VLAN questions

Unanswered Question
Jun 18th, 2010

Hi,


I have a couple of questions about VLAN.


1. Based in the following scenario:



Switch A ---Trunk---- Switch B ----Trunk------ Switch C


If I create a VLAN in swithes A and C (for reference VLAN 100), but I dont create it in Switch B,    is it possible to communicate the hosts connected on Switch A in vlan 100 with the hosts connected to Vlan 100 in Switch B ?????



2. I know that the ethernet interfaces are broadcast. I supose that the VLAN interface are too, but  I would like a second opinion about that.




Thanks for your comments,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Fri, 06/18/2010 - 10:20

dbarboza27 wrote:


Hi,


I have a couple of questions about VLAN.


1. Based in the following scenario:



Switch A ---Trunk---- Switch B ----Trunk------ Switch C


If I create a VLAN in swithes A and C (for reference VLAN 100), but I dont create it in Switch B,    is it possible to communicate the hosts connected on Switch A in vlan 100 with the hosts connected to Vlan 100 in Switch B ?????



2. I know that the ethernet interfaces are broadcast. I supose that the VLAN interface are too, but  I would like a second opinion about that.




Thanks for your comments,


1. No they won't be able to communicate ie. you need vlan 100 on all 3 switches. I'm assuming your question was can hosts on switch A in vlan 100 communicate with hosts on switch C in vlan 100 which is not quite what you wrote.


2. Not sure what you mean. L3 SVI's are like routed ethernet interfaces in that they do indeed understand broadcasts but will not by default route those broadcasts to another subnet.


Jon

Dasuntha Dinesh Sat, 06/19/2010 - 05:44

I also assume that you want hosts configured in vlan 100 in switch A needs to communicate with hosts in vlan 100 in Switch C.

No problem. They can communicate with each other without any problem.

No need to create vlan 100 in switch B.

Make sure the trunks are configured properly between switches.


Regards,

Dasuntha

Jon Marshall Sat, 06/19/2010 - 07:11

Dasuntha_Dinesh wrote:


I also assume that you want hosts configured in vlan 100 in switch A needs to communicate with hosts in vlan 100 in Switch C.

No problem. They can communicate with each other without any problem.

No need to create vlan 100 in switch B.

Make sure the trunks are configured properly between switches.


Regards,

Dasuntha


Dasuntha


Have you tested this ?  If vlan 100 does not exist on switch B then you cannot get from switch A to switch C via L2 in vlan 100.


Jon

Dasuntha Dinesh Sat, 06/19/2010 - 07:22

Jon,


I tested it & working fine.

And no need to configure vlan100 in switch B.

Only we need to configure trunk links properly.

Pls test. You'll also see it.


Regards,

Dasuntha

Jon Marshall Sat, 06/19/2010 - 07:27

Dasuntha_Dinesh wrote:


Jon,


I tested it & working fine.

And no need to configure vlan100 in switch B.

Only we need to configure trunk links properly.

Pls test. You'll also see it.


Regards,

Dasuntha


Dasuntha


Interesting. So when you say you need to configure the trunk links properly does that mean allowing vlan 100 on the trunk links ?


Jon

Dasuntha Dinesh Sat, 06/19/2010 - 07:33

I didnt specify only vlan 100. I allowed all

I mean the trunk encapsulation should be properly configured.

I also had a doubt first, but I tested it & worked perfectly.

Jon Marshall Sat, 06/19/2010 - 07:36

Dasuntha_Dinesh wrote:


I didnt specify only vlan 100. I allowed all

I mean the trunk encapsulation should be properly configured.

I also had a doubt first, but I tested it & worked perfectly.


So a "sh vlan brief" on switch B does not show vlan 100 ?


Sorry to ask so many questions but i didn't think this would work so it's news to me


Jon

Dasuntha Dinesh Sat, 06/19/2010 - 07:44

yes. of course.

vlan 100 cant be in switch B. Coz i didnt created it in Switch B & I m not using VTP.


And in this question, we are not trying inter vlan communication.

And both hosts are in the same vlan & same ip subnet & switches carry the vlan information if the trunks are properly configured.

Jon Marshall Sat, 06/19/2010 - 07:46

Dasuntha_Dinesh wrote:


yes. of course.

vlan 100 cant be in switch B. Coz i didnt created it in Switch B & I m not using VTP.


And in this question, we are not trying inter vlan communication.

And both hosts are in the same vlan & same ip subnet & switches carry the vlan information if the trunks are properly configured.


Then i stand corrected because i honestly thought that would not work. Thanks for the information and patience with my questions


Jon

Jon Marshall Sat, 06/19/2010 - 07:43

One more question - how have you set the switches up with VTP ie. are they transparent or VTP server/client ?


Jon

narendrakumar1987in Sun, 06/20/2010 - 07:42

Dear Dasuntha,


          Could you please post your configs.


          Because as Jon says, it doesnt work for me either!!! I couldnt make this intra VLAN communication without creating the vlan 100 in the SW-B, regardless of what VTP domain i stay in.


          The vlan i create in SW-A gets replicated to SW-C if i have SW-B in VTP mode transparent.   But thats not the problem / question here.


          The actual question is, Will the traffic from host A on SW-A's VLAN 100 reach SW-B's host B on vlan 100. ?


I would appreciate if you can post your configs. or atleast the output of  "show vlan brief, show int trunk" in all three switches..


Happy Networking !!!!


Narendrakumar B


Do rate the helpful posts !!

thiruma.valavan Sun, 06/20/2010 - 23:48

Switch A--- trunk link---- Switch B----trunk link ----Switch C


In example, you configured vlan 100 in Switch A and Switch c. But Switch B have configured in vlan 30 only


That time VTP help us to contact switch A(VTP SERVER MODE) and Switch C(VTP CLIENT MODE).


In Switch B has configured in VTP TRANSPARENT mode.

Tharak Abraham Tue, 06/22/2010 - 07:04

Jon,


Better to avoid too much of Cisco here (referring to VTP)

Once the trunk is up, it will by default carry all Vlans (whether or not its accessed at the switchport)


i.e SW1--SW2--SW3--SW4

Host on Vlan 10 at SW1 can contact host on SW4 in the same Vlan 10 if all the links between the switches trunk.


Just to simplify that VTP works over trunks and its for ease of administration and not required real communication.

Jon Marshall Fri, 06/25/2010 - 01:49

tharakabraham wrote:


Jon,


Better to avoid too much of Cisco here (referring to VTP)

Once the trunk is up, it will by default carry all Vlans (whether or not its accessed at the switchport)


i.e SW1--SW2--SW3--SW4

Host on Vlan 10 at SW1 can contact host on SW4 in the same Vlan 10 if all the links between the switches trunk.


Just to simplify that VTP works over trunks and its for ease of administration and not required real communication.


Tharak


This is where i am slightly confused.


If you look at the output from Dasuntha for all 3 switches you will see that switch B is not forwarding vlan 100 on it's trunk link to switch C. It can't be forwarding it because there is no vlan 100.


When the frame arrives from switch A at switch B on the trunk link the 802.1q tag is stripped from the frame and this tells switch B that the frame belongs to vlan 100. Switch B should then do a lookup in it's cam table and see that the destination mac-address is reachable via the trunk link connection to switch C and is in vlan 100. So the frame then has an 802.1q tag added for vlan 100 and forwarded to C. But if switch B doesn't have vlan 100 configured how does it know that it needs to add an 802.1q tag for vlan 100.


My understanding was that the mac-address table records not only the port but also the vlan ie. a switch has a mac-address table per vlan but if you haven't configured vlan 100 it won't have a mac-address table for this vlan and so switch B will not know that the frame should have a vlan 100 tag added.


So how does switch B -


1) know to add an 802.1q tag for vlan 100 before transmitting the frame to switch C

2) forward the frame in vlan 100 on the trunk link when vlan 100 is not active on the trunk link.


Note i'm not trying to prove anyone wrong here, i am simply trying to get a full understanding of how this works.


Jon

Dasuntha Dinesh Mon, 06/21/2010 - 20:43

HI Narendrakumar,


In the actual question, Douglas is not talking about inter vlan communication.

He wants to know if the traffic from switch A is going to switch C through switch B for vlan 100. And vlan 100 is not configured in switch B.

Pls find below the configs you requested. Note that VTP is not configured.


Switch A


A#sh vlan brief


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig1/1, Gig1/2
100  VLAN0100                         active    Fa0/1
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   
A#
A#sh inter trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/5       on           802.1q         trunking      1


Port        Vlans allowed on trunk
Fa0/5       1-1005


Port        Vlans allowed and active in management domain
Fa0/5       1,100


Port        Vlans in spanning tree forwarding state and not pruned
Fa0/5       1,100
A#

Switch B

B#sh vlan brief


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig1/1, Gig1/2
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   
B#
B#sh inter trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/5       on           802.1q         trunking      1
Fa0/6       on           802.1q         trunking      1


Port        Vlans allowed on trunk
Fa0/5       1-1005
Fa0/6       1-1005


Port        Vlans allowed and active in management domain
Fa0/5       1
Fa0/6       1


Port        Vlans in spanning tree forwarding state and not pruned
Fa0/5       1
Fa0/6       1
B#

Switch C

C#sh vlan brief


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig1/1, Gig1/2
100  VLAN0100                         active    Fa0/1
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   
C#
C#sh inter tr
C#sh inter trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/6       on           802.1q         trunking      1


Port        Vlans allowed on trunk
Fa0/6       1-1005


Port        Vlans allowed and active in management domain
Fa0/6       1,100


Port        Vlans in spanning tree forwarding state and not pruned
Fa0/6       1,100
C#

Hope this information will help you.

Pls let me know if you need any other information.

Regards,
Dasuntha






thiruma.valavan Tue, 06/22/2010 - 02:58
Hi Dasuntha,
According to your config logs,


VLAN 100 is not configured in SWITCH B, So Put in VTP mode as transparent, Switch A will be configured in VTP mode as Server, and Switch C is configured in VTP mode as Client.

Dasuntha Dinesh Tue, 06/22/2010 - 06:07

Hi Thiruma,


I think you didnt understood the question.


No need to configure Vlan 100 in Switch B. That's what the main question asked about.


VLAN 100 traffic can pass without any problem to switch C.


So, clienst in VLAN 100 attached to Switch A can communicate with the clients in Vlan 100 in Switch C.


Hope you understand question & answar.


Regards,

Dasuntha

thiruma.valavan Wed, 06/23/2010 - 06:01

Hi Dhasundha,


I understood your question Properly,


In switch B, We don't need to configure Vlan 100, jus configure vtp mode as transparent, Switch A as vtp mode server, switch c as vtp mode client, Configure trunk links b/w Switch A & B & C.


Thanks,

Thiruma

narendrakumar1987in Tue, 06/22/2010 - 19:19

Dear Dhasundha,


            All these work for me, yet Im not able to reach host  on SW-C from Host  on switch C. I have attached a file for your reference. I Would appreciate comments from others too..


Rgds,


Narendrakumar B

Attachment: 
Dasuntha Dinesh Tue, 06/22/2010 - 20:58

Hi Narendrakumar,


As I informed in my answars, we need to configure the trunk links properly.


I checked your file & the trunk links were not properly configured.


So, I configured it for you & it's working fine now.


Now both hosts can communicate with each other.


I attached the fixed file for you.


Then you can see that it's working fine.


Regards,

Dasuntha

Attachment: 
narendrakumar1987in Wed, 06/23/2010 - 09:47

Dear Dasuntha,


        Thankyou very much for your reply. I have checked the file you have sent me. Even in that the host arent able to reach eachother. I guess, there is some problem in the packettracer installed in my system (SUSE LINUX) itself. Not sure though.


