Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. extreme
vlan and vman on the same switch
marcin at leon
Oct 12, 2012, 10:56 AM
Post #1 of 5 (5724 views)
Permalink
hello,

could anyone help me with configuring VMAN on EXOS (x450, x650, x670)
switches ?

Let's say, that there is a network with number of VLANs, L2 only.
I want to get a channel, that will be "open" - so at the edges of
network, will be added as untagged.
So, someone connected to edge "untagged" ports will be able to transmit
their own VLANs inside.
I though that VMAN is a good solution here, but I can't add any port to
VMAN...

Is it a proper way to do QinQ ? If yes - then what's wrong, if not -
what do you recommend ?

Regards,
Marcin

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp
Re: vlan and vman on the same switch [ In reply to ]
erik at bais
Oct 12, 2012, 11:33 AM
Post #2 of 5 (5597 views)
Permalink
Hi Marcin,

If you want to do this from a single port through the (3) devices to another port at the other side, there are several options.

If the traffic is multiple vlan's.. in that case a VMAN is a good option. (make sure you have the same Ethernet frame type in all 3 devices for VMAN's.)
If it regular untagged traffic, a single vlan should suffice.

It is possible to have multiple ports in a vman.. However all tagged traffic that you stuff into it, is what you get out of it. Make sure that you don't mixed customers their VMAN's, as it will also mix their vlan's :-)
If you have Cisco's on the other side (a trunked port) instruct the customer to prune vlan's and only allow the VLANs they need / want on the other side. It is also quite possible to create broadcast storms if the customer is having multiple routes to the same locations. Be aware of this ..

Each port that you create for a specific VMAN, should be untagged on ingress/egress.

Hope this helps,
Erik Bais

-----Original Message-----
From: extreme-nsp-bounces@puck.nether.net [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Marcin Kuczera
Sent: vrijdag 12 oktober 2012 19:57
To: extreme-nsp@puck.nether.net
Subject: [e-nsp] vlan and vman on the same switch

hello,

could anyone help me with configuring VMAN on EXOS (x450, x650, x670) switches ?

Let's say, that there is a network with number of VLANs, L2 only.
I want to get a channel, that will be "open" - so at the edges of network, will be added as untagged.
So, someone connected to edge "untagged" ports will be able to transmit their own VLANs inside.
I though that VMAN is a good solution here, but I can't add any port to VMAN...

Is it a proper way to do QinQ ? If yes - then what's wrong, if not - what do you recommend ?

Regards,
Marcin

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp
Re: vlan and vman on the same switch [ In reply to ]
marcin at leon
Oct 12, 2012, 12:13 PM
Post #3 of 5 (5596 views)
Permalink
On 2012-10-12 20:33, Erik Bais wrote:
> Hi Marcin,
>
> If you want to do this from a single port through the (3) devices to another port at the other side, there are several options.
>
> If the traffic is multiple vlan's.. in that case a VMAN is a good option. (make sure you have the same Ethernet frame type in all 3 devices for VMAN's.)
> If it regular untagged traffic, a single vlan should suffice.

My choice is VMAN, because it will transit several internal customer's VLANs


>
> It is possible to have multiple ports in a vman.. However all tagged traffic that you stuff into it, is what you get out of it. Make sure that you don't mixed customers their VMAN's, as it will also mix their vlan's :-)
No problem about, it will be point-to-point (however protection i.e.
with EAPS will be supported).

> If you have Cisco's on the other side (a trunked port) instruct the customer to prune vlan's and only allow the VLANs they need / want on the other side. It is also quite possible to create broadcast storms if the customer is having multiple routes to the same locations. Be aware of this ..
>
> Each port that you create for a specific VMAN, should be untagged on ingress/egress.
That is what I want to do, but...
* Slot-1 SummitX450-KTW-PSE.9 # configure vman "lim-test" add ports 1:8
tagged
Error: Port 1:8 cannot be added to vMan lim-test because ports are VLAN
members
and the vMan ethertype is not 0x8100.

lack of knowledge ???

* Slot-1 SummitX450-KTW-PSE.5 # show vman etherType
Vman Primary EtherType : 0x88a8

I think, that this is ok, I mean, VMAN and VLAN should have different
ethertype not to mix them...

