Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Hi, On Tue, Apr 09, 2013 at 10:32:53PM +0300, Damian Higgins wrote: How about this scenario. Let's say you want a VLAN tagged on all the ports, but also want different untagged VLANs on those ports (e.g. port 10 tagged vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7). So native VLAN is out of question here since all ports would be untagged in the same VLAN ID. No. Native VLAN is per-port, and would do exactly this: specify the VLAN that is assigned to untagged incoming frames, and that is sent untagged for outgoing frames. Can you please test the following setup and tell me if it works? : interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 6 switchport access is irrelevant for trunk mode, *plus* if you only allow vlan 306, vlan 6 will not be sent, no matter whether tagged or not. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpHeODoIhF5_.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Hi, Thanks, I was under the impression that native vlan is global. Great stuff then, this setup also works on cisco :). Regards On Wed, Apr 10, 2013 at 10:08 AM, Gert Doering g...@greenie.muc.de wrote: Hi, On Tue, Apr 09, 2013 at 10:32:53PM +0300, Damian Higgins wrote: How about this scenario. Let's say you want a VLAN tagged on all the ports, but also want different untagged VLANs on those ports (e.g. port 10 tagged vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7). So native VLAN is out of question here since all ports would be untagged in the same VLAN ID. No. Native VLAN is per-port, and would do exactly this: specify the VLAN that is assigned to untagged incoming frames, and that is sent untagged for outgoing frames. Can you please test the following setup and tell me if it works? : interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 6 switchport access is irrelevant for trunk mode, *plus* if you only allow vlan 306, vlan 6 will not be sent, no matter whether tagged or not. gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
On Tue, Apr 09, 2013 at 12:30:52AM -0400, Jeff Kell wrote: On 4/9/2013 12:16 AM, Mike wrote: It it helps. I do also have dot1q native vlan tagging enabled. I just can't see inside of the switch and understand where my frames are going. If I put it into switchport mode access, and switchport access vlan 6, it all works fine and I see mac addresses in the table. If you enable native vlan tagging, it will drop any untagged frames. ISTR that this has actually changed some time ago. Initially, tag native would have tagged the native VLAN on egress (as the name implies) and would have accepted the native VLAN tagged on ingress, but still also accepted untagged frames as valid and associated them with the native VLAN. Later (something in my spotty memory says it was somewhere around 12.2(4x)SE on the 3k range) this was changed, as tag native was pushed as a security feature against VLAN hopping attacks. Some users were in for a surprise when that changed. Then again, I may well remember that wrong, it all played out in 2007 or so... HTH, Andre. -- Cool .signatures are so 90s... - Andre Beck+++ ABP-RIPE +++ IBH IT-Service GmbH, Dresden - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Hi, How embarrassing... Model number: WS-C3560-48TS-S c3560-ipservicesk9-mz.122-55.SE5.bin interface FastEthernet0/33 switchport trunk encapsulation dot1q switchport trunk native vlan 33 switchport mode trunk end SW3#sh run | i dot1q ta vlan dot1q tag native SW3#sh int f0/33 swi | i Native Trunking Native Mode VLAN: 33 (VLAN0033) Administrative Native VLAN tagging: enabled Administrative private-vlan trunk Native VLAN tagging: enabled !! As expected, but... SW3#conf t Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#no vlan dot1q tag native SW3# SW3#sh int f0/33 swi | i Native Trunking Native Mode VLAN: 33 (VLAN0033) Administrative Native VLAN tagging: enabled Administrative private-vlan trunk Native VLAN tagging: enabled can you disable it anyway? jonagy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
On 04/08/2013 09:48 PM, sth...@nethelp.no wrote: I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). I removed dot1q tag native and that seems to have worked. Unfortunately, it caused other problems requiring me to set the native vlans on some ports to something other than default. In the end it's working but I just don't see why I can't say 'hey, got an untagged frame? throw it into this vlan for me...'. Maybe I need more expensive switches. Thanks all. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Hi Mike, How about this scenario. Let's say you want a VLAN tagged on all the ports, but also want different untagged VLANs on those ports (e.g. port 10 tagged vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7). So native VLAN is out of question here since all ports would be untagged in the same VLAN ID. Can you please test the following setup and tell me if it works? : interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 6 interface GigabitEthernet0/11 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 7 I don't have any cisco switches at the moment that I could do this test on, but I can tell you for sure that this setup is possibile on other switches (HP procurve for example, and they're way cheaper :) Regards, On Tue, Apr 9, 2013 at 8:21 PM, Mike mike-cisconspl...@tiedyenetworks.comwrote: On 04/08/2013 09:48 PM, sth...@nethelp.no wrote: I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). I removed dot1q tag native and that seems to have worked. Unfortunately, it caused other problems requiring me to set the native vlans on some ports to something other than default. In the end it's working but I just don't see why I can't say 'hey, got an untagged frame? throw it into this vlan for me...'. Maybe I need more expensive switches. Thanks all. Mike- __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
