I tested cnmatrix for my future project.
I found an issue (or feature by design which is wrong!).
When using switchport mode trunk command on some interface that interface automagically becomes member of VLAN1 (and members of all other VLANS which are configured manually and that is fine.
If I put command no port all under vlan 1, switch accepts commands but that trunk interface is still member of VLAN 1.
I DONT USE VLAN 1 AND DONT WANT VLAN1 BE ON THAT TRUNK INTERFACE.
If I put that interface to hybrid automagically that interface is not member of VLAN 1.
I can configure on the other side a hybrid port and use mgmt vlan as pvid / untagged (Mikrotik) and also on cnmatrix but I want all VLAN are passing as tagged.
So, what do I need to config on interface which is configure as a trunk to not become member of VLAN 1?
My apology for the delayed response. Somehow I did not receive you earlier post. Please find the description below for different port mode on cnMatrix.
Each port on a cnMatrix switch can be configured as access, trunk, or hybrid port. Here’s a description of these port types:
A port that can be assigned to a single VLAN. It accepts and transmits only untagged frames. Access port is typically connected to desktop PC or devices incapable of handling tagged frames.
A port that is auto associated to ALL VLANs. It accepts both tagged and untagged frames, but only transmitstagged frames, including the pvid. Trunk port is typically connected to another switch or router.
Default mode. A port that can be assigned to multiple VLANs. Unlike a trunk port, user must manually assign hybrid port to selected VLANs. It accepts and transmits both tagged and untagged frames. By default, hybrid port transmits untagged frames for the pvid. Hybrid port is typically connected to servers, APs, IP Phones etc.
Our implementation of trunk port is equivalent to Cisco’s trunk mode with ‘Allowed All’, and hence the port carries traffic for ALL VLANs.
Hi, my ccnp is telling me that I know difference between access and trunk ports and your statement is not true, on cisco switches you CAN EXCLUDE VLAN 1 or any other VLAN on trunk port and I as admin dont want to use VLAN1at all.
Example from real life, imagine you have ip phones which are configured for vlan 10 only (tagged) and no other VLANs must be sent to ip phone.
With cn matrix also there is VLAN1 tagged on that trunk port where the phone is connected, why would I want that?
Admin decide which VLAN will be added to trunk port.
I am OK if switch add VLAN1 to trunk port by it self but I am not OK whit no possibility to remove that VLAN1 manually.
cnMatrix’s switchport mode configuration does not exactly follow Cisco’s syntax.
Our trunk mode is equivalent to executing cisco’s command: “switchport trunk allowed vlan all”
To exclude VLAN 1 from a port, you want to use hybrid mode which can carry traffic for multiple vlans (similar to trunk). The vlan membership is flexible, but has to be configured manually.
In your example of the IP phone, you don’t want the port to be in ALL VLANs, so a trunk port would not work. In this case, you want to configure the port in hybrid mode, and assign it to the voice and data VLANs. The data vlan can be the port’s pvid so data traffic can egress untagged.
Please let me know if you need help with configuring the VLANs for hybrid port.
Hello, i found this post complies with my question. In the case the switch is already configured and installed on site. With ethernet configured trunk mode. I want to make all ports hybrid to avoid VLAN1 as the switch is learning hundreds of mac-addresses on VLAN1, which I dont use at all. Since i have to delete the vlan fist than create it with the ports i want to associate, but i can not loose management connection as it uses VLAN 100. Is there any way to do this?
There is a way to do this without losing connection with the switch. I’ve done this a few times and it works well.
Create a swtich group in cnMaestro that copies the configuration you have in the swtich now. If you want to add some policy based automation to the switch, now is a good time to do that.
Delete the switch in cnMaestro. It will come back right away, waiting for approval. Don’t approve it yet.
Click on the edit icon (the pencil). This will open a dialogue box that will enable you to remove VLAN 1, and any other configuration that you need to delete. When you have applied the configuration including the switch group, then tap the approve icon, and the configuration will be pushed out to the switch.
If all is good, the cnMaestro will show sync’d, and you should be managing the switch on VLAN 100.
Hello, my understanding is that you want to convert a port from trunk to hybrid mode without losing vlan membership that port inherits in trunk mode. For this you can manually add the port while it is in trunk mode to each VLAN that you want the port to be a member of in hybrid mode prior to changing the mode.
Ex: Let’s say port 2 is in trunk mode and there are vlans 1, 100, 101 on the switch. ‘show vlan’ will show port 2 in all vlans. First, add port 2 to vlan 100, and 101, then change the mode to hybrid as shown:
vlan range 100-101
port add gi 0/2
interface gi 0/2
switchport mode hybrid
Thankyou TamN, yes this is exactly what i need also i want ro remove PVID (Default VLAN, in this case VLAN 1). Because i don’t want to allow untaged traffic as in our case we are learning mac addresses on this VLAN. (even the VLAN 1 i s shut down)
Hello, you can certainly change the PVID to other than VLAN 1. Typically, the PVID is the same VLAN that is egressing untagged on the switch port. One caveat with this approach is that you cannot set the port to egress untagged on any VLAN while it is in trunk mode. You can do it after changing the mode to hybrid. To change the port’s PVID, use the command: interface gi 0/2 switchport pvid 100
If the switch is managed via cnMaestro, the solution proposed by DaveClelland is more elegant.
Hello, we use cnmaestro only for monitoring, we manage the network elements by CLI/GUI. So in our case we have to configure even egress port as “hybrid”?. What we want to achieve is to have only tagged traffic. As i said above we learn 170-180 Mac addresses on vlan 1 on different ethernet interfaces. Note VLAN 1 is continuing to have all switch ports as member ports even though i am configuring some ports “hybrid mode” and not add to VLAN1 member.