...
- Setting
vlan-mode=secure
ensures strict use of VLAN table. - Setting
vlan-header=always-strip
for access ports removes VLAN header from frame when it leaves the switch chip. - Setting
vlan-header=add-if-missing
for trunk port adds VLAN header to untagged frames. default-vlan-id
specifies what VLAN ID is added for untagged ingress traffic of the access port.
Note |
---|
For devices with QCA8337 and Atheros8327 switch chips a default vlan-header=leave-as-is should be used. When vlan-mode=secure is configured, it ignore switch port vlan-header options. VLAN table entries handle all the egress tagging/untagging and works as vlan-header=leave-as-is on all ports. It means what comes in tagged, goes out tagged as well, only default-vlan-id frames are untagged at the egress of port. |
VLAN Example 2 (Trunk and Hybrid Ports)
...
Code Block | ||
---|---|---|
| ||
/interface ethernet switch port set ether1 default-vlan-id=1 vlan-header=add-if-missing vlan-mode=secure set switch1-cpu default-vlan-id=1 vlan-header=leave-as-is vlan-mode=secure |
...
Note |
---|
This configuration example is not possible for devices with the Atheros8316 and Atheros7240 switch chips. For devices with QCA8337 and Atheros8327 switch chips it is possible to use any other |
...