Let me start by saying I have read A LOT - everything I could find on Cisco VLANs, and I still can't figure out how this works.
I have inhereted an environment of a bunch of Cisco APs Aironet 1130's, and a 3750 into which these APs plug in, and also a WLC 4402 Wireless Controller also connected to the 3750 switch.
The previous person who worked on this [allegedly a CCIE) set this up such that all the APs are on access VLAN 3, whereas the link between the 3750 switch and the WLC is a dot1Q trunk which is allowing a bunch of VLANs (2,4,5,6), BUT NOT VLAN 3!
According to my understanding of VLANs, this network should not work AT ALL: WLAN association packets coming in from clients come from the APs and are supposed to be tunnelled to the WLC.
But when I sniff this - and I went through the trouble of setting up Linux Wireshark so that I can see the VLAN tags - here is what I see:
* AP to 3750:
on L2, source MAC address is MAC of wireless client, dest. MAC address is VLAN 3.
on L3, it's sent from the AP's IP address to the WLC AP management address.
above, it's tunneled in UDP and LWAP
* 3750 to WLC: (and this is where I have a major hang-up)
on L2: from VLAN4 MAC [which is configured as the "switchport access vlan 4" and that's the only reason I can think why this is going on VLAN4 - the native VLAN is VLAN1, AND the switchport mode is TRUNK!) to the MAC of the port of the 3750 which is connected to the WLC
on VLAN level, it shows a tag of VLAN4
on IP level, same as previous, from AP IP address to WLC IP address.
So here are my questions:
1. Why does even work? If the association packet is coming in on VLAN 3 on the access link, shouldn't it be only passed to trunks which allow VLAN 3??
2. Let's say the access link is an access VLAN and therefore the packet travels untaggeed to the 3750 switch. So how did the switch decide/know to send it out on the trunk to the WLC? And how/why did it decide to use VLAN 4 when the native VLAN is 1?
3. On entry to the switch, the switch clearly knows the packet came in on VLAN 3 (based on the MAC), what is the exact algorithm the switch uses to decide where to send this packet? I have not been able to locate a description of the Cisco forwarding algorithm anywhere.
Thank you in advance for your help; this issue is starting to get to me.
Forget for a moment about the trunk - I think it is throwing you off.
The WLC has an interface (Albeit a subinterface) on VLAN4. That interface has a MAC address and an IP address just the same as any other device. (10.70.4.10)
The 3750 also has an interface in VLAN4 (e.g. 10.70.4.1) it also has an interface in VLAN 3 (e.g. 10.70.3.1)
Because it is a Layer3 switch, and it has "ip routing" enabled, it has a routing table. Even if you haven't configured any static routes, all the connected subnets (including 10.70.3.0 and 10.70.4.0) are automatically added to the routing table.
When the 3750 receives a packet for 10.70.4.10 from any of it's interfaces, it routes the packet to VLAN4.
Part of this process is ARP - i.e. it will send out an ARP request "Who has 10.70.4.10?" The WLC will respond saying "I have that IP, here is my MAC address". The 3750 encapulates the packet in an ethernet frame and sends it to Layer 2.
The Layer 2 Process checks the CAM table for the MAC address of the WLC, sees it on the trunk link, and forwards the frame.
I hope I explained that properly :-)
Please rate my post if you found it useful!