01-26-2019 08:24 AM - edited 03-08-2019 05:09 PM
Trying to figure out what traffic would be tagged in this scenario.
Let's say I have two switches trunked together with the native VLAN as 99. I also have some other VLANs configured (10,11)
SW1 802.1q trunk running PVST+
SW2 802.1Q trunk running PVST+
switchport trunk encap dot1q
switchport mode trunk
switchport trunk native vlan 99
now if I keep things this way, I assume the behavior would be as follows:
VLAN1 STP BPDUs are sent tagged as VLAN1 to PVST+ MAC 01:00:0C:CC:CC:CD
VLAN1 STP BPDUs are also sent to the STP MAC untagged
VLANs 10-20 are sent to the PVST+ MAC tagged
but now, I want to issue the command
switchport trunk allowed vlan 10,11,99
NOW what happens to VLAN1? Does the above change? If so, how?
Solved! Go to Solution.
01-26-2019 08:32 PM
Hi,
In the case of spanning three VLAN, 1 is treated differently. If you are aware of the VTP pruning, you can't do it on VLAN 1 because as per standard many other protocols are depended on the VLAN 1.
In short, if the native VLAN is VLAN1 then:
If the native VLAN is different from VLAN1 then:
In an easy word, the standard STP BPDU is always derived from VLAN1 and is always sent untagged. The PVST+ BPDUs are derived from their appropriate VLANs and are tagged according to the native VLAN on the trunk.
For more details visit below link:
Regards,
Deepak Kumar
01-26-2019 08:38 AM
01-26-2019 09:37 AM
that answers some of this, but I am still wondering about how a
switchport trunk allowed vlan
command that excludes VLAN1 will affect this situation
01-26-2019 10:02 AM - edited 01-26-2019 10:03 AM
Hi,
No there will no effect on the BPDU.
Here is the test lab:
Switch#
Switch#show inter trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/24 on 802.1q trunking 3
Port Vlans allowed on trunk
Gig1/0/24 2-3
Port Vlans allowed and active in management domain
Gig1/0/24 2,3
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/24 2,3
Switch#
Switch#sho spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4097
Address 0050.0F06.8D18
Cost 4
Port 24(GigabitEthernet1/0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0090.217B.80B9
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/24 Root FWD 4 128.24 P2p
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 4098
Address 0050.0F06.8D18
Cost 4
Port 24(GigabitEthernet1/0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0090.217B.80B9
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/24 Root FWD 4 128.24 P2p
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 4099
Address 0050.0F06.8D18
Cost 4
Port 24(GigabitEthernet1/0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 0090.217B.80B9
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/24 Root FWD 4 128.24 P2p
Switch#
I didn't allow the VLAN 1 on the Trunk port as you can see the port configuration but still, now VLAN 1 is getting BPDU from the Root switch.
Regards,
Deepak Kumar
01-26-2019 10:50 AM - edited 01-26-2019 10:53 AM
Hi,
Yep, It's because the PVST+ generated BPDU message has the VLAN ID in the TLV (Type-Length-Value) field, which should be the last value of TLV. You may find that the value is equal to the VLAN ID of that VLAN from Wireshark.
01-26-2019 11:17 AM
01-26-2019 12:02 PM
01-26-2019 08:32 PM
Hi,
In the case of spanning three VLAN, 1 is treated differently. If you are aware of the VTP pruning, you can't do it on VLAN 1 because as per standard many other protocols are depended on the VLAN 1.
In short, if the native VLAN is VLAN1 then:
If the native VLAN is different from VLAN1 then:
In an easy word, the standard STP BPDU is always derived from VLAN1 and is always sent untagged. The PVST+ BPDUs are derived from their appropriate VLANs and are tagged according to the native VLAN on the trunk.
For more details visit below link:
Regards,
Deepak Kumar
01-26-2019 08:34 PM
01-26-2019 08:48 PM - edited 01-26-2019 08:49 PM
Hi,
Thanks for the detailed information help me refresh my knowledge.
I setup the lab on GNS3 with L2-IOU device, and when I tried to remove VLAN-1 on the allow list, the Spanning-Tree no longer running on that interface. Not sure if it is bug or correct behavior.
On both side:
interface Ethernet0/0
switchport trunk allowed vlan 99
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk
end
----
IOU3#show int trunk
Port Mode Encapsulation Status Native vlan
Et0/0 on 802.1q trunking 99
Port Vlans allowed on trunk
Et0/0 99
Port Vlans allowed and active in management domain
Et0/0 99
Port Vlans in spanning tree forwarding state and not pruned
Et0/0 99
---
IOU3#show spanning-tree vlan 1
(..omitted..)
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/1 Desg FWD 100 128.2 Shr
[the trunk interface not participating in VLAN-1 STP instance]
------
IOU3#show spanning-tree vlan 99
VLAN0099
(..omitted..)
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
[the trunk interface participating in VLAN-99 STP instance]
01-26-2019 08:53 PM
Hi,
I am not sure about GNS3 but let me check on the Switch hardware.
Regards,
Deepak Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide