hi Andy,

all my ports as you said are access ports and all i did was connect the VLANS using a x-over cable. no trunking was configured and no routing was used. both vlans on the different switches are connected via the cable ONLY.

the VLAN configuration for the passport was the factory default itself (all ports on VLAN 1). as for the catalyst, basic vlan configuration was used with the commands "interface vlan 4" and assigning ports with "switchport access vlan 4"

that is why this is so confusing. i kept insisting that this will never work and it did!!!!!

i hope you guys can help me understand what is going on.

Mohammed

The VLAN definition is known within the switch on which it is defined and limits the ports through which frames can be forwarded (a frame from one port can only be forwarded to access ports in the same VLAN or through a trunk port). If the frame is forwarding out an access port it sends a regular Ethernet frame with no indication of which VLAN it is. If the switch is forwarding a frame out a trunk port then the switch adds information (tags the frame) to indicate which VLAN it belongs to so that the receiving switch will know what vlan it belongs to.

So in your case since the switches are connected via access ports and not via trunks the frames are forwarded without any VLAN membership information. So the catalyst may get a frame and know that it belongs to VLAN 4 and forwards it out a port that belongs to VLAN 4. And the passport receives the frame on a port belonging to VLAN 1 so it believes that the frame is a VLAN 1 frame and treats it accordingly.

This is an issue to be careful about when connecting switches. If switches are connected via access ports it is quite possible to confuse VLAN membership. If switches are connected via trunk ports then VLAN membership will be maintained correctly.

HTH

Rick

Hi Banajahm,

it is very simple, since you told that all ports in Cisco 3550 are in VLAN4(including the port "eg. Gig 0/1 in Cisco 3550"which is connected to Nortel 8610 ) which means all the ports in Nortel 8610 has only VLAN 4 traffic. because the source Interface on Cisco 3550 "Gig 0/1" is configured as VLAN 4 traffic, if it is been configured as VLAN5, then all the ports in Nortel 8610 will have only VLAN 5 traffic.

also u say it is factory default which is more or less equal to unmanageable Switch.

infact even if you connect an ordinary Hub or Switch also it will work like this only.i hope you would have got an clear idea about this.

Here's my theory ...

When you use the "switchport access vlan" command, there's no dot1q or isl encapsulation. The Cisco 3550 12.1(11) command reference only mentions encapsulation in reference to the "switchport trunk" command. Internally, the Cisco 3550 switch must keep track of which ports are in which VLAN.

Therefore both ends of the Nortel/Cisco link are in the same VLAN (virtual switch) since no dot1q/isl encapsulation is occurring. All frames are untagged on both ports.

The Nortel switch would be in whatever Cisco VLAN the Cisco port is in.

What you've really done is BRIDGE the two VLANs.

In essence they are now the same broadcast domain. The same LAN/Layer2 network.

ok. i get it now. let me just reiterate;

because the ports are only access ports and not trunk ports, there is no frame tagging for any ethernet frames exiting the ports connecting the switches. therefore, each switch regardless of the memberships of its ports treats the frames as normal PDUs.

is my understanding correct?

This brings up another question with a similar scenario. Lets say that each switch had two different VLANS on them. The nortel had 1 and 2 and the cisco has 1 and 2 as well. The same scenario where no trunking is enabled on the ports between the switches. When either switch recieves traffic from the other switch, how does the switch that recieved the traffic know which ports to forward it out to. In other words, lets say the nortel switch sent a broadcast to all ports in VLAN1. The cisco switch is connected to one of the VLAN1 ports on the nortel switch, so it recieves traffic from the nortel switch. Now, since it isnt a trunk link, and the traffic isnt tagged, how does the cisco switch know which ports to send out traffic to? You cant say that it would send it out all VLAN1 ports because when the switch recieved the broadcast, it wasnt tagged with VLAN1 so it doesnt know its VLAN1 traffic. So, does it send it out all ports then?

Timothy

You seem to have overlooked one point in your question. You are assuming that the nortel forwards a broadcast out an access port that is in vlan 1. So the frame is received by cisco on an access port. The important point here is what VLAN does cisco have that port configured to be part of? If cisco thinks this access port of part of VLAN 1 then it forwards to other VLAN 1 ports and if cisco thinks it is part of VLAN 2 then it forwards to VLAN 2 ports.

HTH

Rick

Ok...I see what you're saying Rick. In other words if the cisco port connecting to the Nortel switch was a VLAN1 port, then when the Cisco switch recieved traffic for VLAN1, the cisco switch would just continue forwarding traffic to its other VLAN1 ports. And you couldnt assign the Cisco port connected to the nortel switch any other VLAN, correct? If you were to assign the Cisco port connected to the nortel switch port (VLAN1) in VLAN3, then communication wouldnt work. In my original question, i was thinking the cisco port was a regular port, but with VLANs, every port has to be in some VLAN, whether it be the default or not.

Timothy

I am not clear what you mean in your comment when you say you were assuming the cisco port was a regular port. What is a regular port?

In a somewhat simplistic view every port on a switch is either an access port or it is a trunk port. If it is an access port then it can only carry frames belonging to one specific VLAN. If it is a trunk port then it can carry traffic for all VLANs (and will tag all frames that it forwards out the trunk to mark their VLAN membership).

If a switch receives a frame on an access port then it believes that frame belongs to that VLAN. And it has no idea what the other switch thought about VLAN membership. So to continue your example, if the nortel forwarded a frame out a port in VLAN 1 and it was received by cisco on a port belonging to VLAN 3 then the cisco would forward to any other port belonging to VLAN 3 (but not to any port in VLAN 1). The two switches can communicate without any problem over access ports that are defined in different VLANs on each switch.

One way to look at this and try to understand this is to see the difference between what you CAN do and what you SHOULD do. You CAN connect two switches on access ports where each switch defines the access port in a different VLAN. You SHOULD coordinate switch connections so that each switch configures the same VLAN on the connecting access ports.

HTH

Rick

Just to make sure I have something clear...Lets say that the ports between the switches would have been trunked. If the 3550 were a multi-layer switch, the switch would "route" traffic between the VLANS anyways when he put in the INTERFACE [VLAN] command, which is what he did?

Timothy

I believe that there are two important points in what you say:

- if the switches had been connected by trunks instead of access ports then the switches would have had a consistent understanding of the VLAN membership and would not have forwarded frames between VLANs.

- the only way for frames to get from one VLAN to another VLAN is to go through a layer 3 interface which can do inter VLAN routing.

I believe that your understanding of both points is correct.

HTH

Rick