Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help please

Please help me in building the logic of the scenario. Here is my topology

[3750] >> [2821](subinterface) ---- E1 Link ----(access port)[4948]>>>(subinterface)[7206]

Here is the relevant config.

1. 2821

interface GigabitEthernet0/1.15

description ******

encapsulation dot1Q 15 native

ip address 192.168.249.161 255.255.255.252

2. 7206

interface GigabitEthernet0/1.15

description *** ***

encapsulation dot1Q 15

ip address 192.168.249.162 255.255.255.252

3. 4948

Created a VLAN - 15 and made a port access port of VLAN 15 pointing towards 2821.

Trunking between 4948 and 7206 is enabled.Native Vlan between 4948 and 7206 is Vlan 13.

interface GigabitEthernet1/32

description *** TO ROUTER 2821 ***

switchport access vlan 15

switchport mode access

Now the things work ok with this configuration.I am confused with this line in the 2821 config . i.e; encapsulation dot1Q 15 native. If I don't use the word native in the end , I cant ping from 2821 to 7206 but still it shows 4948 in its show cdp. As soon as I put native word in the end of this command ping and everthing starts working fine.

One more thing if I plug the E 1(Rj -45) to my laptop (instead of router 2821, just for testing) the laptop can ping to the remote 7206.

Exlpanation required please.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Help please

For your first question, if the router is only on one VLAN, then you simply configure the switch as an access port in the VLAN, and configure the router physical interface without any tagging encapsulation.

I'm not sure what you ar trying to get at with the second question, but I think this is what you want: suppose the router has two subinterfaces, say with encapsulation dot1q 20 and 30. The switch passes a frame in VLAN 20 to the router still with its tag. The router knows it is for interface Fa0/0.20 because the tage corresponds to the encapsulation on Fa0/0.20. The router interface strips off the tag, and passes the frame to its routing process (or more strictly its forwarding processes). The routing table decides that the packet has to be forwarded to interface Fa0/0.30. Interface Fa0/0.30 adds a tag 30, and passes the frame to the switch.

Does that answer your question?

Kevin Dorrell

Luxembourg

21 REPLIES

Re: Help please

hi,

1st you can see the 4948 in sh cdp neighbour because some protocols such as CDP transfer their info only on VLAN 1 although it is not a native vlan.The native vlan is used to carry the tagged and untagged vlan frames.So you can see the CDP neighbout but are unable to ping.

For the second point i think the version you are running on 2821 might be a reason ( I am not sure here)In case of PC the NIC card you are using must be capable of trunking and understands that 15 is the native vlan and hence you can ping.(What is the trunk negotiation method you have used @ 4948 ports towards 2821?)

Lets hear more from experts!!!!!!

HTH,

shri :)

New Member

Re: Help please

Even if i am using VLAN 13 as native , will cdp traffic be traveling over VLAN 1 ??

Here is the output from the interface connected to the 2821..

4948#show interfaces gigabitEthernet 1/25 switchport

Name: Gi1/25

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 13 (native)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Cisco Employee

Re: Help please

Hi Munawar,

CDP will always travel on vlan 1 whether it is native or not on trunk port. Even if vlan 1 is not allowed on trunk still cdp packets will travel on vlan 1 internally.

HTH

Ankur

Re: Help please

hi munawar,

If I understood your config properly you are using trunking on 2821 (towards 4948) and using access port on 4948 (towards 2821).

Well in this case when you are using encapsulation dot1q 15 command you are tagging frames for this vlan.On the otherside (4948) you have created the access port which do not understand tagging hence no ping.

Now when you configure Native keyword the frames of the native vlan are sent untagged and hence can reach the 4948 and traverse the network and hence you can ping the remote router.

When you use Laptop there is no tagging of the frames as well the port is also an access port hence you can ping the remote router.

Anything else experts?

HTH

regards,

shri :)

New Member

Re: Help please

Great Shri....

It helped a lot..Thanks.

The subinterface of a router carries the traffic of only one VLAN, then why is there need for encapsulation / tagging ??

