Netonix Forums

WS-12-DC FW=1.3.3 HW=D

Inside interface 1 the VLANs that are in the allowed VLANs are 3001,3002,4000,4001

However in the MAC table of the device that is out interface 1 shows all the above and 303,2002,3005

In my understanding if the only VALNs that in the allowed table are 3001,3002,4000,4001 then why is that device out interface 1 seeing ALL VLANs in that switch.

I tried to 'toggle' the choices of;
U - Untagged, Q - QinQ, T - Tagged, E - Excluded
to E for Excluded the VLANs I don't want going to that port but the choice of E is not one of them.


John

I think I now understand. Netonix does not use a implicit allow list like we do with our Cisco gear. (see below)

switchport trunk allowed vlan 201,302-305,355,2002,3001,3002,3005,4001

You seem to have the implicit allow list up in the trunk port, however it appears after watching your video again, it is not used. Or at least if we do put ONLY the VLANs we want in the list, it does not matter, the Netonix still only follows the info in the cross matrix.

So for now, we will not use the "trunk Port" up top as it appears it has no use.

John

Remember for the Trunk Port / VLAN List to work the user must apply it to both ingress and egress ports.

If you just apply Trunking/List only on the ingress port the switch will have no destination for the packets from the VLANs in the Access List to egress so they are dropped.

I asked Eric to verify the List works today, right now he is working on the false fan failures.

We have v1.3.5 coming out this weekend hopefully which has a lot of fixes and enhancements

It uses the Allowed VLANs list in addition to the matrix. Since you have a "T" on Port 1 of VLAN 303 it will be allowed on port 1.

The UI in 1.3.3 does not allow you to change the T to an E even if the VLAN is not include in the Allowed VLANs list. This will be fixed in 1.3.5. Then you can change the T to an E for Port 1 of VLAN 303 and it will work as you desire.