I've started looking at this thread in mid-conversation, but I think that original config is correct. If you have switchport mode trunk, the switchport access-vlan ... won't take effect. It will only use the access-vlan if the interface fails to trunk. If you are trunking a non-cisco switch, you should disable CDP and DTP via the following config. If this fails to work, then there may be some incompatibles with the dot1q protocol between switches, or some spanning tree issue. interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 6,306 switchport mode trunk switchport access vlan 6 switchport nonegotiate no cdp enable interface GigabitEthernet0/11 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 7 switchport trunk allowed vlan 7,306 switchport mode trunk switchport access vlan 7 switchport nonegotiate no cdp enable Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Damian Higgins Sent: Tuesday, April 09, 2013 3:33 PM To: Mike Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 3560g switch - tagged vlans and untagged frames Hi Mike, How about this scenario. Let's say you want a VLAN tagged on all the ports, but also want different untagged VLANs on those ports (e.g. port 10 tagged vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7). So native VLAN is out of question here since all ports would be untagged in the same VLAN ID. Can you please test the following setup and tell me if it works? : interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 6 interface GigabitEthernet0/11 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 7 I don't have any cisco switches at the moment that I could do this test on, but I can tell you for sure that this setup is possibile on other switches (HP procurve for example, and they're way cheaper :) Regards, On Tue, Apr 9, 2013 at 8:21 PM, Mike mike-cisconspl...@tiedyenetworks.comwrote: On 04/08/2013 09:48 PM, sth...@nethelp.no wrote: I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). I removed dot1q tag native and that seems to have worked. Unfortunately, it caused other problems requiring me to set the native vlans on some ports to something other than default. In the end it's working but I just don't see why I can't say 'hey, got an untagged frame? throw it into this vlan for me...'. Maybe I need more expensive switches. Thanks all. Mike- __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco- nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco- nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
On 4/9/13, Damian Higgins linnew...@gmail.com wrote: Hi Mike, How about this scenario. Let's say you want a VLAN tagged on all the ports, but also want different untagged VLANs on those ports (e.g. port 10 tagged vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7). int g0/10 switchport trunk allowed vlan 6,306 switchport trunk native vlan 6 int g0/11 switchport trunk allowed vlan 7,306 switchport trunk native vlan 7 So native VLAN is out of question here since all ports would be untagged in the same VLAN ID. native vlan is per port Can you please test the following setup and tell me if it works? : shouldn't work - 'switchport access vlan nnn' is for non-trunking ports. Regards, Lee interface GigabitEthernet0/10 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 6 interface GigabitEthernet0/11 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk allowed vlan 306 switchport mode trunk switchport access vlan 7 I don't have any cisco switches at the moment that I could do this test on, but I can tell you for sure that this setup is possibile on other switches (HP procurve for example, and they're way cheaper :) Regards, On Tue, Apr 9, 2013 at 8:21 PM, Mike mike-cisconspl...@tiedyenetworks.comwrote: On 04/08/2013 09:48 PM, sth...@nethelp.no wrote: I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). I removed dot1q tag native and that seems to have worked. Unfortunately, it caused other problems requiring me to set the native vlans on some ports to something other than default. In the end it's working but I just don't see why I can't say 'hey, got an untagged frame? throw it into this vlan for me...'. Maybe I need more expensive switches. Thanks all. Mike- __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
On 04/08/2013 09:23 PM, Jason Lixfeld wrote: Try adding 6 to the allowed list on the trunk. I did, no dice. Also my example says 'vlan 100' but really I mean I want vlan 6 to receive the untagged traffic, as you have surmised. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
On 4/9/2013 12:16 AM, Mike wrote: It it helps. I do also have dot1q native vlan tagging enabled. I just can't see inside of the switch and understand where my frames are going. If I put it into switchport mode access, and switchport access vlan 6, it all works fine and I see mac addresses in the table. If you enable native vlan tagging, it will drop any untagged frames. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Try adding 6 to the allowed list on the trunk. -- Sent from my mobile device On 2013-04-09, at 12:16 AM, Mike mike-cisconspl...@tiedyenetworks.com wrote: Hi, I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I just can't see inside of the switch and understand where my frames are going. If I put it into switchport mode access, and switchport access vlan 6, it all works fine and I see mac addresses in the table. Any help would be appreciated. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Disable native vlan tagging and just set native vlan 6. -- Sent from my mobile device On 2013-04-09, at 12:30 AM, Mike mike-cisconspl...@tiedyenetworks.com wrote: On 04/08/2013 09:23 PM, Jason Lixfeld wrote: Try adding 6 to the allowed list on the trunk. I did, no dice. Also my example says 'vlan 100' but really I mean I want vlan 6 to receive the untagged traffic, as you have surmised. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Nevermind... Mid-read the initial config. -- Sent from my mobile device On 2013-04-09, at 12:23 AM, Jason Lixfeld ja...@lixfeld.ca wrote: Try adding 6 to the allowed list on the trunk. -- Sent from my mobile device On 2013-04-09, at 12:16 AM, Mike mike-cisconspl...@tiedyenetworks.com wrote: Hi, I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I just can't see inside of the switch and understand where my frames are going. If I put it into switchport mode access, and switchport access vlan 6, it all works fine and I see mac addresses in the table. Any help would be appreciated. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Not on my switch. I just happen to have set this up today, funnily enough. It takes untagged frames on the trunk and tags them with the native vlan. It doesn't drop them. -- Sent from my mobile device On 2013-04-09, at 12:30 AM, Jeff Kell jeff-k...@utc.edu wrote: On 4/9/2013 12:16 AM, Mike wrote: It it helps. I do also have dot1q native vlan tagging enabled. I just can't see inside of the switch and understand where my frames are going. If I put it into switchport mode access, and switchport access vlan 6, it all works fine and I see mac addresses in the table. If you enable native vlan tagging, it will drop any untagged frames. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
Weird. I just set this exact thing up this afternoon and it works fine. Untagged frames on the trunk are tagged with the native vlan. -- Sent from my mobile device On 2013-04-09, at 12:30 AM, Mike mike-cisconspl...@tiedyenetworks.com wrote: On 04/08/2013 09:23 PM, Jason Lixfeld wrote: Try adding 6 to the allowed list on the trunk. I did, no dice. Also my example says 'vlan 100' but really I mean I want vlan 6 to receive the untagged traffic, as you have surmised. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
