With Nortel/Avaya switches, a trunk port automatically tags all packets in all VLANs (unlike Cisco) when the port is configured at TagAll. If you are looking to untag the PVID (default/native VLAN) then you need to configure the port as UnTagPVIDOnly.
Good Luck!
I'm so glad I found this post! I'm trying get more educated about when a ports VLAN membership differs from its PVID. Or if it is a member of multiple VLANs and the PVID may or may not be one of those VLANs.
Scenario 1.
VLAN members 1 none
VLAN members 2 1/1-46
VLAN members 3 1/47-47
vlan ports 1-48 pvid 1
What tag is put on the packets from int 1/4 going out across the trunk?
Scenario 2.
VLAN members 1 ALL
vlan ports 1-46 pvid 2
vlan ports 47-48 pvid 3
What tag is put on the packets from int 1/4 going out across the trunk?
Scenario 3: If all ports are members of VLAN1 and 3, but the access ports are configured with pvid 3, and the trunk ports with pvid 4; If I trunk this across to another switch what comes out of the other side to my cisco switch? On the cisco side which untagged access vlan would I need to set to get data from one of my nortel access ports?
vlan configcontrol autopvid
auto-pvid
vlan name 1 "Mgt"
vlan create 2 name "x" type port
vlan create 3 name "y" type port
vlan create 4 name "z" type port
vlan ports 1-46 tagging unTagAll filter-untagged-frame disable filter-unregistered-frames enable pr
iority 0
vlan ports 47-48 tagging tagAll filter-untagged-frame disable filter-unregistered-frames disable pr
iority 0
vlan members 1 ALL
vlan members 2 47-48
vlan members 3 ALL
vlan members 4 47-48
vlan ports 1-46 pvid 3
vlan ports 47-48 pvid 4
vlan mgmt 4
Bonus: Would any of these scenarios make allowances for VLAN hopping or Double encapsulation attack? From what I've read D.E. can be done by an attacker who has access to a switch port belinging to the native VLAN of the trunk port. It appears that scenario 1 would be vulnerable to D.E. If correct, Would the vlan ports 1-46 tagging unTagAll mitigate that
Thanks