        In the file that i have posted,  the trunks exists. Eventhough i have specified "switchport mode trunk"  only in one end of any switches, the trunks had formed sucessfully. Because in my file the switchports are in "Dynamic Auto" mode by default. So specifying this command in one end brings the trunk up.


         Anyway, I dont have real switches to check this.  I appreciate your efforts towards answering this question and i have rated your posts.



Happy Networking !!


Rgds,


Narendrakumar B

Dasuntha Dinesh Wed, 06/23/2010 - 20:14

Hi Narendrakumar,


May be the problem is coming from the packet traser. a bug. I also noticed lots of bug  in the previous versions.

I m using Packet Traser 5.3.

I hope you're also using the same. Otherwise download 5.3 or I can give you a link to download.


Best Regards,

Dasuntha

shahansas Thu, 06/24/2010 - 09:16

Hi All,

I hope you have heard about VTP Pruning:

"VTP Pruning allows switches to prevent broadcast and unknown unicast from flowing to switches that do not have any ports in that VLAN"

In the example: SwitchB does not have port for VLAN 100, that's why, there will not be communication between SwitchA and SwitchC.

Action: Create and assign VLAN100 on trunk ports on SwitchB.

Hope it will resolve the issue.

Thanks,

Sha

Dasuntha Dinesh Thu, 06/24/2010 - 20:11

Hi Shahid,


No need to configure vlan 100 in switch B.

And switch A can communicate with Switch C.

And VTP Pruning we have to enable manually..


Regards,

Dasuntha

Dasuntha Dinesh Fri, 06/25/2010 - 03:15

Hi Jon,


As you know, by default Trunk Links are carrying all the VLAN traffics.


That's why we dont need to create Vlan 100 in switch B.


If you tested this scenario, you'll see it for sure.


Regards,

Dasuntha

Jon Marshall Fri, 06/25/2010 - 07:55

Dasuntha_Dinesh wrote:


Hi Jon,


As you know, by default Trunk Links are carrying all the VLAN traffics.


That's why we dont need to create Vlan 100 in switch B.


If you tested this scenario, you'll see it for sure.


Regards,

Dasuntha


Dasuntha


I'm not saying it doesn't work but i am looking for an explanation. Your trunk link from B to C is only forwarding vlan 1, you can see that from the output. There is no mention of that trunk link forwarding vlan 100 because you don't have a vlan 100 on switch B. So how does the frame get forwarded across the trunk to switch C in vlan 100 ?


To say a trunk forwards all vlans is correct but your output clearly shows the only active and forwarding vlan on switch B -> C trunk link is vlan 1.


Jon

Dasuntha Dinesh Fri, 06/25/2010 - 12:44

Jon,


From below output showing the active vlans in the switch.


Port        Vlans allowed and active in management domain

Fa0/5       1

Fa0/6       1


This output showing the allowed vlans in trunk.


Port        Vlans allowed on trunk
Fa0/5       1-1005
Fa0/6       1-1005


So, vlan 100 is allowed in the list & no need to configure vlan 100 in the switch B.


Dasuntha

Jon Marshall Fri, 06/25/2010 - 13:25

Dasuntha


From your output -


Port        Vlans allowed and active in management domain
Fa0/5       1
Fa0/6       1


Port        Vlans in spanning tree forwarding state and not pruned

Fa0/5       1

Fa0/6       1

B#



So on the trunk links between switch A -> B and B -> C vlan 100 is not forwarding on those trunk links. So if vlan 100 is not forwarding on either trunk link -

1) how does switch B know what to do with a frame tagged with vlan 100 from switch A
2) how does switch B know that it has to tag the frame going out to switch C with a vlan 100 tag when it isn't even aware of a vlan 100

Basically think of a L2 vlan between the 3 switches as a pipe per vlan. All a trunk link does is allow multiple pipes (ie vlans) on the same link. So a packet originated in vlan 100 is put into the vlan 100 pipe. It is sent to switch B but switch B has no pipe for vlan 100 so it cannot forward it. Compare this with vlan 1 where it is put into the vlan 1 pipe on switch A, switch B receives it and forwards it through it's vlan 1 pipe, and it is then sent to switch C via the trunk link which is simply part of the vlan 1 pipe.

But for vlan 100 you do not have a continuous pipe because switch B has no knowledge of vlan 100. So how is the packet being forwarded by switch B in vlan 100.

So it seems that switch B "blindly" receives and forwards all frames received on it's trunk link to all other trunk links regardless of the tag but this isn't the way switches are meant to work or at least not as far as i know.  In other words i can tag the frame from switch A with any tag and it will forward it on the trunk link to switch C which is the logic of what you seem to be saying.

Am i understanding you correctly ?

Jon


Jon Marshall Fri, 06/25/2010 - 13:42

Dasuntha_Dinesh wrote:


Jon,


From below output showing the active vlans in the switch.


Port        Vlans allowed and active in management domain

Fa0/5       1

Fa0/6       1


This output showing the allowed vlans in trunk.


Port        Vlans allowed on trunk
Fa0/5       1-1005
Fa0/6       1-1005


So, vlan 100 is allowed in the list & no need to configure vlan 100 in the switch B.


Dasuntha


Dasuntha


In addition to last post this shows quite clearly that only vlan 1 is active on switch B. So how does switch B know what to do with a packet received for vlan 100 when that is not an active vlan on switch B ?


Jon

Dasuntha Dinesh Fri, 06/25/2010 - 14:34

Jon,


If you say that switches are not working like that, How can it work like this.


And switch B dont want to know the traffic passing by, because switch B dont have Vlan 100 active.


Switch B is passing all the traffic through the trunk ports.


And I searched alot & I was unable to find any where Cisco mentioned that, if you want to pass the vlan traffic from one switch to another switch through another switch, you need to create all the vlan in all the switches.


Because it's not practical in real environment. Every one knows that.


And some times remember that, the theory side can be different from the practical side.


I really dont want argue with you about this matter, because I tested it & I know that's working fine in Real Environment.


Anyway, nice to exchange the information like this.


Best Regards,

Dasuntha

Jon Marshall Sat, 06/26/2010 - 01:53

Dasuntha


Because it's not practical in real environment. Every one knows that.


But everyone doesn't know that because that's what VTP is for ie. it propogates the vlans from a VTP server to the rest of the switches if they are VTP clients. So it's perfectly practical.


I really dont want argue with you about this matter, because I tested it & I know that's working fine in Real Environment.


My apologies if it seemed like i was arguing, that wasn't my intention. I find NetPro can be very useful in increasing my understanding of how things works and that is what i was trying to do. I enjoy talking things through with other experts and am perfectly happy if i am in the "wrong".


I too did some searching based on this thread both on Cisco site and google and have found references to both answers. I found one of Cisco press books that states clearly the vlan must be in the local switch database to be forwarded on that switches trunk links. I have found threads on study sites that say it must be created locally but have also found threads saying it doesn't. As you say theory is often different from practice.


The reason i am interested is that it has a direct effect on how traffic is forwarded across a switch.


Couple of things if you don't mind -


1) did you run this across real physical switches ? - if so which model/type


2) do you think it is worth me posting a question into LAN Switching and Routing to try and get a better understanding of how the switch is handling the traffic. I am still confused as to why your output on switch B shows vlan 1 is only active on the trunk links and yet vlan 100 is forwarded across the trunk link.


Once again, i appreciate being able to talk this through and am not concerned with being proved right or wrong, i simply want to understand how exactly this is working.


Jon

Dasuntha Dinesh Sat, 06/26/2010 - 06:09

Hi Jon,


I didnt run this in real physical switches & planning to try it very soon.

I'll let you know if there's any update after that.


Of course you can post it in LAN Switching & Routing.

We can get more ideas from others & it'll help us to understand.

And I also agree with you that, always better to clarify & fully understand if we have any doubts in the mind.


For sure, I'll let u know if i have some information regarding this problem.


Have a Nice Weekend.


Regards,

Dasuntha

Actions

This Discussion