How does switch knows which VLAN

Gucamole · ‎02-25-2023

I understand VLAN creates a broadcast domain and L2 switch only fwd within the VLAN without an L3 device. However, how does the L2 switch knows which VLAN the frame needs to go without a dot1q Header?

For eg. I did a pcap and I don't see any VLAN ID or info on the ethernet header for access ports so when access ports send a broadcast or unicast how does the switch know which VLAN it's coming from and the other host is on the same VLAN?

Richard Burts · ‎02-25-2023

You have asked 2 closely related questions: "how does the L2 switch knows which VLAN the frame needs to go without a dot1q Header? " and "how does the switch know which VLAN it's coming from". Logically the switch sees the frame coming from before it decides about going to so let us consider the questions in that order. Assuming that the frame arrives at the switch on an access port (if a frame arrives on a trunk port then dot1q is involved) the switch knows what vlan the frame belongs in because it is the vlan of the access port. And once the switch knows what vlan the frame belongs in then the destination must be another port in that same vlan.

HTH

Rick

Gucamole · ‎02-25-2023

" switch knows what vlan the frame belongs in because it is the vlan of the access port." --> Ok, this makes sense. So If the port is configured as an access VLAN 5 then the source mac = VLAN 5?

And once the switch knows what vlan the frame belongs in then the destination must be another port in that same vlan. --> I am confused about this statement. I could try to ping a host in a separate VLAN which switch should drop since it is only an L2 switch in this scenario.

Is it the flooding mechanism switch uses to build its CAM table & it references the table?

What I am confused it if a host on Access VLAN 5 sends a broadcast message, a switch will forward it to all the hosts on VLAN 5. However, when the frame comes in it doesn't say anywhere this frame belongs to VLAN 5 (at least I couldn't see it on a Packet Capture). So not fully clear how it exactly works.

MHM Cisco World · ‎02-25-2023

when the frame comes in it doesn't say anywhere this frame belongs to VLAN 5 <<- come from where ?? and where it go ??

Gucamole · ‎02-25-2023

A host on the access VLAN 5 sends a broadcast frame. How does the switch know to only sent to hosts on VLAN 5 as VLAN 5 is not present on the frame it receives, unlike a dot1q tag which is clear.

MHM Cisco World · ‎02-25-2023

access port config with following
interface f0/0

switchport access vlan 5 <<-

this VLAN ID will add in mac table with mac address of connect device
WHEN SW receive any broadcast in any port show in mac table with vlan 5 it will flood to all other port in mac table with vlan 5

that how L2 SW work.

Gucamole · ‎02-25-2023

So basically switch looks into its Mac-Add-Table as a reference and makes L2 decision?

What about Native VLAN that's present on a Trunk port? How does switch knows where to forward the broadcast frame to?

For eg.

Int fa0/1

switchport mode trunk

switchport trunk native vlan 5

balaji.bandi · ‎02-25-2023

if you mention native vlan 5(so all untagged traffic go in vlan 5)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎02-25-2023

the broadcast receive from access port (we explain this above) it will forward to all port and trunk if found AND if VLAN5 is allowed in trunk

NOW
the SW now need more work
send this frame as tag or untag ?
it depend on native of vlan in trunk
if the native vlan is vlan 5 the frame will forward UNTAG
if the native vlan is not vlan 5 the frame will forward TAG

MHM Cisco World · ‎02-25-2023

now reverse
the SW receive the frame untag and the native vlan in trunk is vlan 5
so the SW immediate know that this broadcast must flood to all port that have vlan 5 in mac table

other case
the SW receive the frame tag and the native vlan is not vlan 5, this easy and SW know that this frame is for vlan5 depend on tag, and it will forward to all port in vlan 5 in mac table

Gucamole · ‎02-25-2023

if the native vlan is vlan 5 the frame will forward tag
if the native vlan is not vlan 5 the frame will forward untag

--> I thought if the native VLAN is VLAN 5 it will forward untag. Isn't that the case?

MHM Cisco World · ‎02-25-2023

Yes. You are correct.

Joseph W. Doherty · ‎02-27-2023

What @MHM Cisco World wrote, about switch adding/appending VLAN ID with source MAC in MAC table is half the (logically) solution to your question.

The other half of the (logical) solution, the switch has another table that has VLAN ID and ports that are members of that VLAN.

E.g.

Broadcast frame enters port and is considered in VLAN 5. It's forwarded to all other VLAN 5 ports.

Externally, this works without tagged frames as long as multiple VLANs don't share a port.

Richard Burts · ‎02-25-2023

You ask "However, when the frame comes in it doesn't say anywhere this frame belongs to VLAN 5 (at least I couldn't see it on a Packet Capture)." I do not know how to be more clear. The information is not in any bits in the frame so there is nothing to see in packet capture. The information about vlan membership is based on the physical port that received the frame and what vlan it belongs to.

HTH

Rick

Richard Burts · ‎02-25-2023

Let me try a somewhat different approach to explain the issue. Let us assume that some PC in vlan 5 has sent a ping packet to a destination IP address that is actually in vlan 10. The switch receives the ping packet and recognizes that it belongs in vlan 5. The switch then looks at the destination mac address. What is the destination mac address in this situation? If the destination mac address were to be the actual mac address of the destination (in vlan 10) then the ping would fail. But probably the destination mac address is the address of the default gateway for the vlan/subnet of vlan 5. Since the destination mac address is also in vlan 5 the switch forwards the frame to the gateway device.

HTH

Rick