Extreme Networks

Jasp80 · ‎04-17-2023

Hi

I’m a little rusty on tagging so just after some thoughts from esteemed members.

Setting up a firewall with sub-interfaces so only one connection from switch to FW interface. Default route is configured on the switch.

However the setup I have is not working. The port connection to the FW has all vlans tagged and I’ve matched the vLAN ids to the relevant sub-interfaces on the FW but they seem to be ignored. I can see the traffic is coming out of the wrong sub-interface on the FIrewall, like the tagging is not taking affect. So for example, traffic from vLAN 20 is not matching the right sub-interface on the FW and coming out on the FW management vLAN.

The ports on the switch that the devices are plugged into has the relevant vLAN assigned but the ports are untagged. Would it need the ports connected to the devices to be tagged, I thought only the uplink to the FW would need the vlans tagging.

Hope that makes sense.

thanks

AdrianO · ‎04-28-2023

Make sure that the subinterface has a layer 3 address and so there is a route. The subinterface should be added to the relevant VR on in the fw.

OscarK · ‎04-18-2023

Are you sure sub interfaces on the firewall is using tagging ?

To me it seems the firewall is not doing tagging and every packet is untagged.

Jasp80 · ‎04-18-2023

Hi

Yes, when you create the sub-interface you have to type the vlan id, you can’t proceed without it. Then in the monitoring you can see what interface the traffic is leaving on, the traffic just does not switch. I’m a bit stumped.

Extreme Networks

Question on vLAN tagging

Question on vLAN tagging