Evil TTL - Network Solutions
Evil TTL   >   Asymmetric VLAN

Evil_TTL> show | s

Asymmetric VLAN

Category:Cisco Systems -> Routing and Switching

Introduction to Asymmetric VLANs

One of my colleagues has recently got an assignment to configure a trunk between an Allied Telesis switch 950 series and Cisco Catalyst 3560. I’ve been monitoring the process from start to finish and noticed that he had some difficulties with asymmetric VLANs in Allied Telesis. In this article, I will give basic description of asymmetric VLAN configuration principles and provide an actual example of a trunk configuration between Allied Telesis and Cisco switches.

Traditionally speaking, L2 switches used to have no ability to switch between VLANs. To transport traffic between two different VLANs you had to route it through an L3 device like an L3 switch or a router. Modern “L2” Cisco switches can route between VLANs with some restrictions though. The key word is “route”. Asymmetric VLANs can help you “switch” between VLANs and between different broadcast domains respectively. The main logical element for understanding asymmetric VLANs is that any switch port can exchange traffic among as many VLANs as wished and be restricted at will.

Let me give you an example. Imagine a switch. The switch has 5 ports. You connect PCs to ports 1-2 and 4-5. A server is connected to port 3. The objective is to restrict traffic between ports 1-2 and 4-5 and allow traffic between port 3 and any other port on the switch. To accomplish the task you have to assign ports 1-2 and 3 to VLAN1, ports 4-5 and 3 to VLAN2, ports 1-5 to VLAN3. The next step is to make sure that frames from network devices will get into appropriate VLANs. You have to use Port VLAN Identifiers for this or PVID for short. Assign PVID1 to ports 1-2, PVID3 to port 3 and PVID2 to ports 4-5.

Refer to the following diagram for better understanding of what I’ve just talked about.

Asymmetric-VLAN-10.png

The logic behind this is the following – any frames received on ports 1-2 will be marked with 1 and will be in the same broadcast domain with ports 1-2 and 3. Any frames received on ports 4-5 will be marked 2 and will be in the same broadcast domain with ports 4-5 and 3. Any frames received on port 3 will be marked with 3 and will be in the same broadcast domain with ports 1-2 and 4-5.

VLANs between Cisco 3560 and Allied Telesys AT-GS950

Now let’s get over to the real life example. The lab environment was organised in the following way:

Asymmetric-VLAN-20.png

Allied Telesis doesn’t support CLI, so configurations have to be made in web interface primarily. If you save the configuration onto your hard drive you will be able to edit it easily and reupload it back. On our Allied Telesis the web interface appeared to be glitchy – some menu options didn’t open at all no matter what firmware was used. I guess it was because of a faulty hardware or bootloader or whatever.

Allied Telesis 950 VLAN configuration:

Asymmetric-VLAN-30.png

Asymmetric-VLAN-40.png

In config file it would look like:

!
interface vlan50
member 1-2,47-48
name VLAN50
untagged 1-2

Check VLAN 50 status:

Asymmetric-VLAN-50.png

To configure PVID go to Bridge – VLAN – Default Port VLAN & CoS:

Asymmetric-VLAN-60.png

The web page for PVID configuration didn’t open, so the configuration was saved, edited and reuploaded with the following changes:

!
interface GigabitEthernet1/1
PVID 50
!
interface GigabitEthernet1/2
PVID 50

VLAN 1 was left untouched:

Asymmetric-VLAN-70.png

Cisco VLAN configuration:

!
interface FastEthernet0/1
 switchport access vlan 50
 switchport mode access
!

!
interface Vlan50
 ip address 192.168.50.1 255.255.255.0

LACP between Cisco 3560 and Allied Telesys AT-GS950

1. Cisco configuration.

Virtual interface:

interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport mode trunk 

Physical interface:

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode active 

2. Allied Telesis configuration.

Go to Bridge – Trunk Config – Trunking (page didn’t open)

Asymmetric-VLAN-80.png

Or change the configuration file accordingly:

ip address 192.168.50.100 255.255.255.0
ip default-gateway 192.168.50.1
!
!
!
lacp 1 47-48 Passive 

Check aggregated ports on Allied Telesis:

Asymmetric-VLAN-90.png

Check EtherChannel on Cisco:

c3560#sh etherchannel summary
Flags:  down        P bundled in port-channel
        I stand-alone s suspended
        H Hot-standby (LACP only)
        Layer3      S Layer2
        U in use      failed to allocate aggregator

        M not in use, minimum links not met
        u unsuitable for bundling
        w waiting to be aggregated
        d - default port
Number of channel-groups in use: 1
Number of aggregators:           1
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P)    Gi0/2(P

This is how the configuration file looks like on Allied Telesis 950 switch:

! -- start of config file -- 
! -- Software Version AT-S106 V1.2.0 [1.0.4.06] Jul 11 2011 10:55:00 -- 
!
enable
config
!
!
!
ip address 192.168.50.100 255.255.255.0
ip default-gateway 192.168.50.1
!
!
!
lacp 1 47-48 Passive
!
!
!
!
!
!
!
!
!
!
!
interface vlan1
member 1-48
name "Default VLAN"
untagged 1-48
!
interface vlan50
member 1-2,47-48
name VLAN50
untagged 1-2
!
exit
!
!
interface GigabitEthernet1/1
PVID 50
!
interface GigabitEthernet1/2
PVID 50
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48

! -- end of configuration -- 
By privilege15