Robert121281
Contributor
Contributor

VDS uplink ports (VLAN Trunking) - Enforced?

Hi,

I am running a VDS version 7.0. In my uplink port-group, there are 2 ports. Let's say on my physical switches I allow VLAN 100-200. My uplink port-group should be configured as well with 100-200, so the allowed VLANs match on on both ends

I figured out that even if I would only allow VLAN 100 on the VDS, I can still reach everything in other VLANs behind my VDS. Does this VLAN allowed list have any effect on the VDS side? Looks like whatever I configure there, it just makes no difference. I get traffic for those VLANs in (they obviously need to be allowed on the physical side).

Thanks for your help.

Regards,

Robert

0 Kudos
2 Replies
shank89
Expert
Expert

VLAN pruning should be working as long as you have configured it correctly.  Can you post a diagram, images or anything to show how you have things configured.  What you are expecting and what you are currently seeing?

Shashank Mohan

VCAP-NV 2020 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
0 Kudos
Lalegre
Virtuoso
Virtuoso

Hey @Robert121281,

Basically if you allow on the VDS port the trunk for only the VLANs 100 and 200 that is the only traffic you will get for L2 connectivity however you are saying that you can reach other VLANs without any issues.

Connectivity from VLAN to VLAN is made by L3 connectivity so if you have a VM for example or a T0 or whatever in VLAN 100 and you ping for example a VM in VLAN 300 and the routing is in place of course you will reach it.

Of course many of these factors will depend on how you have it configured. 

0 Kudos