cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1887
Views
0
Helpful
23
Replies

Native VLAN and trunk port.

subharojdahal
Level 1
Level 1

I read in one of the forum that it may create a problem if I allow native vlan through the trunk port connecting two switch.

But I am still not getting exact consquences of doing so?

1 Accepted Solution

Accepted Solutions

Subharoj

You need to decide whether you want to route or switch between the 2 pairs of switches.

What i would do with the information you have given so far is to connect A -> C and A -> D, B -> C, B -> D with L2 trunk links.

A & B would not have a trunk link between them but C & D would be interconnected via a L2 trunk.

Then migrate the L3 interfaces + HSRP configuration off A&B and move it on C&D. So A&B are not routing for any vlans any more they are simply access switches connecting back via L2 trunks to C&D.

This would give you a more standard setup.

Alaternatively you can leave the link between A&B and leave it routing for vlan 125 etc. and make the links back to C&D L3 routed links. And then run EIGRP between all the switches. Note that with CatOS you cannot actually have a L3 routed port ie. "no switchport". What you do is use a /30 subnet and create an SVI on each switch eg.

Switch A

int vlan 200

description L3 connection to C

ip address 192.168.5.1 255.255.255.252

Switch C

int vlan 200

description L3 connection to A

ip address 192.168.5.2 255.255.255.252

and then assign the port on A & C into vlan 200. Then repeat with a different subnet for

A -> D

B -> C

B -> D

Each has their advantages and disadvantages. If your switches are all running CatOS i would use the first option of L2 trunk uplinks and migration of L3 interfaces off A&B to C&D.

Jon

View solution in original post

23 Replies 23

gpulos
Level 8
Level 8

A native vlan is required on Cisco Catalyst switches.

A native vlan is used to forward packets that do not have a tag when they get to the ingress of the trunk port.

A trunk will forward untagged packets to the native vlan that is configured.

(if a native vlan is not specifically configured, it defaults to vlan 1)

If a trunk gets a packet that does not have a tag, and there was no native vlan, it would not know how to forward it. This is what the native vlan provides; a way for the trunk to know where to forward the packet if the packet were not tagged.

When the trunk receives a packet without a tag, it forwards it to the native vlan.

Native vlan is defined in a clause in the 802.1Q standard for interoperability with older devices that do not understand 802.1Q.

Please see the following link for some info on trunks and native vlan:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/e_trunk.html#wp1021145

(to answer your question, for example, if you have disabled vlan1 and your native vlan is defaulted to vlan1, then any untagged packets into the trunk will ultimately be dropped from the network; that could be considered bad.)

thanks for your reponse.

I read the links but still unalble to find why not to allow native vlan over trunk link.

I doubt it might be for security reason but do not know how it happens.

Have a look at this link which explains why you may not want to allow the native vlan across the link.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39211

The alternative to not allowing it is to ensure that even the native vlan is tagged ie.

vlan dot1q tag native

Jon

Thanks jon

I understand why i should avoid native vlan to allow through trunk link.

Could you please clear my concepts about inter-vlan routing in multilayer switch?

There are four 6500 switch.

Node A1 in vlan 125 connected with switch A

wants to talk to server S1 in VLAN 100 connected with switch C.

Switch A, B are HSRP pair for VLAN 125 and C and D are core and HSRP pair and STP root for server vlan 25.

routing protocols is eigrp

RAPID PVST+ is enable.

what I know is when node N1 hits server S1 address, first it goes to gateway which is A, It looks at routing table and find the route and send it.

My question are while forwarding packet

1. does it tag VLAN identification or not ?

3.Does switch A sends both or either of one switch looking at routing talble? considering Server is connected either of two switch C and D as some of the servers are in switch c and rest are in D.

3. What is the process behind the scene while forwarding layer 3 traffic in switched network?

I would appreciate.

Couple of quick questions

How are A&B connected to C&D ie. L2 trunks or L3 routed links.

You talk of Node A1 and then node N1 - presumably the same node ?

You talk of server being in vlan 100 then in vlan 25. Which one is it ?

What is the active HSRP switch for v125 out of A & B

what is the active HSRP switch for v25 out of C & D

Jon

thanks for prompt response

A and B are connected with C and D as

A<--->C

A<--->D

B<--->C

B<--->D

ie. redundant connection

node A1 and N1 are same. sorry for typo

servers are vlan 25 ( some of them are connected in C and some of are in D)

Active hsrp for vlan 125 is A

Active hsrp for vlan 25 is D

The connections between A -> C, A -> D, B -> C, B -> D, are they L2 trunks or L3 connections.

A & B are definitely HSRP for node A1 ?

Jon

They are L2 trunks

Yes A & b are HSRP for node A1 and switch A has higher HSRP priority over switch B

i.e 120 over 110.

It's a little bit confusing to have A & B running for HSRP clients then using L2 trunks to connect back to C&D.

Sorry for all the questions but does the server vlan only exist on C&D ie. it is not on A&B. What i'm trying to understand is why the links are L2 trunks and not L3 routed links from A&B -> C&D.

So node A1 sends packet to it's default-gateway which is the HSRP active address on switch A.

Now it gets a bit confusing. If the uplinks afe L2 trunks what vlans are you running across these trunks. Presumably not vlan 125 because that is routed off A & B.

What about vlan 25 ?

Jon

yes server vlan only exists on C&D.

yes you are right, vlan 125 is not allowed but vlan 25 is allowed in the trunk link.

All the switces are running CatOs. for just to make sure, L3 link means issuing command no shitchport on interface mode of trunk interface??

If so , then in my understanding all the connection are L2 with dot1q encapsulation ?

please let me know if you need more info.

thanks alot .

"L3 link means issuing command no shitchport on interface mode of trunk interface?? "

It does if the switches are running IOS but not if they are running CatOS.

If you do a "sh trunk" on your A & B switches do you see the links to C & D.

I'm also assuming A has a L2 trunk to B and that C has a L2 trunk to D. Please let me know if this is not the case.

Basically if vlan 25 is allowed on the link and it is a trunk link

Node A1 sends packet to it's default-gateway which is on switch A. Now it depends which uplink is blocking on STP.

If A to C is blocking then A forwards packet to B which then forwards it on to D. If the active NIC for S1 is on D it is then sent straight to S1. If it is on C, D sends packet to C and C forwards it on.

If A to C is not blocking A sends packet straight to C.

It is important to note that the packet is only routed on switch A. Because vlan 25 is on the L2 trunk link then it will simply be switched from A to it's destination.

Jon

Thanks Jon.

I am just curious to know that when A forward packet to D through trunk link, does A awared that the packet belongs to vlan 25. I mean to say Switch have any idea about VLAN 25 ( tagging ??) or it just look ip block and forward the packet with out knowing which VLAN the packet falls under ??

If the uplink is a trunk link and the native vlan is not vlan 25 then yes the packet will be tagged with a vlan id of 25.

Jon

You mean to say the blocked port will be determined by STP instance of vlan 25 and Switch A will forward traffic only in designated port !!!

What if native vlan is 25, I just wanted to see the possible consequences.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: