cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1421
Views
6
Helpful
5
Replies

A day in the life of a VLAN packet a.k.a. how VLANs really work on Cisco sw

goranjanevski
Level 1
Level 1

Let me start by saying I have read A LOT - everything I could find on Cisco VLANs, and I still can't figure out how this works.

I have inhereted an environment of a bunch of Cisco APs Aironet 1130's, and a 3750 into which these APs plug in, and also a WLC 4402 Wireless Controller also connected to the 3750 switch.

The previous person who worked on this [allegedly a CCIE) set this up such that all the APs are on access VLAN 3, whereas the link between the 3750 switch and the WLC is a dot1Q trunk which is allowing a bunch of VLANs (2,4,5,6), BUT NOT VLAN 3!

According to my understanding of VLANs, this network should not work AT ALL: WLAN association packets coming in from clients come from the APs and are supposed to be tunnelled to the WLC.

But when I sniff this - and I went through the trouble of setting up Linux Wireshark so that I can see the VLAN tags - here is what I see:

* AP to 3750:

on L2, source MAC address is MAC of wireless client, dest. MAC address is VLAN 3.

on L3, it's sent from the AP's IP address to the WLC AP management address.

above, it's tunneled in UDP and LWAP

* 3750 to WLC: (and this is where I have a major hang-up)

on L2: from VLAN4 MAC [which is configured as the "switchport access vlan 4" and that's the only reason I can think why this is going on VLAN4 - the native VLAN is VLAN1, AND the switchport mode is TRUNK!) to the MAC of the port of the 3750 which is connected to the WLC

on VLAN level, it shows a tag of VLAN4

on IP level, same as previous, from AP IP address to WLC IP address.

So here are my questions:

1. Why does even work? If the association packet is coming in on VLAN 3 on the access link, shouldn't it be only passed to trunks which allow VLAN 3??

2. Let's say the access link is an access VLAN and therefore the packet travels untaggeed to the 3750 switch. So how did the switch decide/know to send it out on the trunk to the WLC? And how/why did it decide to use VLAN 4 when the native VLAN is 1?

3. On entry to the switch, the switch clearly knows the packet came in on VLAN 3 (based on the MAC), what is the exact algorithm the switch uses to decide where to send this packet? I have not been able to locate a description of the Cisco forwarding algorithm anywhere.

Thank you in advance for your help; this issue is starting to get to me.

1 Accepted Solution

Accepted Solutions

Hi,

Forget for a moment about the trunk - I think it is throwing you off.

The WLC has an interface (Albeit a subinterface) on VLAN4. That interface has a MAC address and an IP address just the same as any other device. (10.70.4.10)

The 3750 also has an interface in VLAN4 (e.g. 10.70.4.1) it also has an interface in VLAN 3 (e.g. 10.70.3.1)

Because it is a Layer3 switch, and it has "ip routing" enabled, it has a routing table. Even if you haven't configured any static routes, all the connected subnets (including 10.70.3.0 and 10.70.4.0) are automatically added to the routing table.

When the 3750 receives a packet for 10.70.4.10 from any of it's interfaces, it routes the packet to VLAN4.

Part of this process is ARP - i.e. it will send out an ARP request "Who has 10.70.4.10?" The WLC will respond saying "I have that IP, here is my MAC address". The 3750 encapulates the packet in an ethernet frame and sends it to Layer 2.

The Layer 2 Process checks the CAM table for the MAC address of the WLC, sees it on the trunk link, and forwards the frame.

I hope I explained that properly :-)

Please rate my post if you found it useful!

Nick

View solution in original post

5 Replies 5

hsw_networking
Level 1
Level 1

Hi There,

The WLC's Management IP address is on VLAN 4 - when the packet from the Access-Point hits the 3750, it is routed from VLAN3 into VLAN4.

If the port connecting to the WLC is a trunk, then it doesn't matter that there is a "switchport access vlan 4" in there, as the command is ignored in trunk mode.

Hope that helps!

Hi hsw_networking,

Thanks for your reply! I sort of knew the second part, but I am glad you confirm it.

I want to focus on the first part of your answer:

I acknowledge that the IP address of the VLAN4 - let's call it 10.70.4.1 - is in the same subnet as the management IP address of the WLC controller (10.70.4.10), BUT... based on what did the switch decide to send the packet on VLAN4? Just the fact that they are on the same subnet? There are no routing table entries to suggest "send .4.10 packets on the (trunk) interface".

Goran

"BUT... based on what did the switch decide to send the packet on VLAN4?"

The switch is routing between your vlans so what happens is

packet from AP to WLC is

src IP = AP

dst IP = WLC

src mac = AP

dst mac = L3 vlan interface for vlan 3

switch receives packet and does a L3 lookup on the destination address. It knows it has a directly connected interface on this subnet ie. the L3 vlan interface for vlan 4 and it also knows that the IP address of the WLC is

a) in vlan 4

b) at the end of the trunk link

So the switch forwards the packet to the WLC

src IP = AP

dst IP = WLC

src mac = L3 vlan interface for vlan 4 (Note vlan 4 as the switch has now routed this packet from vlan 3 onto vlan 4)

dst mac = WLC

This is standard L3 routing between subnets.

Does this make sense or have i missed something in your explanation ?

Jon

Hi,

Forget for a moment about the trunk - I think it is throwing you off.

The WLC has an interface (Albeit a subinterface) on VLAN4. That interface has a MAC address and an IP address just the same as any other device. (10.70.4.10)

The 3750 also has an interface in VLAN4 (e.g. 10.70.4.1) it also has an interface in VLAN 3 (e.g. 10.70.3.1)

Because it is a Layer3 switch, and it has "ip routing" enabled, it has a routing table. Even if you haven't configured any static routes, all the connected subnets (including 10.70.3.0 and 10.70.4.0) are automatically added to the routing table.

When the 3750 receives a packet for 10.70.4.10 from any of it's interfaces, it routes the packet to VLAN4.

Part of this process is ARP - i.e. it will send out an ARP request "Who has 10.70.4.10?" The WLC will respond saying "I have that IP, here is my MAC address". The 3750 encapulates the packet in an ethernet frame and sends it to Layer 2.

The Layer 2 Process checks the CAM table for the MAC address of the WLC, sees it on the trunk link, and forwards the frame.

I hope I explained that properly :-)

Please rate my post if you found it useful!

Nick

Nick,

This completely answers my questions. I guess the part I was missing was the automatically added routing table entries. Indeed show IP route tells the whole story.

And it makes sense that, if an interface is directly connected, to go to ARP next.

Thanks very much,

Goran

P.S. I will rate your posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: