Trunking and native vlan

Unanswered Question
Mar 2nd, 2010

Hey all

I am having some trouble getting my head around this concept and I just want someone to explain if they can, before I pull my hair out

Assume I have the following config on my switch

interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 30

interface FastEthernet0/2
switchport access vlan 20
switchport mode access
switchport voice vlan 30

Now I have my router config setup as router on a stick

interface fastethernet 0/0
encapsulation dot1q 10 NATIVE VLAN 10 or 20???

interface fastethernet 0/0.10
encapsulation dot1q 10
ip address 10.1.1.1 255.255.255.0

interface fastethernet 0/0.20
encapsulation dot1q 20
ip address 10.1.2.1 255.255.255.0

So I get how the traffic will leave its own interface tagged with the correct vlan. But what happens on the trunk between the switch and the router? I can only assign 1 native vlan for the trunk, so what happens if I have two different data vlans for different interfaces??

Or am I pretty dumb and the native vlan isnt really relevant as the data traffic is already tagged? This concept is really bugging me and I may well be over thinking it

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 03/02/2010 - 07:37

Hello Colin,

the voice vlan must be tagged so your only choice for the native vlan is the data vlan 10

the voice vlan must be tagged because 802.1Q header contains the three bits of CoS (usually CoS is 5 for VoIP) and these are needed in order to provide QoS to voice packets.

on the switch side you have a so called mini trunk with only two vlans, vlan 20 has to be tagged both sides

Hope to help

Giuseppe

colinkiely1 Tue, 03/02/2010 - 07:41

Thanks for the reply

So what happens to vlan20 data passing through the trunk?

Jon Marshall Tue, 03/02/2010 - 07:46

colinkiely1 wrote:

Thanks for the reply

So what happens to vlan20 data passing through the trunk?

It is tagged.

Bear in mind you don't actually need to choose a native vlan on the router ie. you can have a native vlan of 999 on the switch and then just configure your 3 subinterfaces on the router for vlans 10, 20 & 30. There is nothing to say you have to send the native vlan across the trunk.

Having said that if you want to use one of the vlans as native then either 10 or 20. Note that if you are configuring the native vlan subnet on the physical interface ie. not a subinterface, then the encapsulation dot1q xxx native is not needed.

Jon

colinkiely1 Tue, 03/02/2010 - 07:59

Thanks Jon

Right, I think I get it (PLEASE!!)

So with my interfaces specifying both vlans (data and voice) the data leaves the interface tagged, and remains so through the trunk link. Essentially the subinterfaces are irrelevant as far as the native vlan is concerned (though obviously required for intervlan routing). Is this correct?

So if I left the native vlan as 1, and pruned this off the trunk, no vlan1 traffic would pass through the trunk? I am aware that CDP etc continues to pass

If I hadnt specified switchport access vlan 10/20 on my interface, then I would need to configure the native vlan? And be default this is vlan 1.....I think I am getting it...

Jon Marshall Tue, 03/02/2010 - 08:11

colinkiely1 wrote:

Thanks Jon

Right, I think I get it (PLEASE!!)

So with my interfaces specifying both vlans (data and voice) the data leaves the interface tagged, and remains so through the trunk link. Essentially the subinterfaces are irrelevant as far as the native vlan is concerned (though obviously required for intervlan routing). Is this correct?

So if I left the native vlan as 1, and pruned this off the trunk, no vlan1 traffic would pass through the trunk? I am aware that CDP etc continues to pass

If I hadnt specified switchport access vlan 10/20 on my interface, then I would need to configure the native vlan? And be default this is vlan 1.....I think I am getting it...

The subinterfaces are not relevant to the native vlan if you are not passing the native vlan. If you configure a subinterface with the native vlan though then you do need the "encapsulation dot1q native" command. It's only on the physical interface you don't need it. But like i say there is nothing that specifies you must have a physical/subinterface on the router for the native vlan.

Vlan 1 is a bit different from the other vlans. If you changed the native vlan to something other than 1 and removed it from the trunk then yes no native vlan traffic would go across the trunk. However vlan 1 is always allowed across trunk links whether your prune/remove it or not. This is because as you say it is used for L2 management protocols such as CDP/STP/VTP/PagP.

As for the last point. The native vlan is vlan 1 by default but it doesn't have to be. And that is the key. By default all ports are in vlan 1 which also means they are in the native vlan but if you changed the native vlan all ports would still be in vlan 1. It may seem a bit pedantic but it is an important point to understand.  If you hadn't configured the ports into vlan 10/20 then yes you are right that you would then have need to configure an interface on the router as the native vlan.

Jon

colinkiely1 Tue, 03/02/2010 - 08:51

Excellent, thanks again Jon

1 more point I want to clarify. So if I specify switchport data vlan x and then voice vlan x, essentially the native vlan is not required on the trunk to the router, as it leave the interface tagged. If however I do not specify data vlan x, then I do need to specify the native vlan on the trunk as the data traffic is currently untagged.

So if I have 5 data vlans I would need to specify this within the interface, hence frame is tagged hence no need to specify different native vlans

Jon Marshall Tue, 03/02/2010 - 08:54

colinkiely1 wrote:

Excellent, thanks again Jon

1 more point I want to clarify. So if I specify switchport data vlan x and then voice vlan x, essentially the native vlan is not required on the trunk to the router, as it leave the interface tagged. If however I do not specify data vlan x, then I do need to specify the native vlan on the trunk as the data traffic is currently untagged.

So if I have 5 data vlans I would need to specify this within the interface, hence frame is tagged hence no need to specify different native vlans

Colin

You should always specify the vlan with "switchport access vlan x" ie. don't leave as default. To clarify exactly if you use vlan 10 and 20 on the switch then the native vlan is not needed on the trunk link to the router as long as the native vlan is not 10 or 20.

On a trunk link you can only have one native vlan so not sure what you mean by your last comment ?

Jon

colinkiely1 Tue, 03/02/2010 - 09:02

Jon

By the last comment I meant that if I have x amount of vlans, I would need to specify switch access vlan x in within my interface, and so I would not need to change the native vlan as technically I am not passing any traffic over it. If however I left the switchport with the default data vlan setting, the switchport would pass the native vlan traffic as vlan 1.

Jon Marshall Tue, 03/02/2010 - 09:11

colinkiely1 wrote:

Jon

By the last comment I meant that if I have x amount of vlans, I would need to specify switch access vlan x in within my interface, and so I would not need to change the native vlan as technically I am not passing any traffic over it. If however I left the switchport with the default data vlan setting, the switchport would pass the native vlan traffic as vlan 1.

Ahh, okay that makes more sense. Yes you are correct in what you say.

Jon

Actions

This Discussion