two vlans assigned on the physical port the phone connect to. And this functions well. You mean that Extreem Doesn't support this. Oh my... This will put you in the back seat when sites start to reduce the number of ports at the desktop...

Michael
Userlevel 7
Michael Geliche wrote:

I have a different application that requires two untagged vlans on a single port.

I have an IP phone with a pass thru connector to a PC. On my cisco device I have two vlans assigned on the physical port the phone connect to. And this functions well. You mean that Extreem Doesn't support this. Oh my... This will put you in the back seat when sites start to reduce the number of ports at the desktop...

Michael

Usually, the IP Phone is on a tagged vlan, and the desktop is untagged. In this very common and standard deployment scenario, you can have any number of vlans on a given port.
Userlevel 7
You can set mac-based vlan to allow several untagged vlans on a port. Traffic will be segregated based on the mac address.
Userlevel 4
Another customer I am working with is using 2 products on a SecureStack and uses option 156 for the phone and only 1 vlan on the port (VLAN 1).
It is working during slow times but it may be causing an issue when heavy traffic is involved.
Jason
Userlevel 4
Please note:
I was looking at a number of sites for feedback and this was one:
While it is possible to have more than one untagged VLAN on a port, this is typically not done. It's easy for a switch to egress multiple VLANs untagged, it would not know what to do with the ingress traffic as the VLAN it originated from would be indeterminable. Tagging traffic is how you tell devices on the other end which VLAN the traffic should belong to. When traffic is untagged a non VLAN-aware device such as a PC will typically default to the native VLAN. You are correct that a VLAN-aware device such as the SG200-08 will need additional configuration. Any ports on the switch you wish to use for specific VLAN traffic must be tagged for those VLANs. This document from the Cisco Small Business Knowledge Base may be of use to you in configuring this.

http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=67844b99e2da4a7f88db0c588197487d_Creating_VLANs_on_Cisco_Managed_Switches.xml&pid=2&converted=0

The option that was provided by Stephanie was a another option for you to give it a try. I will 🙂

Reply