01-09-2013 07:45 AM - edited 03-07-2019 11:00 AM
I set up simple topology to confirm my understanding of vlan .
Please refer to Screenshot attached .
First , I set up like the screenshot .
but I couldnt ping a router from the other one .
Second , Please see R2 CLI on the screenshot .
I setted up native vlan .
R2(config-subif)#encapsulation dot1Q 2 native
after that , I could ping .
but I think I dont need to configure native vlan on R2 .
Is this GNS3's specification ?
OR
Is this that I have misunderstood Vlan function ?
Solved! Go to Solution.
01-09-2013 12:40 PM
This is behaving as expected.
The traffic that is exiting R1 is not tagged, you have not configured the native VLAN on port fa1/1 on router 5 so untagged traffic is assumed to be in VLAN 1 (the default native VLAN) when it enters this port. Additionally traffic from R2 is being tagged and arriving at a port that is not configured as a trunk so the tag is not read and any traffic is assumed to be in VLAN 2. This configuration should not work and is not working so everything is working correctly.
Please note that if you swap the ports and connect R1 to port fa1/2 and connect R2 to port fa1/1, this should work. Traffic from R1 will not be tagged, enter an access port configured for VLAN 2 and be forwarded in VLAN 2. It will then leave fa1/1 as a tagged frame in VLAN 2, it will arrive at R2, the tag will be read and the frame received by sub-interface fa0/0.1.
01-09-2013 07:51 AM
Witch of the routers is the output from? Also, could you provide a full interface configuration from both of them?
01-09-2013 08:01 AM
01-09-2013 08:19 AM
The only way I was able to observe the same behavior you indicated was to reverse the ports on the switch, connecting 1 to 2 and 2 to 1. I do not know the technical details of how the standalone switches in GNS3 are programmed to operate, but assuming they match thier native VLAN to to the native VLAN of the incoming trunk, this would be correct behavior.
If the connections are indeed made in the way indicated this would be a bug.
I always avoid the use of the GNS3 dumb switches and just put an ESM into a router when I need a switch. This gives me much better control.
01-09-2013 08:45 AM
hm..
native vlan means no tag to send a packet .
so Native vlan can communicate to every access port on a switch . is this correct ?
In this case ,
Port 1 is trunk ( idont know why I have to set up vlan number on trunk port tho )
and Port 2 is vlan 2 access port .
thats why I think i can ping each router ..
Please check the new SS attached to confirm the topology .
01-09-2013 09:10 AM
Native VLAN mean that no tag is applied to the packet. This does not mean it can comunicate with every port.
Whenever a port configured as a dot1q trunk recives a packet that does not have a tag it asumes that that packet is suposed to be in whatever VLAN has been configured as the port's native VLAN. This also means that if packets originating from a device that is not configured as a trunk arrive at a port that is configured as a dot1q trunk, those packets will also be placed in the configued native VLAN.
01-09-2013 09:24 AM
sorry for bothering you .
But that is still not clear for me .
so I want to clear one thing .
1.In this topology attached, If I dont set up native vlan on R2 , I couldnt ping a router from other router .
Is this correct ?
2.If so , How should I change the parameter on the Switch ?
01-09-2013 10:11 AM
I really would recommend swapping out the dumb GNS3 switch for a router with an Etherswitch module. I think a lot of the confusion around this will clear up if you have a device that is properly manageable.
Here is some guidance on etherswitch modules. You can read about the GNS3 implementation of them here.
As to the overall concept of native VLANs, the native VLAN is a VLAN like any other. However rather then being tracked by the use of a tag, it is tracked by the lack of a tag. The whole concept was introduced to allow trunks to pass though unmanageable switches. The native VLAN is the VLAN that other devices that get plugged into unmanageable switch wind up in.
Unless you are doing some really crazy stuff like trying to pass a trunk though a network of dumb switches AND really understand how native VLANs function. The best practice is to set your native VLANs to a common unused VLAN on all trunks in your network. Doing otherwise introduces complexity and can create security vulnerabilities.
01-09-2013 12:23 PM
01-09-2013 12:40 PM
This is behaving as expected.
The traffic that is exiting R1 is not tagged, you have not configured the native VLAN on port fa1/1 on router 5 so untagged traffic is assumed to be in VLAN 1 (the default native VLAN) when it enters this port. Additionally traffic from R2 is being tagged and arriving at a port that is not configured as a trunk so the tag is not read and any traffic is assumed to be in VLAN 2. This configuration should not work and is not working so everything is working correctly.
Please note that if you swap the ports and connect R1 to port fa1/2 and connect R2 to port fa1/1, this should work. Traffic from R1 will not be tagged, enter an access port configured for VLAN 2 and be forwarded in VLAN 2. It will then leave fa1/1 as a tagged frame in VLAN 2, it will arrive at R2, the tag will be read and the frame received by sub-interface fa0/0.1.
01-09-2013 01:56 PM
Finally I could understand .
Thank you very mush .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide