Disabling Native VLAN Configuration
This chapter contains sample configurations to check the functionality to drop the untagged traffic by disblaing the native vlan by configuring acceptable-frame-type vlan-tagged.
Topology
Native VLAN Topology
Configuration
SW1
SW1#configure terminal | Enter configuration mode |
SW1(config)# bridge 1 protocol rstp vlan-bridge | Create bridge |
SW1(config)#vlan database | Enter VLAN configuration mode |
SW1(config-vlan)#vlan 2-10 bridge 1 state enable | Create 2-10 vlans |
SW1(config-vlan)#exit | Exit VLAN configuration mode |
SW1(config)#interface xe6 | Enter interface configuration mode for xe6 |
SW1(config-if)#switchport | Configure switchport |
SW1(config-if)#bridge-group 1 | Associate interface with bridge-group 1 |
SW1(config-if)#switchport mode hybrid | Configure port mode as hybrid |
SW1(config-if)# switchport hybrid allowed vlan all | Allow all the vlans on the xe6 port |
SW1(config-if)#exit | Exit from interface mode |
SW1(config)#interface xe21 | Enter interface configuration mode for xe21 |
SW1(config-if)#switchport | Configure switchport |
SW1(config-if)#bridge-group 1 | Associate interface with bridge-group 1 |
SW1(config-if)#switchport mode hybrid | Configure port mode as hybrid |
SW1(config-if)# switchport hybrid allowed vlan all | Allow all the vlans on the xe21 port |
SW1(config-if)#exit | Exit from interface mode |
SW1(config)#commit | Commit the candidate configuration to the running configuration |
SW2
SW2#configure terminal | Enter configuration mode |
SW2(config)# bridge 1 protocol rstp vlan-bridge | Create bridge |
SW2(config)#vlan database | Enter VLAN configuration mode |
SW2(config-vlan)#vlan 2-10 bridge 1 state enable | Create 2-10 vlans |
SW2(config-vlan)#exit | Exit VLAN configuration mode |
SW2(config)#interface xe6 | Enter interface configuration mode for xe6 |
SW2(config-if)#switchport | Configure switchport |
SW2(config-if)#bridge-group 1 | Associate interface with bridge-group 1 |
SW2(config-if)#switchport mode hybrid | Configure port mode as hybrid |
SW2(config-if)# switchport hybrid allowed vlan all | Allow all the vlans on the xe6 port |
SW2(config-if)#exit | Exit from interface mode |
SW2(config)#interface xe13 | Enter interface configuration mode for xe13 |
SW2(config-if)#switchport | Configure switchport |
SW2(config-if)#bridge-group 1 | Associate interface with bridge-group 1 |
SW2(config-if)#switchport mode hybrid | Configure port mode as hybrid |
SW2(config-if)# switchport hybrid allowed vlan all | Allow all the vlans on the xe13 port |
SW2(config-if)#exit | Exit from interface mode |
SW2(config)#commit | Commit the candidate configuration to the running configuration |
Validation
Sending untagged, vlan-5 and vlan-6 traffic from ixia-1 to ixia-2. In the show bridge o/p we can see all the mac entries learnt for all the traffics.
In the show vlan brief output for default vlan interface xe21 is having port type as untagged (u).
SW1#show bridge
bridge 1 is running on rstp vlan-bridge
Ageout time is global and if something is configured for vxlan then it will be a
ffected here also
Bridge CVLAN SVLAN BVLAN Port MAC Address FWD Time-out
---------+------+------+------+-----------+-----------------+-----+---------+
1 1 xe21 0000.0000.0003 1 300
1 5 xe21 0000.0000.0005 1 300
1 6 xe21 0000.0000.0006 1 300
SW1#sh int counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
ce53 0.00 0 0.00 0
xe6 0.00 0 2960.63 246719
xe8 0.00 0 0.00 0
xe9 0.00 0 0.00 0
xe21 2960.63 246719 0.00 0
SW1#sh vlan brief
Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
1 1 default ACTIVE Success xe6(u) xe21(u)
1 2 VLAN0002 ACTIVE Success xe6(t) xe21(t)
1 3 VLAN0003 ACTIVE Success xe6(t) xe21(t)
1 4 VLAN0004 ACTIVE Success xe6(t) xe21(t)
1 5 VLAN0005 ACTIVE Success xe6(t) xe21(t)
1 6 VLAN0006 ACTIVE Success xe6(t) xe21(t)
1 7 VLAN0007 ACTIVE Success xe6(t) xe21(t)
1 8 VLAN0008 ACTIVE Success xe6(t) xe21(t)
1 9 VLAN0009 ACTIVE Success xe6(t) xe21(t)
1 10 VLAN0010 ACTIVE Success xe6(t) xe21(t)
Configuring acceptable-frame-type vlan-tagged on ingress interface
SW1
SW1(config)#interface xe21 | Enter interface configuration mode for xe21 |
SW1(config-if)# switchport mode hybrid acceptable-frame-type vlan-tagged | Configure acceptable-frame-type vlan-tagged |
SW1(config-if)#exit | Exit from interface mode |
SW1(config)#commit | Commit the candidate configuration to the running configuration |
Validation
After configuring acceptable-frame-type vlan-tagged, In the show bridge o/p we can see that un-tagged traffic is dropped (.0003 mac entry is not present), and traffic also getting dropped for that specific stream.
Now on show vlan brief output we can see that xe21 interface is having port type as tagged (t).
SW1#sh show bridge
bridge 1 is running on rstp vlan-bridge
Ageout time is global and if something is configured for vxlan then it will be a
ffected here also
Bridge CVLAN SVLAN BVLAN Port MAC Address FWD Time-out
---------+------+------+------+-----------+-----------------+-----+---------+
1 5 xe21 0010.9400.0003 1 300
1 6 xe21 0010.9400.0004 1 300
SW1#sh int counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
ce53 0.00 0 0.00 0
xe6 0.00 0 1971.13 164480
xe8 0.00 0 0.00 0
xe9 0.00 0 0.00 0
xe21 2960.64 246720 0.00 0
SW1#sh vlan brief
Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
1 1 default ACTIVE Success xe6(u) xe21(t)
1 2 VLAN0002 ACTIVE Success xe6(t) xe21(t)
1 3 VLAN0003 ACTIVE Success xe6(t) xe21(t)
1 4 VLAN0004 ACTIVE Success xe6(t) xe21(t)
1 5 VLAN0005 ACTIVE Success xe6(t) xe21(t)
1 6 VLAN0006 ACTIVE Success xe6(t) xe21(t)
1 7 VLAN0007 ACTIVE Success xe6(t) xe21(t)
1 8 VLAN0008 ACTIVE Success xe6(t) xe21(t)
1 9 VLAN0009 ACTIVE Success xe6(t) xe21(t)
1 10 VLAN0010 ACTIVE Success xe6(t) xe21(t)