Access ports in cnMatrix

Eliot007 · October 8, 2019, 2:53am

Hi, I have a few hybrid ports, with vlan 1 as the main vlan,
however I want to convert those ports to access ports of vlan 2, I have tryed by CLI and GUI, and in both cases the switch denys to apply the changes, does anybody here has the proper commands to follow?

BR

TamN · October 8, 2019, 3:46am

Hello,

I suppose your switch is running latest 2.1-r5 release. The following commands configure port 5 for access port in vlan 2:

1) Remove port 5 from vlan 1

cnMatrix-demo# config terminal

cnMatrix-demo(config)# vlan 1
cnMatrix-demo(config-vlan)# no port gig 0/5 unta gi 0/5
cnMatrix-demo(config-vlan)# exit

2) Add port 5 as untagged into vlan 2
cnMatrix-demo(config)# vlan 2
cnMatrix-demo(config-vlan)# port add giga 0/5 untag gig 0/5
cnMatrix-demo(config-vlan)# exit

3) Set native (pvid) vlan to vlan 2, and set mode to access
cnMatrix-demo(config)# interface giga 0/5
cnMatrix-demo(config-if)# switchport pvid 2

cnMatrix-demo(config-if)# switchport acceptable-frame-type untaggedAndPrioritytagged <<<< Only needed for 2.0.5-r2 release
cnMatrix-demo(config-if)# switchport mode access
% Warning: Acceptable frame type was automatically set to "untaggedAndPriorityTagged".

cnMatrix-demo(config-if)# end

Using GUI:

Layer 2 Management->VLAN->Static VLANs page: 1) Remove Giga0/5 from the 'Member Ports' and 'Untagged Ports' fields in VLAN 1. Click Apply. 2) Add Gi0/5 into 'Member Ports' and 'Untagged Ports' fields in VLAN 2. Click Apply.

Layer 2 Management->VLAN->Port Settings page: Select port 0/5, Change PVID to 2. Click Apply.

Layer 2 Management->Port Manager->Basic Settings page: Select port 0/5 and choose Access from the pull-down menu of the 'Switch Port Mode'. Click Apply.

Thanks.

Eliot007 · October 9, 2019, 5:31am

Yes!, I'm running the latest OS version.

Thank you so much man!, this is the most clear explanation someone has ever gave to me.

I'm gonna try this configuration this Friday, though I'm sure it will work, because I was not previously untagin the vlans before.

Kind regards

Eliot

TamN · October 9, 2019, 5:56pm

Please find attached screenshots to demonstrate the steps for the Web GUI.

Screenshot-Delete port from vlan 1.png (58.7 KB)
Screenshot-Add port in vlan 2.png (58.4 KB)
Screenshot-Change pvid.png (68.4 KB)
Screenshot-Change mode to Access.png (82.2 KB)

AnzeZ · December 3, 2019, 1:37pm

A little bit stupid question but, how do you configure native vlan 2 and trunk port?

From the post I would assume the only difference is to change mode to trunk. Am I right?

Thank you for your help.

TamN · December 3, 2019, 1:47pm

Hello,

A trunk port belongs to all VLANs. It only egresses tagged frames, and typically receives tagged frames as well. That said, when an untagged frame ingresses a trunk port, the frame uses the native vlan.

To configure a port as trunk and set its native VLAN:

EX2010P-EBEEA1(config)# inter gig 0/9
EX2010P-EBEEA1(config-if)# switchport mode trunk
EX2010P-EBEEA1(config-if)# switchport pvid 2

Thanks.

AnzeZ · December 4, 2019, 9:16am

Question.

We have AP E600 on default configuration (VLAN1 untagged access Ethernet port) and I configure on cnMatrix PVID 500 on trunk port, this should work, AP should get to internet to cloud.

What am I doing wrong? Should I set anything different?

On AP I need data untaggaed VLAN 500 and tagged for MGMT 510. For Zero touch deployment I would like to use data VLAN to onboard devices to cloud and the reconfigure them with 'correct' configuration.

Thank you

TamN · December 5, 2019, 2:09am

Hi,

You stated "We have AP E600 on default configuration (VLAN1 untagged access Ethernet port) and I configure on cnMatrix PVID 500 on trunk port, this should work, AP should get to internet to cloud."

This may not work in direction from switch to AP. Being a trunk port, all egress traffic is tagged. In this case packets originated from cnmaestro for the AP are tagged with VLAN ID, and if the vlan id is not 1, then AP does not know how to handle it.

On a side note, I suggest to use hybrid (default setting) instead of trunk port in this case. A hybrid port can egress untagged traffic. You can also control VLAN membership on a hybrid port. It provides security level and unintentionally vlan flooding. A trunk port would have membership in ALL VLANs, which may not be desirable.

You stated "On AP I need data untaggaed VLAN 500 and tagged for MGMT 510. For Zero touch deployment I would like to use data VLAN to onboard devices to cloud and the reconfigure them with 'correct' configuration."

If you configured vlan 500 and 501 on the AP, please make sure switch configuration is proper and that traffic egressing the switch toward the AP are destined for vlans 500 and 501.

If you need further help, please contact me at tng100@cambiumnetworks.com.

AnzeZ · December 5, 2019, 11:34am

Ok, trunk is only tagged traffic.

What is Hybrid and what is PVID. What role does PVID play in this switchport game?

I understand that If I want VLAN 510 tagged and VLAN 500 untagged I should use Hybrid mode. But how should I set PVID?

In case I set PVID 500 and under Static Vlan I set interface port to VLAN 500 in Untagged section, it works. But if I change PVID to something else, it doesn't work any more? PVID and Untagged should be the same number. What is PVID?

I read everything in user guide, but I find this very confusing.

Thank you