Comware

Hi Everyone

At the "Core" layer 2/3 switch, are uplink ports placed in their own 'untagged' port so they have their own IP range?

E.G. below are switch config for the Core Switch (located on Floor8  which has an uplink to a switch on Floor 9.

The floor 9 switch then connects to another switch on Floor 9 to accomodate more PCs, laptops etc.

See below, clarification would be greatly appreciated.

"Core" Layer2/3 Switch
hostname "Floor8-1"
ip route 0.0.0.0 0.0.0.0 <gateway IP>
ip routing

interface 46
name "Floor-8:46 uplink to Floor-9:48"
exit

interface 48
name "Floor-8 link to WAN Gateway"
exit

vlan 1
name "DEFAULT_VLAN"
no untagged 1-48
no ip address
exit

vlan 18
name "Data Floor 8"
untagged 1-45
ip address x.x.x.x 255.255.255.0
ip helper-address <DHCP Server>
exit

vlan 19
name "Data Floor 9"
untagged 46
ip address x.x.x.x 255.255.255.0
ip helper-address <DHCP Server>
exit

vlan 30
name "Voice"
tagged 1-47
ip address x.x.x.x 255.255.255.0
ip helper-address <DHCP Server>
qos priority 5
voice
exit
loop-protect 1-45

Floor 9 "Edge" Switch 1
hostname "Floor9-1"
interface 48
name "Floor9-1:48 downlink to Floor8-1:46"
exit

vlan 1
name "DEFAULT_VLAN"
no untagged 1-48
no ip address
exit

vlan 19
name "Data Floor 9"
untagged 1-48
ip address x.x.x.x 255.255.255.0
exit

vlan 30
name "Voice"
tagged 1-48
ip address x.x.x.x 255.255.255.0
qos priority 5
voice
exit

loop-protect 1-47 (don't loop protect uplinks)

Floor 9 "Edge" Switch 2 (linked to Edge switch 1)
hostname "Floor9-2"
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
no ip address
exit
vlan 19
name "Data Floor 9"
untagged 1-24
ip address x.x.x.x 255.255.255.0
exit
vlan 30
name "Voice"
tagged 1-24
ip address x.x.x.x 255.255.255.0
qos priority 5
voice
exit

loop-protect 1-23 (don't loop protect uplinks)

Hi, looking at posted running configurations Floor 8 Switch uplink port 46 is no more a Untagged member of VLAN 1 (Default) and instead is a Untagged member of VLAN 19 (Data Floor) and Tagged member of VLAN 30 (Voice)...so it transports VLAN 19 and 30 through port 46 down to Floor 9 Switch1 port 48 which has a matching configuration on its uplink port.

Since you loop-protect ports 1-47 on Floor 9 Switch 1 (so you don't only on down/up links dedicated ones)...where is the downlink port used to connect to Floor 9 Switch 2?

Hi Parnassus

RE: Since you loop-protect ports 1-47 on Floor 9 Switch 1 (so you don't only on down/up links dedicated ones)...where is the downlink port used to connect to Floor 9 Switch 2?

My mistake, On Floor 9, switch 1, downlink port is port 47 to Floor 9 switch 2 port 24, as I have a loop protect 1-46 in the updated switch configuration.

What still confuses me is Core 'hub' to 'Edge' switch VLAN scenarios where:

Core 'hub' is the Layer 2/ Layer 3 routing switch:

For any DATA VLANs we need to have one untagged port in each VLAN which has an IP Address and DHCP IP Helper then we TAG the outbound interfaces we want this VLAN to traverse?

Voice VLANs are always tagged (say 1-47)

 

---

@DoJu wrote: What still confuses me is Core 'hub' to 'Edge' switch VLAN scenarios where:

Core 'hub' is the Layer 2/ Layer 3 routing switch:

For any DATA VLANs we need to have one untagged port in each VLAN which has an IP Address and DHCP IP Helper then we TAG the outbound interfaces we want this VLAN to traverse?

Voice VLANs are always tagged (say 1-47)

---

Well...basically, yes you need to have that.

Consider things that way: on a Layer 2 switch (generally at Edge level) access devices (hosts) are connected unaware of any VLAN tagging (their packets enters the Switch port untagged = without any tag), once packets enter the Switch port they are accepted/dropped in relation to VLAN tagging the port is configured with...let suppose a host is connected to an access port (so member of a single VLAN, generally called the native VLAN for that very port and also generally untagged)...the untagged packets enter the port member of the untagged native VLAN id x (PVID)...the packets are accepted and internally to the switch they become tagged with the VLAN id x...now you need to transport those packets where the routing between VLANs will happen...to the Core (Layer 3 = IP Routing enabled)...to do that you can transport those packets as untagged in VLAN id x when they leave the uplink port to the Core or, if you need to carry multiple VLAN ids on the same uplink (physical or logical, doesn't matter), you are forced to transport those packets as tagged in VLAN id x (along with other VLAN ids) when they leave the uplink port to the Core....clearly on the Core the downlink port connected to the Edge switch need to correctly received those untagged (or tagged) incoming packets (and, doing so, at the very same time they also send packets with the same VLAN tagging pattern...as it happens on the uplink port at Edge side)...internally to the Core the same things happening on the Edge switch will happen...up to the VLAN Interface (SVI) where the routing to other VLAN ids (with SVIs) will happen.

So if you look at a VLAN id you discover it could be "transported" across many devices (more correctly the involved uplink, downlink and access ports involved with the transport let the packet of a particular VLAN id to move across the network) moving packets between access ports and access/trunk ports (trunk ports generally is a term used to describe uplink/downlink ports to other peer switching or routing devices).