Hi all. I have a cnmatrix switch where I created 2 trunks. I need certain vlans through one of the trunks and certain vlans through the other trunk. How can I do that? It seems that both trunks allow all vlans to go through.
Hi,
A hybrid port can participate in multiple vlans, but unlike a trunk port which automatically joins all vlans, a hybrid port has to be manually assigned to desired VLANs.
Each port on a cnMatrix switch can be configured as access, trunk, or hybrid port. Here's a description of these port types:
Access Mode
A port that can be assigned to a single VLAN. It accepts and transmits only untagged frames. Access port is typically connected to desktop PC or devices incapable of handling tagged frames.
Trunk Mode
A port that is auto associated to ALL VLANs. It accepts both tagged and untagged frames, but only transmits
tagged frames. Trunk port is typically connected to another switch or router.
Hybrid Mode
Default mode. A port that can be assigned to multiple VLANs. Unlike a trunk port, user must manually assign hybrid port to selected VLANs. It accepts and transmits both tagged and untagged frames. Hybrid port is typically connected to servers, APs, IP Phones etc.
Hi tng100 and thank you for getting back.
Both of the trunk interfaces are connected to a router. On the router corresponding interfaces I created the vlans I want to pass to the switch. The way you describe it, hybrid mode is what I should need. I will let you know how it goes!
Hi tng100. I have switched one of the trunks to hybrid mode. I still cannot find a way to define which I vlans to allow through while blocking the rest of the vlans. Can you please share the commands to do so? I searched in the GUI and in the CLI but I cannot find anything! Is hybrid mode using 802.1q?
Hello,
To add ports 9 & 10 (hybrid ports) into vlan 2:
vlan 2
port adds gig 0/9-10
exit
To remove ports 10 from vlan 2:
vlan 2
no ports gig 0/10
exit
Attached is the Web GUI example.
- Screenshot_1.png (75.5 KB)
Hi. These commands will make interfaces 9 and 10 members of vlan 2. This is not what I am trying to do. Here is a better explanation of what I am trying to do.
I have a router (ubiquiti, ER-6P) connected to a EX2028-P switch in the following way:
- Router interface eth1 connects to switch interface gi0/22
- Router interface eth2 connects to switch interface gi0/23
- On the router I have 12 VLANs configured. 6 of the vlans are on interface eth1 and the other 6 are on eth2
- I need VLANs 1,2,3,4,5 and 6 to be able to pass through switch interface gi0/22 only. I do not want VLANs 7,8,9,10,11 and 12 to pass through switch interface gi0/22
- I also need VLANs 7,8,9,10,11 and 12 to pass through switch interface gi0/23 only. I do not want VLANs 1,2,3,4,5 and 6 to pass through switch interface gi0/23.
This is mostly for performance and security reasons. For example, VLAN1 "leaking" through interface gi0/23 of the switch is not acceptable since from one hand the router will not be able to serve it and on the other hand someone could be eavesdropping. The router will not serve VLAN1 on its eth2 interface but it will have to process the request before deciding it cannot do so.
Now, if this was a Cisco switch the interface configuration commands for interface gi0/23 would be:
interface GigabitEthernet0/23
description Trunk_to_Router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 7,8,9,10,11,12
switchport mode trunk
end
As you can see the Cisco switch will not allow any other VLANs but 7,8,9,10,11,12 to pass through. Therefore traffic tugged for VLANs 1,2,3,4,5,6 will never leave the switch through interface gi0/23. Is this possible to do that with a cnMatrix switch, either using trunk or hybrid mode on the interface?
Hi,
In your example you need to make hybrid port gi0/22 a member of vlans 1,2,3,4,5,6, and make hybrid port gi0/23 a member of vlans 7,8,9,10,11,12 as shown below:
(Note: by default every port is a member of vlan 1, and egress untagged)
config terminal
vlan range 2-6
port add gig 0/22
exit
vlan range 7-12
port add gig 0/23
exit
vlan 1
no port gig 0/23 untag gig 0/23
exit
inter gig 0/23
switchport pvid 7
Gi0/22 will egress (toward the router) untagged on vlan 1, and tagged on vlans 2-6.
If you prefer gi0/22 to egress tagged on vlan 1, use below command:
config terminal
vlan 1
no port untagged gi 0/22
Gi0/23 will egress tagged on vlans 7-12.
To force untagged egress for vlan 7 (note: vlan 7 is the native vlans for gi0/23 as set above):
config terminal
vlan 7
port add gi 0/23 untagged gi 0/23
If you need further clarification, we can set up a live call.
Regards.
1 Like
Hi and thank you for following up. I will definitely try what you are recommending. As I have to put this project on hold for a few days however, please keep an eye on this thread in case I need to use the live call you are suggesting. I will get back to this coming Monday.
Hi tng100. I tested the setup using hybrid ports and now everything works in the way I wanted to. Thank you!
P.S. I tried to mark your answer as "acceptable solution" but I get a respond that I do not have rights to do so.
....and then I tried again the "accept as solution" button and it worked like a charm!