Regards,
Marcin



>
> Hope this helps,
> Erik Bais
>
> -----Original Message-----
> From: extreme-nsp-bounces@puck.nether.net [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Marcin Kuczera
> Sent: vrijdag 12 oktober 2012 19:57
> To: extreme-nsp@puck.nether.net
> Subject: [e-nsp] vlan and vman on the same switch
>
> hello,
>
> could anyone help me with configuring VMAN on EXOS (x450, x650, x670) switches ?
>
> Let's say, that there is a network with number of VLANs, L2 only.
> I want to get a channel, that will be "open" - so at the edges of network, will be added as untagged.
> So, someone connected to edge "untagged" ports will be able to transmit their own VLANs inside.
> I though that VMAN is a good solution here, but I can't add any port to VMAN...
>
> Is it a proper way to do QinQ ? If yes - then what's wrong, if not - what do you recommend ?
>
> Regards,
> Marcin
>
> _______________________________________________
> extreme-nsp mailing list
> extreme-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/extreme-nsp

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp
Re: vlan and vman on the same switch [ In reply to ]
erik at bais
Oct 12, 2012, 12:33 PM
Post #4 of 5 (5613 views)
Permalink
Hi Marcin,

As you have a X450 in the config, you need to put the following configuration change on all the switches:

configure vman ethertype 0x8100

For the newer type switches, there are other VMAN Ethertype options, that setting is however backwards compatible.

That is probably the fix.

Have fun.

Erik

-----Original Message-----
From: Marcin Kuczera [mailto:marcin@leon.pl]
Sent: vrijdag 12 oktober 2012 21:14
To: Erik Bais
Cc: extreme-nsp@puck.nether.net
Subject: Re: [e-nsp] vlan and vman on the same switch

On 2012-10-12 20:33, Erik Bais wrote:
> Hi Marcin,
>
> If you want to do this from a single port through the (3) devices to another port at the other side, there are several options.
>
> If the traffic is multiple vlan's.. in that case a VMAN is a good
> option. (make sure you have the same Ethernet frame type in all 3 devices for VMAN's.) If it regular untagged traffic, a single vlan should suffice.

My choice is VMAN, because it will transit several internal customer's VLANs


>
> It is possible to have multiple ports in a vman.. However all tagged
> traffic that you stuff into it, is what you get out of it. Make sure
> that you don't mixed customers their VMAN's, as it will also mix their
> vlan's :-)
No problem about, it will be point-to-point (however protection i.e.
with EAPS will be supported).

> If you have Cisco's on the other side (a trunked port) instruct the customer to prune vlan's and only allow the VLANs they need / want on the other side. It is also quite possible to create broadcast storms if the customer is having multiple routes to the same locations. Be aware of this ..
>
> Each port that you create for a specific VMAN, should be untagged on ingress/egress.
That is what I want to do, but...
* Slot-1 SummitX450-KTW-PSE.9 # configure vman "lim-test" add ports 1:8 tagged
Error: Port 1:8 cannot be added to vMan lim-test because ports are VLAN members
and the vMan ethertype is not 0x8100.

lack of knowledge ???

* Slot-1 SummitX450-KTW-PSE.5 # show vman etherType
Vman Primary EtherType : 0x88a8

I think, that this is ok, I mean, VMAN and VLAN should have different ethertype not to mix them...

Regards,
Marcin



>
> Hope this helps,
> Erik Bais
>
> -----Original Message-----
> From: extreme-nsp-bounces@puck.nether.net
> [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Marcin
> Kuczera
> Sent: vrijdag 12 oktober 2012 19:57
> To: extreme-nsp@puck.nether.net
> Subject: [e-nsp] vlan and vman on the same switch
>
> hello,
>
> could anyone help me with configuring VMAN on EXOS (x450, x650, x670) switches ?
>
> Let's say, that there is a network with number of VLANs, L2 only.
> I want to get a channel, that will be "open" - so at the edges of network, will be added as untagged.
> So, someone connected to edge "untagged" ports will be able to transmit their own VLANs inside.
> I though that VMAN is a good solution here, but I can't add any port to VMAN...
>
> Is it a proper way to do QinQ ? If yes - then what's wrong, if not - what do you recommend ?
>
> Regards,
> Marcin
>
> _______________________________________________
> extreme-nsp mailing list
> extreme-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/extreme-nsp


_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp
Re: vlan and vman on the same switch [ In reply to ]
marcin at leon
Oct 12, 2012, 2:18 PM
Post #5 of 5 (5715 views)
Permalink
On 2012-10-12 21:33, Erik Bais wrote:
> Hi Marcin,
>
> As you have a X450 in the config, you need to put the following configuration change on all the switches:
>
> configure vman ethertype 0x8100
>
> For the newer type switches, there are other VMAN Ethertype options, that setting is however backwards compatible.
>
> That is probably the fix.

