Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1591
Views
0
Helpful
7
Replies

Operation of switch for access and trunk ports

Go to solution
chandra_rc16
Level 4
Level 4

‎12-19-2013 10:50 AM - edited ‎03-07-2019 05:10 PM

Hi All,

I'm practicing for my CCNA.

I understood that access ports work for only one VLAN whereas trunk ports work for multiple VLANs and switches will read the VLAN tag for the frames on this trunk ports to distinguish them. This is how trunkports/trunking works.

But how the access ports work ? Will they too have/add any VLAN information ?

What type of frame will switches send out on access ports ? Is it normal ethernet frame ?

And also i have a question depending on the below topology.

vlanssss.PNG

On switch0 since Fa0/4 is configured to be in VLAN2.. the switch considers all the Ethernet frames from PC1 on its Fa0/4 port as VLAN2 frames..

So on switch0 since Fa0/2 is configured to be in VLAN2... will the switch0 consider all the frames it receives on that Fa0/2 port as VLAN2 frames ?

Regards,

Chandu

Regards, Chandu
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to chandra_rc16

‎12-19-2013 01:20 PM

Chandu

Correct in what you say but you should never do this on a production network.

Basically you have joined 2 vlans together and that can cause big problems when it comes to STP. You only have 2 switches but production networks have many switches interconnected to each other. STP runs per vlan (PVST+/Rapid PVST+) so by joining them together you can create very unpredicatable and unstable networks.

In addition, it could very well be a secuirty issue because you may not want users in vlan 3 talking to users in vlan 2.

Finally you are using the same IP subnet for 2 different vlans. Again this is rare in production networks and is used only for specific purposes such as transparent firewalls/load balancers etc. Generally speaking the recommendation is to use one IP subnet per vlan. 

Jon

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-19-2013 11:02 AM

Chandu

But how the access ports work ? Will they too have/add any VLAN information ?

What type of frame will switches send out on access ports ? Is it normal ethernet frame ?

Normal ethernet frames, no vlan ID information is added to the frame.

So on switch0 since Fa0/2 is configured to be in VLAN2... will the switch0 consider all the frames it receives on that Fa0/2 port as VLAN2 frames ?

Yes it will.

Jon

0 Helpful

Go to solution
chandra_rc16
Level 4
Level 4
In response to Jon Marshall

‎12-19-2013 12:11 PM

Thans Jon.

But how the switch will understand to which VLAN a frame belongs to... is there any field inside the ethernet frame that indicates about VLAN?

Regards,

Chandu

Regards, Chandu
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to chandra_rc16

‎12-19-2013 12:16 PM

Chandu

It knows because you have allocated the port on which the frame was received into that vlan. The only reason a trunk link has tagged vlans is because the switch would not know which vlan the frame was meant to be in unless there was a vlan ID in the frame header.

Obviously the native vlan on a trunk link is usually an exception to this ie. native vlan frames are not tagged and that is why it is very important to make sure that both ends of the trunk link agree on the native vlan.

Jon

0 Helpful

Go to solution
chandra_rc16
Level 4
Level 4
In response to Jon Marshall

‎12-19-2013 12:45 PM

Thanks again Jon.

So now i made a slight change in my topology. Here is the pic.

I configured the Fa0/2 & Fa0/4 ports on switch1 to be in VLAN3.

Now as per the switch0 whatever the traffic it receives on its Fa0/2 port it will consider at VLAN2 frame, right ?

So if ping PC1(10.0.2.1/24) on switch0 from PC2(10.0.2.2/24) on switch1, it should ping.

As per our previous comments and my  understanding...

Swtich1 will consider the traffic from PC2 as VLAN3 traffic and since it doesn't have PC1's mac it will flood the frame to all the ports on switch1 which are in VLAN3, in our topology the other port in VLAN3 is Fa0/2.. so the frame however reaches fa0/2 and then pass through the link and then it will be received by Fa0/2 port of switch0 and switch0 will consider this frame as VLAN2 frame (since the frame transistion between two switches is only an ethernet frame) and then it will forward the frame to PC1. And this is working fine..

So if two vlans are able to communicate like this, is this not a security problem..

Please don't mind if my question is silly.

Regards,

Chandu

Regards, Chandu
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to chandra_rc16

‎12-19-2013 01:20 PM

Chandu

Correct in what you say but you should never do this on a production network.

Basically you have joined 2 vlans together and that can cause big problems when it comes to STP. You only have 2 switches but production networks have many switches interconnected to each other. STP runs per vlan (PVST+/Rapid PVST+) so by joining them together you can create very unpredicatable and unstable networks.

In addition, it could very well be a secuirty issue because you may not want users in vlan 3 talking to users in vlan 2.

Finally you are using the same IP subnet for 2 different vlans. Again this is rare in production networks and is used only for specific purposes such as transparent firewalls/load balancers etc. Generally speaking the recommendation is to use one IP subnet per vlan. 

Jon

0 Helpful

Go to solution
chandra_rc16
Level 4
Level 4
In response to Jon Marshall

‎12-19-2013 01:30 PM

And finally can i run wireshark in PT. I'm not aware of it.

Please let me know.

REgards,

Chandu

Regards, Chandu
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to chandra_rc16

‎12-19-2013 01:37 PM

Chandu

And finally can i run wireshark in PT. I'm not aware of it.

Please let me know.

Sorry, i don't use PT so i have no idea to be honest. There may be a packet capture utility in the software but i couldn't say.

Perhaps post this query as a separate question.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card