Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7679
Views
0
Helpful
7
Replies

Tagged or Untagged Trunk?

Rduhb
Level 1
Level 1

‎09-21-2019 06:25 PM

Should the trunk port connected to my router be tagged or untagged?   

Labels:
0 Helpful
7 Replies 7

RicardoSN
Level 1
Level 1

‎09-21-2019 07:27 PM - edited ‎09-21-2019 07:28 PM

Hello Rduhb, please try to describe a bit more your scenario to be able to help you better.

When you are connecting two network devices between each other, both sides of the link should be set to the same mode (access or trunk) for it to work properly.

When you set a port to access mode, you're telling that port that it should expect untagged traffic and the outgoing traffic from that port will be untagged too.

When you set a port to trunk mode, you're telling that port that it should expect tagged traffic and the outgoing traffic from that port will arrive to the other end of the link tagged with its respective VLAN. Generally a Trunk Port is used to allow traffic from different VLANs and you can specify which VLANs are allowed only or just leave it to its default (allow every VLAN).

-Ricardo S.N., Regards!
0 Helpful

Rduhb
Level 1
Level 1
In response to RicardoSN

‎09-21-2019 08:11 PM

Sorry for being vague.  So here’s my setup.  

Port 1 - router

port 2- PC1 VLAN 10

port 3- PC2 VLAN 20

 

i want both PC’s to have access to the internet.  I have port 1 as a trunk.  But I’m confused in regards to tagged vs untagged trunk.  Still a lot to learn.  

0 Helpful

RicardoSN
Level 1
Level 1
In response to Rduhb

‎09-21-2019 08:58 PM - edited ‎09-21-2019 09:02 PM

Is there really a need for PC1 and PC2 to be on different VLANs?

If there is not, you could just leave the Switch to its default switchport configuration, which is every port in access mode. This way the Switch would work pretty much like a "plug and play" unmanaged Switch, leaving the reset of the work to the Router to route the packets to/from the internet. An example of this configuration would be this:

Router

interface GigabitEthernet0/0/0

description Router-to-Switch

ip address 192.168.1.254 255.255.255.0

duplex auto

speed auto

Switch

interface FastEthernet0/1

description to-Router

!

interface FastEthernet0/2

description to-PC1

!

interface FastEthernet0/3

description to-PC2

!

If you indeed need to configure PC1 on VLAN 10 and PC2 on VLAN 20 then you should configure both ports between the Router and the Switch on trunk mode and ports 2 and 3 on the Switch as access. Keep in mind VLANs and IP Segments usually are 1:1 meaning you will need an IP Segment for every VLAN you have. An example of this configuration would be:

Router

interface GigabitEthernet0/0/0

description Router-to-Switch

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0/0.10

encapsulation dot1Q 10

ip address 192.168.1.254 255.255.255.0

!

interface GigabitEthernet0/0/0.20

encapsulation dot1Q 20

ip address 192.168.2.254 255.255.255.0

Switch

Switch(config)#vlan 10

Switch(config-vlan)#name PC1

Switch(config)#vlan 20

Switch(config-vlan)#name PC2

 

interface FastEthernet0/1

description to-Router

switchport trunk allowed vlan 10,20

switchport mode trunk

!

interface FastEthernet0/2

description to-PC1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

description to-PC2

switchport access vlan 20

switchport mode access

PC1 and PC2 would still be able to communicate between each other in this scenario as the traffic between the two IP Segments will be routed by the Router.

 

I hope this helps. Good Luck!

-Ricardo S.N., Regards!
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Rduhb

‎09-22-2019 08:23 AM

Generally an untagged trunk would be useless, as its the tags that allow the VLANs to be kept logically separate on a trunk. However, Cisco trunks also generally allow one VLAN to be untagged (by default, VLAN 1).

For your setup, you would define port 1, on the switch, as a trunk, and by default, both VLANs 10 and 20 frames will be tagged.

On your router, you define its port (that connects to swtich port 1) as a .q interface, and define subinterfaces for both VLANs 10 and 20.
0 Helpful

Martin L
VIP
VIP

‎09-21-2019 09:01 PM - edited ‎09-21-2019 09:12 PM

PC directly connecting to Router  - access port, no trunk needed but crossover cable is; just like PC to PC or R-to-R

Switch connecting Router - trunk port 

Router on stick scenario, RoaS, where L2 switch connects Router so that many PCs connected to switch in different vlans can communicate. Router does routing.

RoaS can have 2-3 ways to set it up. I would use untagged vlan 1 for no dat/user PC traffic.   

 

Tag or untag and what vlan is your choice; I think recommendation is to not use untagged vlan for data/user traffic.  for security reason, u can change default settings (vlan 1 is not tagged) to different vlan. 

 

 

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

Martin L
VIP
VIP
In response to Martin L

‎09-21-2019 09:14 PM


some of my old examples of ROAS for Packet tracer
https://learningnetwork.cisco.com/docs/DOC-36224
2 examples are on this page
https://learningnetwork.cisco.com/content?itemView=detail&filterID=contentstatus%5Bpublished%5D&start=20

note: cln site is a bit slow - under construction- so refresh browser couple times
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎09-21-2019 10:31 PM

If the routers port has one ip address then tagging is not needed. If you have subinterfaces with ip addresses on the one physical port then yes you need to tag
Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents