This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VLAN Tagging Question v.s Untagged Traffic

VLAN Tagging Question v.s Untagged Traffic

Will_Hou
New Contributor

‎08-24-2015 03:09 PM

Hi there,

I am new to Extreme switching ( Enterasys B5k Switch) with my new gig, please help.

Here it's the scope of what issue we are having & what we need to accomplish:

Our switch stack passing through couple vlan tagged traffic ( V10 & V100), but we have a 3rd party threat scanner (physical gear) is not VLAN aware (all vlan tagged traffic are dropped).

We already tried create a port mirror on another switch & passing the traffic through, still not working.

Any suggestions?

Thanks
0 Kudos
10 REPLIES 10

Will_Hou
New Contributor

‎08-31-2015 02:51 PM

Hi Guys,

Thanks again for all the tips. i have found the root cause for our issue - spanning Tree configuration was the one causing the Check Server not able to see the traffic.

Once I put in cisco Switch in the middle as jumper with generic vlan created, everything worked.

Thanks again.

Will
0 Kudos

Paul_Poyant
New Contributor III

‎08-24-2015 06:25 PM

It is likely that you will be able to get this working without resorting to mirroring to a VLAN - which I will state as being "somewhat" unsupported in the conventional sense. Some SecureStack models - including the B5-Series - do support "
code:
VLAN marking of mirrored traffic - Edge only
" which can have the effect of VLAN mirroring.

You may or may not find it to be useful here, noting that a key element is the (optional) VLAN-tagging of mirrored traffic. As desired, configuration guidelines are in Hub Article 10518, "G/C5/C3/B5/B3-Series Considerations for Use of Remote Port Mirroring".
0 Kudos

Will_Hou
New Contributor
In response to Paul_Poyant

‎08-24-2015 06:25 PM

Hi Paul,

Thanks for the awesome tips! I will definitely explore that option with the support. It just troubles me that this wont' work with this simple setup which I could get it done with Cisco very quickly.

thank You
0 Kudos

Kees__Kevin
Extreme Employee

‎08-24-2015 05:47 PM

Hi Will,
If you simply want to egress multiple vlans out a specific port, untagged, it looks like the B5's will let you do that:
set vlan egress 10,100 ge.1.34 untagged

If this doesn't work out, you may be able to mirror the traffic to a vlan and egress that vlan untagged to your threat scanner.

Hope this helps

0 Kudos
GTM-P2G8KFN