Thanks for the explanation. Am I understanding that on the ES1, if the
port is only setup as a Tagged Vlan104, and excluded from everything
else, it will still show non-tagged traffic as well as tagged traffic as
Vlan104? My Thought was that if the physical port on ES1 is not set as
untagged for any vlan (It is excluded from All other Vlans, including
Vlan1), that Only tagged Vlan104 traffic should be present at the Mikrotik.
Nate
On 9/5/2018 4:51 PM, Faisal Imtiaz wrote:
Let me help you out.. .think of a port as a Tube, a tagged vlan is another tube
running inside the bigger outer tube.
The outer tube is Untagged Vlan traffic or native vlan traffic ...
A trunk port is one that can see both the outer tube (untagged vlans) as well
as the inner tubes (tagged vlans)
An access port is one where the inner tube (tagged vlan) is connected to act as
the Outer Tube (ie. tagged traffic in received and it flows thru as untagged).
In your example, you have a tagged vlan 104 going thru the MT1, ES1, EPMP SM,
and the EPMP AP (let's just stop here in the chain, for a moment).
Which is all good, however, by virtue of the physical connection, you also have
the Untagged traffic connected..
in other words, you have native/untagged traffic flowing all the way thru,
along with Tagged Vlan 104 traffic.
Now if you look at the rest of the chain, you are taking Untagged vlan 1000
(native) + Tagged vlan 104 into ES2, and then handing them off as two tagged
vlans to MT2.
Which means that between ES2 and MT2 native/untagged traffic is not going
anywhere other than staying between these two devices.
and this would explain why MT1 is able to see everything via native + vlan 104,
and MT2 is able to see everything via Vlan 1000 and Vlan 104, and only the ES2
via native vlan.
Hope it makes sense.
Regards.
Faisal Imtiaz
Snappy Internet & Telecom
http://www.snappytelecom.net
Tel: 305 663 5518 x 232
Help-desk: (305)663-5518 Option 2 or Email: [email protected]
----- Original Message -----
From: "Nate Burke" <[email protected]>
To: "Animal Farm" <[email protected]>
Sent: Wednesday, September 5, 2018 1:30:45 PM
Subject: [AFMUG] Edgeswitch Vlan Leaking
I'm sure I have something missing in my configuration, but I haven't
been able to figure it out yet. Edgeswitches on Version 1.7.4 and 1.8.0
Mikrotik1 <-Tagged Vlan104-> Edgeswitch1 <-Tagged Vlan104-> EPMP SM
<---> EPMP AP <-Untagged Vlan1000, Tagged Vlan104-> Edgeswitch2
<-Tagged Vlan1000,Tagged Vlan104-> Mikrotik2
Mikrotik1, in it's neighbor list, is able to see on Vlan104 all devices
that exist on Vlan1000 at Edgeswitch2. Since the Port on Edgeswitch1 is
set for Tagged vlan104 and excluded from all other vlans, shouldn't this
isolate all traffic to only Vlan104, which means that Mikrotik1 Should
only see Mikrotik2 in a neighbor list? Vlan1000 does not exist in the
Vlan Table of edgeswitch1 at all. Everything is working the way I expect
it to, I'm just trying to figure out why I'm seeing the layer2 neighbor
traffic when I don't think I should.
Nate
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