Can u suggest me some way in which i havent to use NATIVE word ?

Cisco Employee

Re: Help please

Hi Munawar,

As you have not configured any trunking on your switch port on which router is connected this means you do not want your switch to pass traffic for more than 1 vlan and you only want to pass data for vlan 15.

In this case there is no need to configure trunking and even subinterface on your router. The subinterface and encapsulation is required when you want to pass multiple vlan traffic and router between vlans which is not in your case. Instead of creating subinterface even if you want to use main physical interface and simply configure with an ip address which belong to vlan 15 subnet you are good to go.

Coming to your second question if you had removed vlan 1 from a trunk port then also cdp,vtp traffic will flow from vlan 1. This is called as vlan 1 minimisation feature.

HTH

Ankur

New Member

Re: Help please

In the case i disable my VLAN 1, and set VLAN 13 as native. then on which vlan does VTP and other management traffic travel ??

Re: Help please

hi munawar,

You can bring up a trunk with different native VLANs on each end; however,

both switches will log error messages about the mismatch, and the potential exists that traffic

will not pass correctly between the two native VLANs.

The native VLAN mismatch is discovered through the exchange of CDP messages, not

through examination of the trunk itself. Also, the native VLAN is configured

independently of the trunk encapsulation.

If you disable VLAN 1 your VTP/DTP/CDP trffic will traverse through the native vlan.

If only one vlan is present then you dont recquire trunking between 2821 and 4948 and hence no encapsulation!!!

You can use access link between them:

The switchport mode access command forces the port to be assigned to only a single VLAN.

HTH,

regards,

shri :)

New Member

Re: Help please

Thanks guys..much helpful.

One more thing...Y i cant put encapsulation on a physical interface, when i don't need to have other VLANS terminating on that router.Means i have no requirement for subinterfaces.

Second, lets assume a router has two sub interfaces, for two vlans. How does router treat each tagged packet when it receives from one VLAN, to be routed to other VLAN. VLAN tag is still there or removed when a tagged pckt enters in a subinterface.

I hope i conveyed, what was confusing me.

Re: Help please

For your first question, if the router is only on one VLAN, then you simply configure the switch as an access port in the VLAN, and configure the router physical interface without any tagging encapsulation.

I'm not sure what you ar trying to get at with the second question, but I think this is what you want: suppose the router has two subinterfaces, say with encapsulation dot1q 20 and 30. The switch passes a frame in VLAN 20 to the router still with its tag. The router knows it is for interface Fa0/0.20 because the tage corresponds to the encapsulation on Fa0/0.20. The router interface strips off the tag, and passes the frame to its routing process (or more strictly its forwarding processes). The routing table decides that the packet has to be forwarded to interface Fa0/0.30. Interface Fa0/0.30 adds a tag 30, and passes the frame to the switch.

Does that answer your question?

Kevin Dorrell

Luxembourg

New Member

Re: Help please

Thanks Kevin..Thats what i was intending to know..

Thanks very much

New Member

Re: Help please

I want to understand the following scenario…with respect to VLAN operations.

1. When computer A sends packets to computer B, what happens at each switch and router in the way. Means which switch adds what VLAN tag at ingress of a packet and also at engrees.

2. If i dont use any kind of encapsulaiton/subiinterface at RTR-A and RTR-B then what will the paket flow be.What information / tagging will be added and deleted and each network device.

Keven and Shrikar....You guys make many things clear to me..Thanks for that and request for further help.

Bronze

Re: Help please

what is ur gateway configured for devices in vlan 100 and 110 and where is that IP configured???

Ignoring the above....

From A ---> B

(aasuming that RTA have route to B via 7202 and RTB knows about the networks in SW-B )

A---->SWA---(100)-->RTA--(16)-->4948---(16)-->7202(here the tag is striped and lookupis done and outgoing int is found)---(15)-->4948---(15)-->RTRB--->SWB-->B.

New Member

Re: Help please

Subinterfaces at RTR-A and RTR-B are gateways for there respective VLANS.

Please i want some details at each point of network, to make things very clear to me. AND in both the case, i.e A) i use encaspulation at RTR-A and RTR-B towards 4948 and B) If i dont use encapsulation at RTR-A and RTR-B towards 4948

I further want to eloborate that ports of 4948 pointing towards RTR-A and RTR-B are access ports of respective VLANS

Re: Help please

hi,

As arun said the trffic flow will be the same.But in my opinion the traffic will not go till 7207 as 4948 is a L3 switch(if you are using it that way).

Here in your senario there is no need of trunking between two routers RTA & B and the switch as they belong to only single VLAN 15 & 16 respectively.The look up is done @ 4948 and trffic will be L3 switched to another port.

The difference between trunking and access port is that access port allows to communicate on only single vlan.Where as trunking allows to communicate on many vlans.So encapsultation will not affect you in this particular scenario.

HTH,

shri :)

New Member

Re: Help please

Thanks shrikar..i was waiting to hear from you..You are great..

FYI...i am not usinf 4948 at L3..means no SVI's instead using subinterfaces on 7206.

can u explain a bit or provide me some link how switch and router treats the pakcts they are receving to be forwarded to same or some other vlans. Means how they apply or remove tagging etc etc

Bronze

Re: Help please

PLs ignore my previous post..got something wrong there..

USING encapsulation at RTA and RTB

A-->B

1.A sends frame towards SW-A without any vlan tag.

2.SW-B send the frame towards RTR-A(which is the default gateway).

3.RTR-a strips the frame,Now RTR-A see's the route toward B.Assuming its in routing table with next hop 7207.It sends frame with tag 16.4948 passes the frame towards 7207,without changing the frame encapsulation.

4.7207 strips the frame ,do routing lookup identifies the outgoing interface and send frame to 4948 with tag 15.4948 passes the towards RTR-B

5.RTR-B strips the frame and do lookup.Identifies it as connected network and send out of interface towards SW-B without any vlan encapsulation.

6.SW-B have mac-table entry for the host B and will forward to B.

If no encapsulating between RTR-A,B and 4948,ie,u have different vlan for link between RTRA/B and 4849 and between 4948 and 7207 as ur 4948 is here acting as L2 switch, i dont think packet will forward towards . I am eager to hear more 4rm experts too on this..

anyway this was a good question..made me to think.. :)

New Member

Re: Help please

If i am not using vlan between RTR-A,B and 4948, and the RTR port is in acces mode in the 4948, Then.....in this case i think 4948 will receive a pakcet from 7206 with tag of vlan 15 , will remove the tag before frwarding it to access port, and frwd it to the respective port that is member of VLAN 15...it will work properly in this case....I THINK !!

Comments please

Bronze

Re: Help please

What i mentioned in previous post was if there was no vlan (or a different vlan ) between RTR-A/B n 4948 than from 4948 and 7202 ,the routing wont happen.

I think ur question was u have no encapsulation configured on RTR-A/B ,but ur 4948 is configutred for access-port 15 and 16.If so what u said above is right..

Now i was mentioning that the frame will be encapsulated with vlan id during my description.Sorry,here term to be used was "will be tagged"(as the encapsulation is 802.1q)

Also i made a typo at POint2 ,SW-A not SW-B.

Also u didnt mentioned if ur SW-A and SW-B ports towards A and B respectively was configured as access etc,which could add some more point to the description i gave,ie tagging at SW-A with vlan 100 when sending towards RTR-A etc.

I dont think the setup you gave here is best practise ,i hope u have gave this scenario just to understand the working.. :)

thanks

arun

New Member

Re: Help please

My RTR-A and B ports towards A and B are access ports of vlan 100

well , this is the setup i am going to implement.Can u offer me some better design ??

Bronze

Re: Help please

I am not a guy with that much experince to give you suggestion regarding this,but sure would love to share some thought what i have learned from my small experience.

I dont know wht exactly is ur requirements(density of users,ur exsisting setups and other needs etc.).Are just setting up the LAN and also u are going to connect it to outside network??

It would be better if u could provide these details..

191
Views
4
Helpful
21
Replies
CreatePlease to create content