VLANs Without 802.1Q Tagging

Answered Question
Mar 28th, 2008
User Badges:

We're working with an IDS vendor that cannot analyze 802.1Q tagged packets. Currently we have a Catalyst 37xx Stack with several VLAN's using 802.1Q tagging to trunk to a 2821 with several Ethernet subinterfaces.

Can we remove 802.1Q tagging and still trunk to the subinterfaces?

Correct Answer by sundar.palaniappan about 9 years 1 month ago

That's correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
sundar.palaniappan Fri, 03/28/2008 - 11:56
User Badges:
  • Green, 3000 points or more

I am afraid that's not possible. Without the vlan tag the router wouldn't be able to differentiate which VLAN the traffic belongs to. I don't know if making the switch handle all layer 3 traffic forwarding and making the port connected to 2811 an access port would meet your IDS requirement. As you are probably aware all traffic sent out on the access port wouldn't be tagged.



chrislisser Fri, 03/28/2008 - 12:42
User Badges:

So my best bet here if we want to eliminate 802.1Q is to put the router on it's own VLAN and then have the switch handle all VLAN routing?


This Discussion