cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
DPB_Point
Nickel

Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Hello team,

 

I need to add a new subinterface for vlan 1, like:

bond2.1

 

Is there any way to tag vlan 1 in checkpoint? Cisco switches have the possibility to change native vlan for trunk and tag vlan 1 but I cannot find how to match this configuration in checkpoint.

 

Thank you in advance.

Daniel

0 Kudos
2 Solutions

Accepted Solutions
Danny
Pearl

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Not supported in Gaia as described in sk110096.

View solution in original post

Wolfgang
Gold

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Please had a look at the discussion here:

https://community.checkpoint.com/t5/General-Topics/Combine-VLAN-and-physical-interface-which-already...

and Creating VLAN interfaces on physical interface, which already has an assigned IP address in SecurePl...

It is not supported having an IP configured on the native interface if tagged VLANs used on that interface.

I know, it will work but you have problems if you need support from the vendor.

Wolfgang

View solution in original post

15 Replies

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution
Nope this is not possible in GAIA.
The native VLAN is what it is and you cannot add a VLAN lower than 2.
Regards, Maarten
Danny
Pearl

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Not supported in Gaia as described in sk110096.

View solution in original post

DPB_Point
Nickel

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Thank you all guys.

0 Kudos
DPB_Point
Nickel

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

The SK does not seem to apply R80.10 version. Do you know how can I notify checkpoint to update it?

Thanks!

0 Kudos

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

At the bottom of each sk there is a "Give us Feedback" window. Enter your comments into that window and click "Submit". A Content Developer from the SK Team will be assigned to take care of your feedback.

0 Kudos
Highlighted

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Please make sure you are logged in with your User Center credentials if you would like to hear back from us.

0 Kudos

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

One last comment: I am not sure why you thought sk110096 applies to R80.10. It clearly states the following versions:

R75.40, R75.40VS, R75.45, R75.47, R76, R76SP, R76SP.10, R76SP.10_VSLS, R76SP.20, R76SP.30, R77, R77.10, R77.20, R77.30.01

No R80.x here so actually nothing is wrong with the sk...

 

0 Kudos

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution
@Ronen_Zel this is not supported in any version of GAIA so INCLUDING R80.x, that is why the SK should be adjusted.
Regards, Maarten

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

The "Versions" field is now updated to "All".

Mike_A
Copper

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

I had this issue about 2 years ago when I migrated all my gateways from 1Gb interfaces to 10Gb and started trunking on the 10G interfaces. For some reason a predecessor of mine thought it to be a good idea and use VLAN 1 as an ID for the main subnet. 

I didn't realize that a bond0.1 could not be used until the night of cut over. What I did to work around this was, on the switch side, made the native VLAN on the interface to be 1, and allowed all the other VLAN's I wanted to tag. So the IP on my main bond0 would be the native IP on VLAN 1.

DPB_Point
Nickel

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Good workaround, I have configured L3 at bond interface too then change native vlan to be ID 1 at the switch side.

Thank you!

 

0 Kudos
Mike_A
Copper

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Glad it worked! 

0 Kudos
Wolfgang
Gold

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Please had a look at the discussion here:

https://community.checkpoint.com/t5/General-Topics/Combine-VLAN-and-physical-interface-which-already...

and Creating VLAN interfaces on physical interface, which already has an assigned IP address in SecurePl...

It is not supported having an IP configured on the native interface if tagged VLANs used on that interface.

I know, it will work but you have problems if you need support from the vendor.

Wolfgang

View solution in original post

Mike_A
Copper

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

I have a question here. If adding an IP address to the main interface that is utilizing VLAN tagging is not supported, and the support of VLAN ID 1 as a tagged VLAN is not supported. What is the suggestion on how to handle this? Burn another interface for a single VLAN when the use of VLAN ID 1 may be used in someones environment? 

Understood that it is not best practice to use VLAN ID 1, but when it is already used in a network from predecessors that may not have done things, the best way, and changing the VLAN ID from 1 to something else may be a huge lift for some individuals and/or organizations (as this may pertain to access ports changing, vSwitch on ESX, etc.). What is the recommendation? I'm not refuting the fact that not using it is the right move, and or not adding an IP to a main interface that is using tags is not supported. My question is really about what the recommendation would be in this situation to possible help others in the future before they get into this situation. 

0 Kudos
Danny
Pearl

Re: Gaia r80.10 tag vlan 1 and native vlan

Jump to solution

Correct. Use a separate interface and attach it natively to your switch. Then have your switch route it into Vlan 1.