On Tuesday, 06/24/2008 at 03:47 EDT, "Burch, Aubrey Dennis CIV DISA GS4B" <[EMAIL PROTECTED]> wrote: > "Attached are the IP addresses you requested. I will put the trunk in > place on core switch 2 tonight. I will trunk VLANs 390, 391, 393 and > 389(new vlan for this project). I will use a native vlan of 499. Will > that work for you?"
It can be confusing. The (physical) switch has myriad VLANs, but two are special: 1. The DEFAULT VLAN. This is the VLAN that can be EXPLICITLY assigned to any trunk port. INBOUND untagged frames will be tagged with the DEFAULT VLAN. OUTBOUND frames will have the tag removed if it is tagged with the DEFAULT VLAN. (In this way a trunk port can act as a sort of "hybrid" port, having both tagged and untagged frames.) 2. The NATIVE VLAN. If an explicit DEFAULT VLAN has NOT been assigned to a trunk port, the NATIVE VLAN will be used as described above. Think of it as the "default DEFAULT" or, if you prefer, as the inital value of the DEFAULT VLAN for all ports. This typically defaults to VLAN 1. The z/VM terminology is a bit different. A. The DEFAULT VLAN is the VLAN we assign to a guest that has not be given an explicit VLAN id assignment. This is the value on the DEFINE VSWITCH VLAN keyword. Sort of like #1 above, but not quite. B. The NATIVE VLAN of the VSWITCH should match the default (lower-case) VLAN id of the physical switch port, whether that is via #1 or #2 above. If a guest with a virtual trunk port sends untagged data, it will only be allowed through if the guest is ALSO authorized to the NATIVE VLAN id. This is the value on the DEFINE VSWITCH NATIVE keyword. Example: DEFINE VSWITCH ALAN VLAN 400 NATIVE 2 SET VSWITCH ALAN GRANT MIKE SET VSWITCH ALAN GRANT DENNIS PORTTYPE TRUNK VLAN 100-102 SET VSWITCH ALAN GRANT ROB PORTTYPE TRUNK VLAN 2,200 MIKE: - Has a virtual ACCESS port (taken from the PORTTYPE on the DEFAULT VSWITCH) - Cannot send or receive tagged frames - All untagged frames are tagged with VLAN 400 DENNIS: - Has a virtual TRUNK port - Must tag all frames with VLAN 100, 101, or 102 - All others are discarded ROB: - Has a virtual TRUNK port - If frames are tagged, CP requires that they be 2 or 200 - If frame is tagged with VLAN 2, the switch may or may not throw it away, depending on authorization - If frames are untagged, they will be allowed through (unchanged - no tags) by CP - The switch will (I allege) associate untagged frames with VLAN 2. If the native or default VLAN of the port isn't 2, then things go crazy because CP uses the NATIVE keyword (or the default VLAN, if NATIVE not specified) to know whether or not to deliver INBOUND (from the OSA) untagged frames to the guest. If I have details wrong, I'm sure Tracy or Mary Ellen will correct me. :-) Alan Altmark z/VM Development IBM Endicott
