802.1Q trunk configuration
Create 802.1q trunk
Sample Trunk Port Configuration on N-Series
On the DFE product line, there is no automatic adjustment made of vlan egress permissions ('set vlan egress') upon PVID change ('set port vlan'), and no "802.1Q Trunk" mode that can be selected for a port.
Applied to the creation of an 802.1Q Trunk, this means that each of the tagged egress permissions must be manually added to the port, and the default egress permissions must be manually removed.
The following is from a working configuration and demonstrates the concept of creating a 802.1Q Trunk port (here identified as fe.1.1). Only the pertinent sections of the configuration have been replicated here, as a subset of a 'show config' output.# port
set port vlan fe.1.1 100
set vlan create 100,200,300
clear vlan egress 1 fe.1.1
set vlan egress 1 fe.1.1 tagged
set vlan egress 100 fe.1.1 tagged
set vlan egress 200 fe.1.1 tagged
set vlan egress 300 fe.1.1 tagged
- In the # port section; the port's Port Vlan IDentifier assignment is set to 100. Any untagged traffic received will be assigned to vlan 100. If this command were omitted, it would default to vlan 1. The value of the PVID is only relevant if untagged frames are expected to be received on the port (possibly in addition to the tagged frames expected in this example). Note: In order for an SNMP-based Network Management System (e.g. NetSight) to change the port's observed Operational State from "[code]Hybrid[/code]" to "[code]Trunk/Tagged[/code]", totally reject any untagged ingress packets so that the defined PVID will never need to be used: '[code]set port discard[/code] <[code]port#[/code]> [code]untagged[/code]'.
- In the # vlan section; the created vlans have not been explicitly enabled. This is optional, as by default they are enabled upon creation.
- In the # vlan section; fe.1.1 is configured to allow tagged egress of vlans 1, 100, 200, and 300. Default vlan 1 untagged egress has been removed.
- In the # vlan section; the default (tagged, untagged) setting for a port is to send tagged frames. Omission of the 'untagged' keyword results in tagged behavior. Inclusion of the optional 'tagged' keyword has the same result.
- The "show vlan" and "show vlan static" command sets can be useful to get a high-level view of the resulting vlan/port rules.
- If configuring a 802.3ad Link Aggregation Group, you need only reference the logical LAG ID (within the range lag.0.1-48) rather than the physical ports. However, to ensure the same 802.1Q behavior for the physical ports regardless of whether the LAG is in effect, it is good practice to configure both the LAG port and the underlying physical ports (5203).