cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2347
Views
5
Helpful
10
Replies

Native VLAN question --confusing scenario

Colin Higgins
Level 2
Level 2

Trying to figure out what traffic would be tagged in this scenario.

 

Let's say I have two switches trunked together with the native VLAN as 99. I also have some other VLANs configured (10,11)

 

SW1 802.1q trunk running PVST+

SW2 802.1Q trunk running PVST+

 

switchport trunk encap dot1q

switchport mode trunk

switchport trunk native vlan 99

 

now if I keep things this way, I assume the behavior would be as follows:

 

VLAN1 STP BPDUs are sent tagged as VLAN1 to PVST+ MAC 01:00:0C:CC:CC:CD

VLAN1 STP BPDUs are also sent to the STP MAC untagged

VLANs 10-20 are sent to the PVST+ MAC tagged

 

but now, I want to issue the command

 

switchport trunk allowed vlan 10,11,99

 

NOW what happens to VLAN1? Does the above change? If so, how?

 

 

1 Accepted Solution

Accepted Solutions

Hi,

In the case of spanning three VLAN, 1 is treated differently. If you are aware of the VTP pruning, you can't do it on VLAN 1 because as per standard many other protocols are depended on the VLAN 1. 

 

In short, if the native VLAN is VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent untagged
  • Other VLAN's PVST+ BPDUs are sent tagged with their appropriate VLAN

If the native VLAN is different from VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent tagged with VLAN1
  • Other VLAN's PVST+ BPDUs are sent tagged accordingly (the one for the native VLAN will be untagged) 

In an easy word, the standard STP BPDU is always derived from VLAN1 and is always sent untagged. The PVST+ BPDUs are derived from their appropriate VLANs and are tagged according to the native VLAN on the trunk.

 

For more details visit below link:

 

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24063-pvid-inconsistency-24063.html#topic1

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

10 Replies 10

ngkin2010
Level 7
Level 7

that answers some of this, but I am still wondering about how a 

 

switchport trunk allowed vlan 

 

command that excludes VLAN1 will affect this situation

Hi,

No there will no effect on the BPDU.

Here is the test lab:

 

 

 

Switch#

Switch#show inter trunk

Port Mode Encapsulation Status Native vlan

Gig1/0/24 on 802.1q trunking 3

 

Port Vlans allowed on trunk

Gig1/0/24 2-3

 

Port Vlans allowed and active in management domain

Gig1/0/24 2,3

 

Port Vlans in spanning tree forwarding state and not pruned

Gig1/0/24 2,3

 

 

Switch#

 

Switch#sho spanning-tree active

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 4097

Address 0050.0F06.8D18

Cost 4

Port 24(GigabitEthernet1/0/24)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0090.217B.80B9

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

 

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/24 Root FWD 4 128.24 P2p

 

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 4098

Address 0050.0F06.8D18

Cost 4

Port 24(GigabitEthernet1/0/24)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 0090.217B.80B9

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

 

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/24 Root FWD 4 128.24 P2p

 

VLAN0003

Spanning tree enabled protocol ieee

Root ID Priority 4099

Address 0050.0F06.8D18

Cost 4

Port 24(GigabitEthernet1/0/24)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)

Address 0090.217B.80B9

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

 

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/24 Root FWD 4 128.24 P2p

 

Switch#

 

I didn't allow the VLAN 1 on the Trunk port as you can see the port configuration but still, now VLAN 1 is getting BPDU from the Root switch.

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi,

Yep, It's because the PVST+ generated BPDU message has the VLAN ID in the TLV (Type-Length-Value) field, which should be the last value of TLV. You may find that the value is equal to the VLAN ID of that VLAN from Wireshark.

so I think what it is doing is this:

VLAN1 BPDUs are loaded into the tagged native VLAN (which is something else, like 99) UNTAGGED

but:

if we explicitly disallow VLAN1 on the trunk, VLAN1 BPDUs are NOT sent to the PVST+ MAC tagged.

So the only place we are going to see the untagged vlan1 frames are within VLAN 99

is that correct?

Hi Deepak kumar,

I am trying to build a lab with PVST, and come to a very basic question that I have missed..

If Gig 1/0/24 does not allow VLAN-1 on both side, how come the Gig 1/0/24 is participating in VLAN-1 spanning tree instance?

====

So, I was trying to make the native VLAN on trunk interface mismatch on both side, for example:

SW1 (native-vlan-1) -------- (native-vlan-99) SW2

Would the untagged VLAN-1 BPDU generated from SW1 affect the election on VLAN-99 STP instance on SW2?

The answer is no, because of the TVL field in BPDU message contains the VLAN-ID.

-----

So, come back to case, given that both side have the same native VLAN setting, and VLAN-1 is not allowed over the trunk. VLAN-1 should not be loaded into native VLAN, and the trunk interface should not participating in VLAN-1 spanning tree instance.

Hi,

In the case of spanning three VLAN, 1 is treated differently. If you are aware of the VTP pruning, you can't do it on VLAN 1 because as per standard many other protocols are depended on the VLAN 1. 

 

In short, if the native VLAN is VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent untagged
  • Other VLAN's PVST+ BPDUs are sent tagged with their appropriate VLAN

If the native VLAN is different from VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent tagged with VLAN1
  • Other VLAN's PVST+ BPDUs are sent tagged accordingly (the one for the native VLAN will be untagged) 

In an easy word, the standard STP BPDU is always derived from VLAN1 and is always sent untagged. The PVST+ BPDUs are derived from their appropriate VLANs and are tagged according to the native VLAN on the trunk.

 

For more details visit below link:

 

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24063-pvid-inconsistency-24063.html#topic1

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

http://ieoc.com/forums/p/16628/139511.aspx

"To reduce the risk of STP loops or storms, you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port the, interface continues to send and receive management traffic, for example, CDP, PAgP, LACP and VTP in VLAN 1."

"Technically we can't remove VLAN 1 from the vlan allowed list on the interface and what it is known is a vlan 1 minimization, it means you can't have data traffic (normal user traffic) in VLAN 1 going across the link but you can have basic layer 2 traffic (CDP, STP etc)."

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi,

Thanks for the detailed information help me refresh my knowledge.

I setup the lab on GNS3 with L2-IOU device, and when I tried to remove VLAN-1 on the allow list, the Spanning-Tree no longer running on that interface. Not sure if it is bug or correct behavior.


Untitled.png
On both side:

interface Ethernet0/0
switchport trunk allowed vlan 99
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk
end

----

IOU3#show int trunk

Port Mode Encapsulation Status Native vlan
Et0/0 on 802.1q trunking 99

Port Vlans allowed on trunk
Et0/0 99

Port Vlans allowed and active in management domain
Et0/0 99

Port Vlans in spanning tree forwarding state and not pruned
Et0/0 99


---

IOU3#show spanning-tree vlan 1

(..omitted..)

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/1 Desg FWD 100 128.2 Shr
[the trunk interface not participating in VLAN-1 STP instance]

------

IOU3#show spanning-tree vlan 99

VLAN0099

(..omitted..)

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
[the trunk interface participating in VLAN-99 STP instance]

Hi,

I am not sure about GNS3 but let me check on the Switch hardware.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Review Cisco Networking for a $25 gift card