Ok, it helped.

So I understand that on X450 one could use either VLAN or VMAN when with
different ethertypes.

I also can see, that there is a separate table of VLANs and VMANs.
In a case of different ethertypes - do I have 2x 4096 virtual circuits ?

In a case of the same ethertype for VLAN and VMAN (0x8100) - I suppose
that then I can't have the same tags for vlan X and vman Y.
and - so, the switch is recognizing VLANs from VMANs (x450 or any other
when using the same ethertype) by that, that the tag is in VMAN or VLAN
table ?

btw, is it possible somehow gently pop an outer VLAN TAG (VMAN) to
extract inner VLANs ?


Regards,
Marcin

>
> Have fun.
>
> Erik
>
> -----Original Message-----
> From: Marcin Kuczera [mailto:marcin@leon.pl]
> Sent: vrijdag 12 oktober 2012 21:14
> To: Erik Bais
> Cc: extreme-nsp@puck.nether.net
> Subject: Re: [e-nsp] vlan and vman on the same switch
>
> On 2012-10-12 20:33, Erik Bais wrote:
>> Hi Marcin,
>>
>> If you want to do this from a single port through the (3) devices to another port at the other side, there are several options.
>>
>> If the traffic is multiple vlan's.. in that case a VMAN is a good
>> option. (make sure you have the same Ethernet frame type in all 3 devices for VMAN's.) If it regular untagged traffic, a single vlan should suffice.
> My choice is VMAN, because it will transit several internal customer's VLANs
>
>
>> It is possible to have multiple ports in a vman.. However all tagged
>> traffic that you stuff into it, is what you get out of it. Make sure
>> that you don't mixed customers their VMAN's, as it will also mix their
>> vlan's :-)
> No problem about, it will be point-to-point (however protection i.e.
> with EAPS will be supported).
>
>> If you have Cisco's on the other side (a trunked port) instruct the customer to prune vlan's and only allow the VLANs they need / want on the other side. It is also quite possible to create broadcast storms if the customer is having multiple routes to the same locations. Be aware of this ..
>>
>> Each port that you create for a specific VMAN, should be untagged on ingress/egress.
> That is what I want to do, but...
> * Slot-1 SummitX450-KTW-PSE.9 # configure vman "lim-test" add ports 1:8 tagged
> Error: Port 1:8 cannot be added to vMan lim-test because ports are VLAN members
> and the vMan ethertype is not 0x8100.
>
> lack of knowledge ???
>
> * Slot-1 SummitX450-KTW-PSE.5 # show vman etherType
> Vman Primary EtherType : 0x88a8
>
> I think, that this is ok, I mean, VMAN and VLAN should have different ethertype not to mix them...
>
> Regards,
> Marcin
>
>
>
>> Hope this helps,
>> Erik Bais
>>
>> -----Original Message-----
>> From: extreme-nsp-bounces@puck.nether.net
>> [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Marcin
>> Kuczera
>> Sent: vrijdag 12 oktober 2012 19:57
>> To: extreme-nsp@puck.nether.net
>> Subject: [e-nsp] vlan and vman on the same switch
>>
>> hello,
>>
>> could anyone help me with configuring VMAN on EXOS (x450, x650, x670) switches ?
>>
>> Let's say, that there is a network with number of VLANs, L2 only.
>> I want to get a channel, that will be "open" - so at the edges of network, will be added as untagged.
>> So, someone connected to edge "untagged" ports will be able to transmit their own VLANs inside.
>> I though that VMAN is a good solution here, but I can't add any port to VMAN...
>>
>> Is it a proper way to do QinQ ? If yes - then what's wrong, if not - what do you recommend ?
>>
>> Regards,
>> Marcin
>>
>> _______________________________________________
>> extreme-nsp mailing list
>> extreme-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/extreme-nsp

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal