Native VLAN mismatch
watchguard(M470)のVLANについて質問です。
VLAN設定するときにタグ無しトラフィックなどを設定しますが、その設定でNative VLANのミスマッチは起きますか?
L2SW(VLAN20)⇔Watchguard⇔L3SW(VLAN19)
L2SWから↓のメッセージ
Native VLAN mismatch discovered インターフェース名(20) with L3SW インターフェース名(19)
watchguardでのVLAN設定は↓
vlan19(inside)
192.168.19.1
inside(タグ無しトラフィック)
Outside(タグ無しトラフィック)
vlan20(Outside)
192.168.20.50
inside(タグ付きトラフィック)
Outside(タグ付きトラフィック)
L2SW
192.168.20.253
L3SW
192.168.19.254
Best Answer
-
For incoming packets on the firewall, the VLAN ID field of a packet will be cleared when being forwarded for a tagged VLAN. It will not be cleared for a untagged VLAN.
For outgoing packets on the firewall from a VLAN interface, you need to tell the firewall if it should set the VLAN ID into the VLAN ID field of the packet, or not, when sending.
When you have an interface with both tagged and untagged packets coming from a switch, the switch port is set to trunk, which is untagged, so that the VLAN ID is not cleared on all outgoing packets, and that the switch should look at the VLAN ID for all incoming packets.
0
Answers
Looks to me that the vlan19 packets are tagged.
They should not be in your current setup.
Sorry I sent it without translation.
Can I change the VLAN tag settings in Watchguard?
Set vlan19 on the WatchGuard as tagged.
Thanks for letting me know.
I noticed that I changed the tag to connect.
Why do I have to configure INSIDE and OUTSIDE on each VLAN instead of configuring INSIDE on VLAN 19 and OUTSIDE on VLAN 20 for the traffic?
Before changing settings
vlan19(inside)
192.168.19.1
inside(untagged traffic)
Outside (untagged traffic)
vlan20(Outside)
192.168.20.50
inside (tagged traffic)
Outside(tagged traffic)
After configuration change
vlan19(inside)
192.168.19.1
inside (untagged traffic)
Outside (no traffic)
vlan20(Outside)
192.168.20.50
inside (no traffic)
Outside (untagged traffic)
Translated with DeepL.com (free version)