VLAN & IOS QUERRY

Unanswered Question
Sep 28th, 2010

Hi Experts,

1> What are Tagged & Untagged Vlans.If anyone can share with simple example.

Is NATIVE vlan is Tagged or Untagged. and what about other vlans which are allowed in command "switch trunk mode allowed vlan 2,4,6,8". bt confusion on this.

2> This querry is regarding IoS upgrade on router.

Lets say we have a 2600 series router on which Flash memory is having capacity of 16MB. The existing IOS image in the router having 10MB. If we want to upgrade a new IOS image (capacity of 12MB) then obviously we need to clear the existing image first to free up the same. Requesting if anyone can share the steps & commands need to execute this task succesfull.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
gatlin007 Tue, 09/28/2010 - 12:18

In regard to tagged and untagged Vlans.



In the diagram above Vlan 2 is untagged while Vlan 5 and 7 are tagged.  The native Vlan of a dot1q trunk is not tagged as it passes over the trunk.  Vlan 5 and vlan 7 have a dot1q header on their Ethernet frames while vlan 2 has none.  Frame 3 represents a frame belong to Vlan 2.

This is why it's important for the native Vlan to match on both ends or things can get very confusing.  I generally make it a policy to not pass any data over the native vlan.  This article has a good section on how an untagged/native Vlan can cause security concerns.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

As far as your IOS upgrade.  Delete the current image; hope the router dosent loose power.  TFTP, FTP, or SCP the new image to the router.  Change the boot command to look for the new image.  Make sure the file size on flash matches the file size you sent.  Reload and hope.  If something goes wrong it's a really good idea to have a modem you can dial into that's connected to the router console. These days you can generally recover a router by useing TFTP in rommon is something goes worng.


Chris

Peter Paluch Tue, 09/28/2010 - 12:24

Hello,

Regarding the native VLAN, the native VLAN is by definition untagged. A native VLAN may or may not be allowed on a trunk - these two are independent. You can designate a particular VLAN to be the native VLAN on a trunk, and subsequently you can remove it from the list of allowed VLANs on a trunk - that is possible and it is normal.

Regarding the upgrade of IOS on a 2600 router, there are no special caveats about it. I suggest first to backup all files in the FLASH, in particular the current IOS image, on an external medium (say, a TFTP server). Then, use the erase flash: command in the privileged EXEC mode to erase the FLASH. After that, you can download the new IOS into the FLASH.

You can also review the following document about this issue:

http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a00801fc986.shtml

Best regards,

Peter

cisco.net Wed, 09/29/2010 - 11:08

Hii Chris n Peter,

Txns a ton for reply.

a small confusion here.

If we want to define a Tagged & Untagged Vlan , can it be like this.

Un-Tagged Vlan :- The Vlan which passes over the trunk is untagged Vlan.

Tagged Vlan:- Vlan having dot1q header in their ethernet frame.

If these are not a correct one, then how can we specifically define it.

Peter Paluch Wed, 09/29/2010 - 11:23

Hello,

Both tagged and untagged VLANs are passed through a trunk (i.e. they can be carried over it). However, each frame on a trunk must be specially marked to identify the VLAN into which it belongs. We call it tagging. Ideally, on a trunk, frames from all VLANs are tagged with the 802.1Q tag to identify their VLAN.

However, the IEEE was apparently concerned what will happen if an untagged (i.e. completely normal unmodified) frame is received on a trunk. Because such a frame has no 802.1Q tag in it, it cannot be directly deduced what VLAN should that frame be forwarded into.

This problem is solved by the native VLAN. The native VLAN is used to carry all frames on a trunk that do not have any 802.1Q tag describing their VLAN membership. The concept of native VLAN concerns both directions of data transfer:

  • Frames received by a trunk port that do not carry any 802.1Q tag will be assigned to the native VLAN configured on that trunk
  • Frames originally belonging to a VLAN that is configured as the native VLAN on a trunk will be sent through the trunk without modification (no 802.1Q tag will be added - they will remain untagged)

So an untagged VLAN is precisely the same as the native VLAN, and it is an explicitly configured VLAN on a particular trunk port that will not use 802.1Q tags on this trunk. Obviously, only one such VLAN can exist on a particular trunk (two or more native VLANs = untagged VLANs would be indistinguishable on a single trunk). All other VLANs carried over a trunk are tagged.

Best regards,

Peter

Actions

This Discussion