05-19-2008 08:50 AM - edited 03-05-2019 11:04 PM
I read in one of the forum that it may create a problem if I allow native vlan through the trunk port connecting two switch.
But I am still not getting exact consquences of doing so?
Solved! Go to Solution.
05-19-2008 12:28 PM
Subharoj
You need to decide whether you want to route or switch between the 2 pairs of switches.
What i would do with the information you have given so far is to connect A -> C and A -> D, B -> C, B -> D with L2 trunk links.
A & B would not have a trunk link between them but C & D would be interconnected via a L2 trunk.
Then migrate the L3 interfaces + HSRP configuration off A&B and move it on C&D. So A&B are not routing for any vlans any more they are simply access switches connecting back via L2 trunks to C&D.
This would give you a more standard setup.
Alaternatively you can leave the link between A&B and leave it routing for vlan 125 etc. and make the links back to C&D L3 routed links. And then run EIGRP between all the switches. Note that with CatOS you cannot actually have a L3 routed port ie. "no switchport". What you do is use a /30 subnet and create an SVI on each switch eg.
Switch A
int vlan 200
description L3 connection to C
ip address 192.168.5.1 255.255.255.252
Switch C
int vlan 200
description L3 connection to A
ip address 192.168.5.2 255.255.255.252
and then assign the port on A & C into vlan 200. Then repeat with a different subnet for
A -> D
B -> C
B -> D
Each has their advantages and disadvantages. If your switches are all running CatOS i would use the first option of L2 trunk uplinks and migration of L3 interfaces off A&B to C&D.
Jon
05-19-2008 08:58 AM
A native vlan is required on Cisco Catalyst switches.
A native vlan is used to forward packets that do not have a tag when they get to the ingress of the trunk port.
A trunk will forward untagged packets to the native vlan that is configured.
(if a native vlan is not specifically configured, it defaults to vlan 1)
If a trunk gets a packet that does not have a tag, and there was no native vlan, it would not know how to forward it. This is what the native vlan provides; a way for the trunk to know where to forward the packet if the packet were not tagged.
When the trunk receives a packet without a tag, it forwards it to the native vlan.
Native vlan is defined in a clause in the 802.1Q standard for interoperability with older devices that do not understand 802.1Q.
Please see the following link for some info on trunks and native vlan:
(to answer your question, for example, if you have disabled vlan1 and your native vlan is defaulted to vlan1, then any untagged packets into the trunk will ultimately be dropped from the network; that could be considered bad.)
05-19-2008 09:09 AM
thanks for your reponse.
I read the links but still unalble to find why not to allow native vlan over trunk link.
I doubt it might be for security reason but do not know how it happens.
05-19-2008 09:23 AM
Have a look at this link which explains why you may not want to allow the native vlan across the link.
The alternative to not allowing it is to ensure that even the native vlan is tagged ie.
vlan dot1q tag native
Jon
05-19-2008 10:13 AM
Thanks jon
I understand why i should avoid native vlan to allow through trunk link.
Could you please clear my concepts about inter-vlan routing in multilayer switch?
There are four 6500 switch.
Node A1 in vlan 125 connected with switch A
wants to talk to server S1 in VLAN 100 connected with switch C.
Switch A, B are HSRP pair for VLAN 125 and C and D are core and HSRP pair and STP root for server vlan 25.
routing protocols is eigrp
RAPID PVST+ is enable.
what I know is when node N1 hits server S1 address, first it goes to gateway which is A, It looks at routing table and find the route and send it.
My question are while forwarding packet
1. does it tag VLAN identification or not ?
3.Does switch A sends both or either of one switch looking at routing talble? considering Server is connected either of two switch C and D as some of the servers are in switch c and rest are in D.
3. What is the process behind the scene while forwarding layer 3 traffic in switched network?
I would appreciate.
05-19-2008 10:18 AM
Couple of quick questions
How are A&B connected to C&D ie. L2 trunks or L3 routed links.
You talk of Node A1 and then node N1 - presumably the same node ?
You talk of server being in vlan 100 then in vlan 25. Which one is it ?
What is the active HSRP switch for v125 out of A & B
what is the active HSRP switch for v25 out of C & D
Jon
05-19-2008 10:28 AM
thanks for prompt response
A and B are connected with C and D as
A<--->C
A<--->D
B<--->C
B<--->D
ie. redundant connection
node A1 and N1 are same. sorry for typo
servers are vlan 25 ( some of them are connected in C and some of are in D)
Active hsrp for vlan 125 is A
Active hsrp for vlan 25 is D
05-19-2008 10:30 AM
The connections between A -> C, A -> D, B -> C, B -> D, are they L2 trunks or L3 connections.
A & B are definitely HSRP for node A1 ?
Jon
05-19-2008 10:33 AM
They are L2 trunks
Yes A & b are HSRP for node A1 and switch A has higher HSRP priority over switch B
i.e 120 over 110.
05-19-2008 10:46 AM
It's a little bit confusing to have A & B running for HSRP clients then using L2 trunks to connect back to C&D.
Sorry for all the questions but does the server vlan only exist on C&D ie. it is not on A&B. What i'm trying to understand is why the links are L2 trunks and not L3 routed links from A&B -> C&D.
So node A1 sends packet to it's default-gateway which is the HSRP active address on switch A.
Now it gets a bit confusing. If the uplinks afe L2 trunks what vlans are you running across these trunks. Presumably not vlan 125 because that is routed off A & B.
What about vlan 25 ?
Jon
05-19-2008 10:56 AM
yes server vlan only exists on C&D.
yes you are right, vlan 125 is not allowed but vlan 25 is allowed in the trunk link.
All the switces are running CatOs. for just to make sure, L3 link means issuing command no shitchport on interface mode of trunk interface??
If so , then in my understanding all the connection are L2 with dot1q encapsulation ?
please let me know if you need more info.
thanks alot .
05-19-2008 11:11 AM
"L3 link means issuing command no shitchport on interface mode of trunk interface?? "
It does if the switches are running IOS but not if they are running CatOS.
If you do a "sh trunk" on your A & B switches do you see the links to C & D.
I'm also assuming A has a L2 trunk to B and that C has a L2 trunk to D. Please let me know if this is not the case.
Basically if vlan 25 is allowed on the link and it is a trunk link
Node A1 sends packet to it's default-gateway which is on switch A. Now it depends which uplink is blocking on STP.
If A to C is blocking then A forwards packet to B which then forwards it on to D. If the active NIC for S1 is on D it is then sent straight to S1. If it is on C, D sends packet to C and C forwards it on.
If A to C is not blocking A sends packet straight to C.
It is important to note that the packet is only routed on switch A. Because vlan 25 is on the L2 trunk link then it will simply be switched from A to it's destination.
Jon
05-19-2008 11:22 AM
Thanks Jon.
I am just curious to know that when A forward packet to D through trunk link, does A awared that the packet belongs to vlan 25. I mean to say Switch have any idea about VLAN 25 ( tagging ??) or it just look ip block and forward the packet with out knowing which VLAN the packet falls under ??
05-19-2008 11:29 AM
If the uplink is a trunk link and the native vlan is not vlan 25 then yes the packet will be tagged with a vlan id of 25.
Jon
05-19-2008 11:35 AM
You mean to say the blocked port will be determined by STP instance of vlan 25 and Switch A will forward traffic only in designated port !!!
What if native vlan is 25, I just wanted to see the possible consequences.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide