I have just finished day one of a two day cutover window. Goal: centralization of services for the company, they had three distinct business units all operating separately (own domain, networking, ISP, telephony etc).
We had a design of how the network was to work and have applied configs to the switches accordingly.
| VLAN | Description |
|---|---|
| 1 (untagged) | Data |
| 20 | voice |
| 30 | cctv |
| 40 | guest |
| 50 | mgmt/servers |
I also have laid out my subnet scheme
| Site | Subnet |
|---|---|
| Site1 | 10.100.vlan.0/24 |
| site2 | 10.150.vlan.0/24 |
| site3 | 10.200.vlan.0/24 |
I ran into an issue with my WAN provider expecting tagged traffic on vlan1 rather than untagged. My trunk ports looked like this
spanning-tree port mode vlan participation include 1,20,30,40,50 vlan tagging 1,20,30,40,50 When PVID1 is 1, the default behaviour for the above is for 1 to be untagged, so i've just added a random PVID to force the behaviour they want to see:
spanning-tree port mode vlan pvid 999 vlan participation include 1,20,30,40,50 vlan tagging 1,20,30,40,50 This worked and during my circuit testing I had connectivity. Come today I've finished applying my switch configs, and internet connectivity is borked. My question is, do all my trunk ports between switches need to be PVID999 to force tagging on VLAN1, or only the switch/port that uplinks to the CPE? (I've done the former). I've left site for today without internet working which is disappointing (still got through more than expected). Tomorrow will just be troubleshooting internet connectivity issues. I can provide more design information or configs here, I just didn't want to load the post with too much information unnecessary
TLDR: tagging1 for WAN vendor CPE, do I need to tag1 between access layer switches when my default data vlan is untagged? 
No comments:
Post a Comment