Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Super VLANs
© 2008 Foundry Networks, Inc.
Page 62 of 73
SwitchD3
(config)#
vlan
SwitchD3
(config vlan)#
create vlan10 10
SwitchD3
(config vlan)#
config vlan10
SwitchD3
(config vlan vlan10)#
add ports 1/1/1,1/1/2 tagged
SwitchD3
(config vlan vlan10)#
add ports 1/1/8 untagged
SwitchD3
(config vlan vlan10)#
add ports default 1/1/8
SwitchD3
(config-vlan vlan10)#
exit
4. Configure VLAN100:
SwitchD3
(config)#
vlan
SwitchD3
(config vlan)#
create vlan100 100
SwitchD3
(config vlan)#
config vlan100
SwitchD3
(config vlan vlan100)#
add ports 1/1/1,1/1/2 tagged
5. Set an ACL:
SwitchD3
(config)#
access-list 100 permit ip any any
5.
Set the TLS uplink ports:
SwitchD3
(config)#
interface 1/1/1
SwitchD3
(config-if 1/1/1)#
tls uplink
SwitchD3
(config-if 1/1/1)#
interface 1/1/2
SwitchD3
(config-if 1/1/2)#
tls uplink
6.
Set the non-TLS user port:
SwitchD3
(config-if 1/1/2)#
interface 1/1/8
SwitchD3
(config-if 1/1/8)#
ip access-group 100 option
SwitchD3
(config-if 1/1/8 acg 100)#
redirect vlan 100 span-root-track
SwitchD3
(config-if 1/1/8 acg 100)#
apply
SwitchD3
(config-if 1/1/8)#
residential-user enable
SwitchD3
(config-if 1/1/8)#
end
Configuring Switch SW:
1. Configure VLAN10:
SwitchSW
(config)#
vlan
SwitchSW(
config vlan)#
create vlan10 10
SwitchSW
(config vlan)#
config vlan10
SwitchSW
(config vlan vlan10)#
add ports 1/1/1,1/1/2 tagged
SwitchSW
(config vlan vlan10)#
add ports 1/1/8 untagged
SwitchSW
(config vlan vlan10)#
add ports default 1/1/8
SwitchSW
(config-vlan vlan10)#
exit
2. Configure VLAN100:
SwitchSW
(config)#
vlan
SwitchSW
(config vlan)#
create vlan100 100
SwitchSW
(config vlan)#
config vlan100
SwitchSW
(config vlan vlan100)#
add ports 1/1/1,1/1/2 tagged
SwitchSW
(config vlan vlan100)#
add ports 1/1/8 untagged
In the example topology all ports participating in the MSTP ring are tagged members of VLAN 10
and VLAN 100. The outgoing port on SW that connects to the server (1/1/8) is an untagged
member of the transport VLAN 100. This way the VLAN tag of the translated traffic (with double
tag 100 covering 10) will be stripped and the user traffic will flow to the user VLAN 10.