Configuring Trusted or Untrusted Ports and VLANs

You can configure an Ethernet Ethernet is a network protocol for data transmission over LAN. port as an untrusted access port or configure trusted and untrusted ports and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in trunk mode. Use the following procedures to define access ports and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. as trusted or untrusted. For more information on trusted vs untrusted ports and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., see Trusted and Untrusted Ports and VLANs

Configuring an Ethernet port as an Untrusted Access Port

You can configure an Ethernet Ethernet is a network protocol for data transmission over LAN. port as an untrusted access port, assign VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and classify them as untrusted, and designate a policy through which VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. traffic on this port must pass.

The following procedure configures an Ethernet Ethernet is a network protocol for data transmission over LAN. port as an untrusted access port:

  1. In the Mobility Master node hierarchy, navigate to the Configuration > Interfaces > Ports tab.
  2. Select the port you want to configure from the Ports table.
  3. Select the Trust check box to make the port trusted. The default is Untrusted.
  4. In the Mode drop-down list, select Access.
  5. From the VLAN drop-down list, select the VLAN whose traffic will be carried by this port.
  6. Select the VLAN trust check box to make the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. trusted. The default is Untrusted.
  7. In the VLAN policy drop-down list, select the policy through which VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. traffic must pass. You can select a policy for both trusted and untrusted VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..
  8. Select whether Tunneled node should be Enabled or Disabled.
  9. Click Submit.
  10. Click Pending Changes.
  11. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure an Ethernet Ethernet is a network protocol for data transmission over LAN. port as an untrusted access port:

(host) [mynode] (config) #interface range gigabitethernet <slot>/<module-start>/<port-start>-<module-end>/<port-end>

(host) [mynode] (config-if)#switchport access

(host) [mynode] (config-if)#no trusted

(host) [mynode] (config-if)#switchport access vlan <vlan>

(host) [mynode] (config-if)#no trusted vlan <vlan>

(host) [mynode] (config-if)#ip access-group ap-acl session vlan <vlan>

(host) [mynode] (config-if)#ip access-group validuserethacl in

(host) [mynode] (config-if)#ip access-group validuserethacl out

(host) [mynode] (config-if)#ip access-group validuser session

Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode

The following procedures configure a range of Ethernet Ethernet is a network protocol for data transmission over LAN. ports as untrusted native trunks ports, assign VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and classify them as untrusted, and designate a policy through which VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. traffic on the ports must pass.

The following procedure configures trusted and untrusted ports and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in trunk mode:

  1. In the Mobility Master node hierarchy, navigate to the Configuration > Interfaces > Ports tab.
  2. Select the port you want to configure from the Ports table.
  3. For Mode select Trunk.
  4. To specify the native VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from the Native VLAN drop-down list.
  5. Choose one of the following options from the Allowed VLANs drop-down list to control the type of traffic the port carries:
  1. Click Submit.
  2. Click Pending Changes.
  3. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure trusted and untrusted ports and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in trunk mode:

(host) [mynode] (config) #interface gigabitethernet <slot>/<module>/<port>

(host) [mynode] (config-if)#description <string>

(host) [mynode] (config-if)#trusted {vlan <word>}

(host) [mynode] (config-range)#switchport mode trunk

(host) [mynode] (config-if)#switchport trunk native vlan <vlan>

(host) [mynode] (config-range)#ip access-group test session vlan <vlan>