VLAN translation, or how tag an untagged VLAN through a Cisco 3560
Solution 1
Short answer: You have a switch. You can't.
Longer answer: Possible solutions: VLAN 10 on port 1, VLAN 10 (access port = untagged) on port 2, VLAN 20 (access port = untagged) on port 3, VLAN 20 (tagged) on port 4.
Connect port 2 to port 3, disable CDP, DTP and spanning tree (or the switch will know what you're doing and disable the port). Tada! You have now connected VLAN 10 to VLAN 20. Adapt this method to suit your situation. Waste 2 ports per "bridge".
You may also want to look at bridged interfaces (bridge-group, int bri) if your switch supports that. Doesn't do much, but may be what you want in some situations.
If you want to mix and match (output VLAN 10 tagged with dot1q tag 20 on this port) you can't do it with a switch. Well, the least you'll need in a switch would be a 7600 with the expensive linecards, their name escapes me. It's called vlan remapping IIRC.
Remember, even a layer 3 switch is just a switch.
Solution 2
A routed interface (if it is indeed a routed interface with "no switchport") on a 3560 isn't actually on a VLAN, it's just a routed interface. If you need two interfaces on this vlan just put both the current routed port in the VLAN as an access port and the second port as a tagged port with vlan 20 in the allowed vlan list, then an SVI with the routed address.
vlan 20 name vlan20 ! int g0/1 desc old routed port switchport mode access switchport access vlan 20 ! int g0/2 desc trunk with tagged vlan 20 switchport mode trunk switchport trunk allowed vlan 20 ! int vlan 20 ip address 192.168.20.254 255.255.255.0 !
Related videos on Youtube
Paul
Updated on September 17, 2022Comments
-
Paul over 1 year
Our 3560 has a routed interface on the native (untagged) VLAN 1 connected to one port. How would I also pass that VLAN through to another port, but tag it to appear as VLAN 20 on that other port?
EXPLANATION ADDED IN RESPONSE TO COMMENTS:
I have a multi-site Metro Ethernet on the untagged VLAN. Recently added a fiber link from one site to a new site that's not on the Metro. I can just use the native VLAN on the fiber, but I'd like to know if can choose to tag it.
On our Brocade/Foundry FCXs it's easy, and I hoped Cisco had an equivalent:
vlan 20 untagged e 1/1/1 tagged e 1/1/2
You might think of it as a simple form of VLAN translation.
FOLLOW-UP, ADMITTEDLY A STRETCH:
When a physical port sees VLAN 1 (untagged) and VLAN 5 (tagged), can another physical port carry the VLAN 1 traffic but tag it as VLAN 20? In another approach toward a similar end, if port A is an access port in VLAN 1 and port B an access port (untagged) in VLAN 20, can you cross-connect them w/o blowing up the switch, perhaps if you first disable cdp?
-
Paul about 13 yearsSee revised question above.
-
HampusLi about 13 yearsMy answer below lists that exact config, just skip the vlan interface if you don't need that part.
-
-
Paul about 13 yearsThanks. Turns out my "routed interface" is "int vlan 1" with an IP, so I guess it's on a VLAN w/o "no switchport"! And since I'll need q-in-q on the MetroE in the future, the question becomes the follow-up added above.
-
SpacemanSpiff about 13 yearsThe above was to be my next proposal...
-
Paul about 13 yearsApparently Cisco will translate VLANs on various 6500 linecards if you run 12.2(17b)SXA or later. See cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/… VLAN translation is also a service provider/Metro Ethernet switch feature for several vendors. Thanks for helping me learn a lot!