XGS1930-28 vlan trunking support

Hello Folks

My client has 2 professional routers connected to each other via fiber (SFP+). Each port is a vlan trunk port carrying multiple VLANs.

I purchased a XGS1930-28 to connect it between the 2 routers and use its mirroring capabilities.

Topology is quite simple:

R1 (1 trunk port/multiple VLANs with 802.1q vlan tagging) <---> XGS1930-28 <---> R2 (1 trunk port/multiple VLANs with 802.1q vlan tagging)

The 3 devices are connected via 10GE SFP+ ports. Now I fail to have a connection between R1 and R2 when the XGS1930-28 is in between. This makes me doubt about the concept of trunking on zyxel switch. It seems only capable to interconnect multiple switches to carry a single VLAN per "trunk" port.

If there's a way to forward multiple VLANs trunk, please let me know how to.

Thank you in advance.

Stephane

«1

All Replies

  • AlfonsoAlfonso Member Posts: 195  Master Member

    Hi @Watershed

    Welcome to the forum. I hope you spend a good time with us.

    Your architecture should work, R1 and R2 should reach each other via trunk port and switch.

    I suggest to post more detail of the switch configuration, I suppose the issue could be a misconfiguration.

    If you let me give you some advice, deploy only one switch to connect both routers is not best practice architecture. Each router should be connected to one switch providing real high availability. Currently one switch is a one point of failure.

    On a preproduction enviroment, it could be enough, but if it is a production enviroment, i recommend to deploy a second switch.


    Regards

  • AceAce Member Posts: 13  Freshman Member

    This description I found from help page:

    Enable VLAN Trunking on ports connected to other switches or routers to allow frames belonging to unknown VLAN groups to pass through the Switch.


    Did you create static vlan on XGS1930?

    If yes, did you add vlan member for R1/R2 these two ports?

  • Hi

    Thank you for the quick response. We are in lab environment. It's only for troubleshooting and mirroring purpose. Fiber taps are unfortunately lot more expensive. I tried many config thall failed.

    First thing was to indeed to enable trunking on the two 10GE fiber ports connected to R1 and R2 (I verified the link state was up on both ends, so no SFP+ problem). Each port on the switch receives 802.1q tagged traffic from multiple VLANs.

    R1 and R2 have both an interface trunk 1 to which multiple VLANs are assigned with 802.1q encapsulation enabled. Then the physical xgige port is assigned to the trunk.

    I was under the impression that the switch would either add or remove vlan tag instead of forwardind "as is".

    Configuring trunk port, with or without creating the vlans and associate them to these ports on the switch, with or without vlan tagging etc... None worked.

    I'll post more details once back in the lab

    Thanks !!

  • Zyxel_LuciousZyxel_Lucious Zyxel Official Agent Posts: 104  mod

    Hi @Watershed


    Welcome to Zyxel community!

    For starters, VLAN trunking on Zyxel, is to allow traffics belonging to unknown VLAN groups to pass through the Switch (with tagged-out). If you have static VLAN, the associated VLAN packets will be tagged/untagged-out depending on what you've configured.

    You can deploy your lab following this basic concept.

    If there is still issue, feel free to provide the current config file of your XGS1930 and also describe your desired scenario as detailed as possible, we'll be pleasant to give support accordingly.


    Sincerely,

    Zyxel_Lucious

  • Hello Zyxel_Lucious

    When you mention "unknown VLAN groups to pass through the Switch (with tagged-out)", do you mean by there untagged traffic ? What if all the traffic coming from the trunk ports on R1 and R2 is tagged ?

  • Now, for the time being it is crucial that vlan2 traffic from/to R1 and R2 makes it through.

    On R1, the config is this:

    interface vlan 2
      encapsulation dot1q
      trunk 1 
      ip address XXX.XXX.XXX.XXX 255.255.255.240
    end
    
    interface vlan 4
      encapsulation dot1q
      trunk 1 
      ip address XXX.XXX.XXX.XXX  255.255.255.224
    
    interface vlan range 4001 4094
      encapsulation dot1q
      trunk 1 
    
    interface trunk 1
    xgige 6/0 mode active
    end
    


    As you can see below, I am using port 25/26 to interconnect R1 and R2 via fiber. I checked again and the link state is up and forwarding.

    On the switch:

    VLAN port setting:


    Static VLAN config (VLAN2):


  • Zyxel_LuciousZyxel_Lucious Zyxel Official Agent Posts: 104  mod
    edited August 14, 2019 12:57PM

    Hi @Watershed


    According to your configuration screenshots, the behavior would be following:

    1. Untagged ingress packets to port 25 & 26 will be tagged with VLAN 2 (PVID 2).
    2. Ingress packets tagged with VLAN 2 can ONLY communicate between port 25 & 26, and will be tagged-out from port 25 & 26.
    3. Ingress packets tagged with VLANs (except VLAN 2) to other ports (except port 25 & 26) will also be tagged-out from port 25 & 26.

    If there is further concern/thought, please share with us.


    Zyxel_Lucious

  • Thanks Zyxel_Lucious

    It's more clear what it does.

    Ingress packets tagged with VLAN 2 can ONLY communicate between port 25 & 26, and will be tagged-out from port 25 & 26.

    That's my problem. I don't want the packets to be tagged out from ports 25/26.

    I need to find a way to re-tag the egress packet so they keep the VLAN tag.

    Thanks.

  • AceAce Member Posts: 13  Freshman Member

    If you don't want to be tagged out from port 25/26, why did you configure VLAN-Trunking?

    You want to untag for VLAN2 on port 25/26, other vlans need to be tagged out?

  • Actually, I want to forward all packets without touching the VLAN tag at all if possible.

    I understand the configuration I was showing you might not be logical due to the fact I wasn't sure how the vlan tag was handled.

    The ingress packets when they reach the switch are all VLAN tagged and I want the egress packets to keep that VLAN tag when they leave the switch.

    Thanks.

Sign In to comment.