Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
3
Replies

dot1q-tunneling and native frames ( untagged )

wjackson
Level 1
Level 1

‎02-06-2008 12:50 PM

hi all I have the following setup:

tunnel Port:

interface GigabitEthernet1/0/2

switchport access vlan 784

switchport mode dot1q-tunnel

switchport nonegotiate

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

spanning-tree portfast

!

Trunk Port - Into Carrier Network

interface GigabitEthernet1/0/25

switchport trunk encapsulation dot1q

switchport trunk native vlan 4094

switchport mode trunk

switchport nonegotiate

load-interval 30

speed nonegotiate

spanning-tree bpdufilter enable

!

the Native Port on the tunnel interface = 1 and native vlan tagging is enabled on the switch.

what happens to untagged frames that hit the tunnel port from the customer? Imagine that they dont have their port as a trunk and are instead emitting untagged frames?

are these dropped or simply have a single Q-tag pushed and are then tunnelled through the carrier network?

I have followed the recommendation of making the trunk port have a native vlan that is not the native vlan of any of the tunnel ports.

thanks

Labels:
0 Helpful
3 Replies 3

didyap
Level 6
Level 6

‎02-12-2008 02:24 PM

You can not get the switch port UP if the other end of the link is not compatible with the config for this port. So, if one side is trunk and the other is not then the port will not come UP. On a trunk line only the frames of native VLAN are sent without any tagging and all other VLAN frames are tagged according to their VLAN numbers.

0 Helpful

Pavel Bykov
Level 5
Level 5

‎05-29-2008 06:04 AM

Normally double-tag traffic is seen as NON-IP traffic by metro devices, since they cannot see beyond first tag.

Untagged customer traffic will behave like IP traffic in metro network, since it will have only one tag.

You can use a trick - create an IP access list on trunk port with "deny ip any any" - basically denying all IP traffic. That should stop all traffic that was not tagged by the customer. Ofcourse that will disable your management - so you need to plan this.

If more than one customer is using same S-VLAN, and one customer has e.g. VLAN 3 untagged, and other one has VLAN 5 untagged, their VLANs will be interconnected.

0 Helpful

Pavel Bykov
Level 5
Level 5

‎05-29-2008 06:05 AM

Trunk port should have non-default native VLAN on customer side.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents