We have a pair of Adtran 3205 (Gen 3, AOS 17.7.2) connected to each other with dry pairs (copper), operating in transparent bridging mode between buildings. I'm currently pushing 3 VLAN's across that link and traffic is flowing nicely.
Recently we have tracked down some stray untagged packets emanating from the near end 3205. When I configure "discard untagged frames" on the trunk port of the connected switch, the stray traffic stops, but I also loose communcation with the 3205 even though it is still passing traffic.
I'm guessing that the management communication is/was working via untagged native packets.
I tried re-configuring to use VLAN specific sub-interfaces with a defined native VLAN rather than a BVI interface using the hints in this thread --> https://supportforums.adtran.com/thread/2177, but I'm still not able to communicate with the 3205.
I must be missing something that points the management interface to the proper tagged traffic.
Can someone point me in the right direction?
Thank you for asking this question in the support community. There is a note on page three of the Configuring Bridging in AOS document that reads:
If IRB is used to pass 802.1Q encapsulated Ethernet frames, the BVI interface IP address can only be used for management of the AOS unit from the native (untagged) VLAN.
Therefore, if you would like to block untagged traffic, you will have to manage the AOS device via the console connection. I hope that makes sense, but please let me know if you have any additional information or questions. I will be happy to help in any way I can.
Levi
Thank you for asking this question in the support community. There is a note on page three of the Configuring Bridging in AOS document that reads:
If IRB is used to pass 802.1Q encapsulated Ethernet frames, the BVI interface IP address can only be used for management of the AOS unit from the native (untagged) VLAN.
Therefore, if you would like to block untagged traffic, you will have to manage the AOS device via the console connection. I hope that makes sense, but please let me know if you have any additional information or questions. I will be happy to help in any way I can.
Levi
Having read through the Bridging Configuration instructions and doing some more experimenting with a spare 3205 set up here on my bench, I agree with your answer. In IRB mode using a BVI interface, we must allow native untagged traffic in order to communicate with the BVI management ip address.
My "Plan B" from the first post was to configure what the manual refers to as "legacy bridging mode". However the manual says that is no longer an option in the latest software release. Any idea why not? I did some experimenting with the spare and the results are promising but contradictory. No way to be sure that I'm configuring it correctly though. I'd like to do some more experimenting with the live setup but I won't get a maintenance window until next week.
Reviewing the manual, my live installation is missing the command "ppp bcp tagged-frame". What problems might that cause?
You will have to run firmware prior to 17.07.00 to configure "legacy bridging." ADTRAN recommends that legacy bridging not be used if the AOS unit is capable of running firmware that supports IRB.
When passing VLAN tagged traffic over a bridged PPP link, the link must be negotiated in BCP with the ppp bcp tagged-frame command. Therefore, I would recommend adding that command to the PPP interface configuration.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor