01-14-2008 01:01 AM - edited 03-05-2019 08:27 PM
Please help me in building the logic of the scenario. Here is my topology
[3750] >> [2821](subinterface) ---- E1 Link ----(access port)[4948]>>>(subinterface)[7206]
Here is the relevant config.
1. 2821
interface GigabitEthernet0/1.15
description ******
encapsulation dot1Q 15 native
ip address 192.168.249.161 255.255.255.252
2. 7206
interface GigabitEthernet0/1.15
description *** ***
encapsulation dot1Q 15
ip address 192.168.249.162 255.255.255.252
3. 4948
Created a VLAN - 15 and made a port access port of VLAN 15 pointing towards 2821.
Trunking between 4948 and 7206 is enabled.Native Vlan between 4948 and 7206 is Vlan 13.
interface GigabitEthernet1/32
description *** TO ROUTER 2821 ***
switchport access vlan 15
switchport mode access
Now the things work ok with this configuration.I am confused with this line in the 2821 config . i.e; encapsulation dot1Q 15 native. If I don't use the word native in the end , I cant ping from 2821 to 7206 but still it shows 4948 in its show cdp. As soon as I put native word in the end of this command ping and everthing starts working fine.
One more thing if I plug the E 1(Rj -45) to my laptop (instead of router 2821, just for testing) the laptop can ping to the remote 7206.
Exlpanation required please.
Thanks
Solved! Go to Solution.
01-14-2008 05:14 AM
For your first question, if the router is only on one VLAN, then you simply configure the switch as an access port in the VLAN, and configure the router physical interface without any tagging encapsulation.
I'm not sure what you ar trying to get at with the second question, but I think this is what you want: suppose the router has two subinterfaces, say with encapsulation dot1q 20 and 30. The switch passes a frame in VLAN 20 to the router still with its tag. The router knows it is for interface Fa0/0.20 because the tage corresponds to the encapsulation on Fa0/0.20. The router interface strips off the tag, and passes the frame to its routing process (or more strictly its forwarding processes). The routing table decides that the packet has to be forwarded to interface Fa0/0.30. Interface Fa0/0.30 adds a tag 30, and passes the frame to the switch.
Does that answer your question?
Kevin Dorrell
Luxembourg
01-14-2008 01:11 AM
hi,
1st you can see the 4948 in sh cdp neighbour because some protocols such as CDP transfer their info only on VLAN 1 although it is not a native vlan.The native vlan is used to carry the tagged and untagged vlan frames.So you can see the CDP neighbout but are unable to ping.
For the second point i think the version you are running on 2821 might be a reason ( I am not sure here)In case of PC the NIC card you are using must be capable of trunking and understands that 15 is the native vlan and hence you can ping.(What is the trunk negotiation method you have used @ 4948 ports towards 2821?)
Lets hear more from experts!!!!!!
HTH,
shri :)
01-14-2008 02:35 AM
Even if i am using VLAN 13 as native , will cdp traffic be traveling over VLAN 1 ??
Here is the output from the interface connected to the 2821..
4948#show interfaces gigabitEthernet 1/25 switchport
Name: Gi1/25
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 13 (native)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
01-14-2008 02:51 AM
Hi Munawar,
CDP will always travel on vlan 1 whether it is native or not on trunk port. Even if vlan 1 is not allowed on trunk still cdp packets will travel on vlan 1 internally.
HTH
Ankur
01-14-2008 03:00 AM
hi munawar,
If I understood your config properly you are using trunking on 2821 (towards 4948) and using access port on 4948 (towards 2821).
Well in this case when you are using encapsulation dot1q 15 command you are tagging frames for this vlan.On the otherside (4948) you have created the access port which do not understand tagging hence no ping.
Now when you configure Native keyword the frames of the native vlan are sent untagged and hence can reach the 4948 and traverse the network and hence you can ping the remote router.
When you use Laptop there is no tagging of the frames as well the port is also an access port hence you can ping the remote router.
Anything else experts?
HTH
regards,
shri :)
01-14-2008 03:43 AM
Great Shri....
It helped a lot..Thanks.
The subinterface of a router carries the traffic of only one VLAN, then why is there need for encapsulation / tagging ??
Can u suggest me some way in which i havent to use NATIVE word ?
01-14-2008 04:09 AM
Hi Munawar,
As you have not configured any trunking on your switch port on which router is connected this means you do not want your switch to pass traffic for more than 1 vlan and you only want to pass data for vlan 15.
In this case there is no need to configure trunking and even subinterface on your router. The subinterface and encapsulation is required when you want to pass multiple vlan traffic and router between vlans which is not in your case. Instead of creating subinterface even if you want to use main physical interface and simply configure with an ip address which belong to vlan 15 subnet you are good to go.
Coming to your second question if you had removed vlan 1 from a trunk port then also cdp,vtp traffic will flow from vlan 1. This is called as vlan 1 minimisation feature.
HTH
Ankur
01-14-2008 03:07 AM
In the case i disable my VLAN 1, and set VLAN 13 as native. then on which vlan does VTP and other management traffic travel ??
01-14-2008 04:05 AM
hi munawar,
You can bring up a trunk with different native VLANs on each end; however,
both switches will log error messages about the mismatch, and the potential exists that traffic
will not pass correctly between the two native VLANs.
The native VLAN mismatch is discovered through the exchange of CDP messages, not
through examination of the trunk itself. Also, the native VLAN is configured
independently of the trunk encapsulation.
If you disable VLAN 1 your VTP/DTP/CDP trffic will traverse through the native vlan.
If only one vlan is present then you dont recquire trunking between 2821 and 4948 and hence no encapsulation!!!
You can use access link between them:
The switchport mode access command forces the port to be assigned to only a single VLAN.
HTH,
regards,
shri :)
01-14-2008 05:05 AM
Thanks guys..much helpful.
One more thing...Y i cant put encapsulation on a physical interface, when i don't need to have other VLANS terminating on that router.Means i have no requirement for subinterfaces.
Second, lets assume a router has two sub interfaces, for two vlans. How does router treat each tagged packet when it receives from one VLAN, to be routed to other VLAN. VLAN tag is still there or removed when a tagged pckt enters in a subinterface.
I hope i conveyed, what was confusing me.
01-14-2008 05:14 AM
For your first question, if the router is only on one VLAN, then you simply configure the switch as an access port in the VLAN, and configure the router physical interface without any tagging encapsulation.
I'm not sure what you ar trying to get at with the second question, but I think this is what you want: suppose the router has two subinterfaces, say with encapsulation dot1q 20 and 30. The switch passes a frame in VLAN 20 to the router still with its tag. The router knows it is for interface Fa0/0.20 because the tage corresponds to the encapsulation on Fa0/0.20. The router interface strips off the tag, and passes the frame to its routing process (or more strictly its forwarding processes). The routing table decides that the packet has to be forwarded to interface Fa0/0.30. Interface Fa0/0.30 adds a tag 30, and passes the frame to the switch.
Does that answer your question?
Kevin Dorrell
Luxembourg
01-14-2008 06:30 AM
Thanks Kevin..Thats what i was intending to know..
Thanks very much
01-15-2008 12:58 AM
I want to understand the following scenarioâ¦with respect to VLAN operations.
1. When computer A sends packets to computer B, what happens at each switch and router in the way. Means which switch adds what VLAN tag at ingress of a packet and also at engrees.
2. If i dont use any kind of encapsulaiton/subiinterface at RTR-A and RTR-B then what will the paket flow be.What information / tagging will be added and deleted and each network device.
Keven and Shrikar....You guys make many things clear to me..Thanks for that and request for further help.
01-15-2008 01:15 AM
what is ur gateway configured for devices in vlan 100 and 110 and where is that IP configured???
Ignoring the above....
From A ---> B
(aasuming that RTA have route to B via 7202 and RTB knows about the networks in SW-B )
A---->SWA---(100)-->RTA--(16)-->4948---(16)-->7202(here the tag is striped and lookupis done and outgoing int is found)---(15)-->4948---(15)-->RTRB--->SWB-->B.
01-15-2008 01:45 AM
Subinterfaces at RTR-A and RTR-B are gateways for there respective VLANS.
Please i want some details at each point of network, to make things very clear to me. AND in both the case, i.e A) i use encaspulation at RTR-A and RTR-B towards 4948 and B) If i dont use encapsulation at RTR-A and RTR-B towards 4948
I further want to eloborate that ports of 4948 pointing towards RTR-A and RTR-B are access ports of respective VLANS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide