Netonix Forums

Hey guys, I am not as strong at switching as I am with routing, but I have an emergency need to separate my switch into 2 switches basically. (We have a tower that is falling over and literally being held up by cat-5 cable as we speak!)

I have 2 ports that I need tied together and separated from all other ports. The 2 isolated ports need to be able to pass a few Vlans. My problem is I am using a vlan id that will exist on both networks segments of the switch, but they are not normally tied together . Can you tell me if this looks correct to you?

Ports 9 and 10 need to be isolated, I need them to pass untagged traffic, vlan 5 and also vlan 100. Vlan 100 is also being used on another network and I need to NOT tie all the Vlan 100's together.

Well you concept is correct but I have never tried it with Q and Q.

I have always used U and U to cut off 2 ports for a mid-span to my AF back-hauls but I am only passing un tagged routed traffic.

Not sure what it would then do with Tagged VLAN traffic, in reality the ingress filter would drop tagged packets but you could create 2 VLANs one with U and U for untagged traffic on ports 9 & 10 and another VLAN with the proper VLAN ID for Tagged traffic on port 9 and 10.

My first thought was to try it like this, but it won't let me. The issue I have here is we are in the process of taking the broken tower down and the emergency link I'm trying to create is an all day adventure to reach, so sending someone up to manually add another switch is not an easy option. I'm not real sure what Q is, but when I set it up that way it seemed to work at least for untagged traffic, but I have not yet tested vlan traffic yet. The broken tower has it's backhauls located very low and they are still operating, so I have a bit of time before I need this working.

I guess I'll fire up a unit here in the office and experiment real quick.

Q is for QinQ

You put a Q on a port that when packets that have VLAN inside a VLAN it strips off the outer VLAN TAG
Packets entering a Q port would get the outer VLAN tagged added to it.

You and search the forums for QinQ and there are several posts about it.

As I said you may need to create 2 VLANS, 1 for untagged traffic and one for tagged traffic then use the allowed VLAN list to specify which VLANs the ingress filters should accept and not drop.