Versions Compared

Old Version 13

changes.mady.by.user Edgars P.

Saved on

compared with

New Version 14

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Setting vlan-mode=secure ensures strict use of VLAN table.
  • Setting vlan-header=always-strip for access ports removes VLAN header from frame when it leaves the switch chip.
  • Setting vlan-header=add-if-missing for trunk port adds VLAN header to untagged frames.
  • default-vlan-id specifies what VLAN ID is added for untagged ingress traffic of the access port.
Note
For devices with QCA8337 and Atheros8327 switch chips a default vlan-header=leave-as-is should be used. When vlan-mode=secure is configured, it ignore switch port vlan-header options. VLAN table entries handle all the egress tagging/untagging and works as vlan-header=leave-as-is on all ports. It means what comes in tagged, goes out tagged as well, only default-vlan-id frames are untagged at the egress of port.


VLAN Example 2 (Trunk and Hybrid Ports)

...

Code Block
languageros
/interface ethernet switch port
set ether1 default-vlan-id=1 vlan-header=add-if-missing vlan-mode=secure
set switch1-cpu default-vlan-id=1 vlan-header=leave-as-is vlan-mode=secure

...


 Note
This configuration example is not possible for devices with the Atheros8316 and Atheros7240 switch chips. For devices with QCA8337 and Atheros8327 switch chips it is possible to use any other default-vlan-id as long as it stays the same on switch-cpu and trunk ports. For devices with Atheros8227 switch chip only default-vlan-id=0 can be used and trunk port must use vlan-header=leave-as-is.
...