CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 14 of 14

Thread: no vlan 1 in gaia interface configuration

  1. #1
    Join Date
    2007-07-29
    Posts
    20
    Rep Power
    0

    Default no vlan 1 in gaia interface configuration

    just trying to add vlan 1 in gaia, its states that the min value for this is 2.
    what am i missing???
    its a 4600 ip appliance runnign r75.40, 2.6.18-92cp

  2. #2
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    855
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    This is CheckPoint's mistaken idea about VLAN tagging. I can only think they got it from the cisco world where a native vlan defaults to 1 on a trunk interface. They didnt realize the default native vlan can be changed, thus resulting in tagged frames from vlan 1.

    Interesting enough, in SecurePlatform, you can manually create a vlan 1 tagged interface (vconfig). You can likely do it in GAIA as well, but it wont survive a reboot.

    But, to be fair, even cisco says, for security reasons, not to use VLAN 1 for anything legitimate. It is a good recommendation.

  3. #3
    Join Date
    2007-07-29
    Posts
    20
    Rep Power
    0

    Default Re: no vlan 1 in gaia interface configuration

    yes, i've since been told it was a hang over from splat, ipso was fine...so when they mashed up the two into gaia they took the ipso version over splat and mandated no vlan1 for trunked i/fs.

  4. #4
    Join Date
    2015-08-26
    Posts
    77
    Rep Power
    2

    Default Re: no vlan 1 in gaia interface configuration

    Is there a way to set the Native Vlan for an interface like we can do with Cisco?

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,266
    Rep Power
    7

    Default Re: no vlan 1 in gaia interface configuration

    Quote Originally Posted by jerryroy1 View Post
    Is there a way to set the Native Vlan for an interface like we can do with Cisco?
    What is it your trying to do? Create a vlan1 interface?

  6. #6
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    901
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    VLAN tag 1 is a native VLAN, does not require a tag. It is not available on a trunk interface with Check Point
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  7. #7
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    855
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    Resurrection is a real thing. Just look at this thread.. :)

    "Native VLAN" is a cisco term for untagged ethernet frames on a trunk interface.

    You can configured the base interface and have tagged logical/sub-interfaces on GAIA, SecurePlatform, IPSO etc.

    Just configure the untagged part of the CheckPoint interface.

  8. #8
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    901
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    And just a side note, R75.40 is not supported for almost a year.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  9. #9
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,266
    Rep Power
    7

    Default Re: no vlan 1 in gaia interface configuration

    Quote Originally Posted by alienbaby View Post
    Resurrection is a real thing. Just look at this thread.. :)

    "Native VLAN" is a cisco term for untagged ethernet frames on a trunk interface.

    You can configured the base interface and have tagged logical/sub-interfaces on GAIA, SecurePlatform, IPSO etc.

    Just configure the untagged part of the CheckPoint interface.
    yeah, if checkpoint will allow you to do this that should work. Or if your native vlan isn't 1 just make a new vlan interface with said tag and allow it on the trunk port, which of course wouldn't work at all and would be stupid.
    Last edited by jflemingeds; 2017-01-12 at 00:16.

  10. #10
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    855
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    Quote Originally Posted by jflemingeds View Post
    yeah, if checkpoint will allow you to do this that should work. Or if you native vlan isn't 1 just make a new vlan interface with said tag and allow it on the trunk port.
    That won't exactly work.. That scheme will only work in one direction.. from firewall to switch.. and that's assuming the switch isn't smart enough to recognize that; Hey, I should have gotten this frame untagged; bit bucket. Replies would come back at the firewall untagged.. and be ignored; since likely no IPv4 stack is spun up on the untagged aspect of the interface.

    remember.. Native VLAN is cisco terminology for Untagged Ethernet Frame. If the switch needs to transmit a frame for a given VLAN.. and that VLAN is the 'Native VLAN', then the frame will be transmitted without 802.1q tagging..

    If an untagged ethernet frame is received by the switch.. it will be placed into the Native VLAN of the receiving switchport..

    We're feeding it.. the undead thread is growing stronger..

  11. #11
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,266
    Rep Power
    7

    Default Re: no vlan 1 in gaia interface configuration

    I don't understand why you misquoted my comment, but i think you should stop.

    ... omg look at that thing! </runsaway>
    Last edited by jflemingeds; 2017-01-12 at 00:46. Reason: true or false, which is it damn it?

  12. #12
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    901
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    Guys, anyone figured out how to use VLAN1 with VSX trunk interface? If so, please share
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  13. #13
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,266
    Rep Power
    7

    Default Re: no vlan 1 in gaia interface configuration

    Quote Originally Posted by varera View Post
    Guys, anyone figured out how to use VLAN1 with VSX trunk interface? If so, please share
    Well, as the baby pointed out, if you want to use native vlan on a trunked interface then you need to IP the phsyical interface not a vlan interface.

    Is 1 the native vlan in this case or not?

  14. #14
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    901
    Rep Power
    12

    Default Re: no vlan 1 in gaia interface configuration

    Quote Originally Posted by jflemingeds View Post
    Well, as the baby pointed out, if you want to use native vlan on a trunked interface then you need to IP the phsyical interface not a vlan interface.

    Is 1 the native vlan in this case or not?
    It is a native VLAN in the customer's environment, untagged. That's why we are using a separate physical interface, which is a shame. Need to put it on a trunk, but cannot. Hence the question.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Bulk VLAN interface migration
    By Sn1ffer in forum Check Point SecurePlatform (SPLAT)
    Replies: 2
    Last Post: 2013-03-07, 05:59
  2. mgmt-port in Gaia configuration ?
    By messalina in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2013-02-07, 03:38
  3. Vlan configuration
    By marcko32 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 3
    Last Post: 2010-11-22, 18:21
  4. VLAN configuration in NGX 65
    By renato_rj in forum Miscellaneous
    Replies: 3
    Last Post: 2009-10-08, 10:50
  5. VLAN Configuration in SecurePlatform with trunk
    By ngsud in forum Check Point SecurePlatform (SPLAT)
    Replies: 5
    Last Post: 2008-12-16, 17:10

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •