Solved: Question about native vlan - Page 2

John Blakley · ‎11-13-2008

If I have the following

Host A:

int fa0/1

switc mode access

switch access vlan 2

int fa0/24

switc mode access

swit access vlan 2

Int fa0/24 connects directly with another switch on its fa0/24 and it's configuration is:

int fa0/24

switc mode access

swit access vlan 10

Host B is on:

int fa0/1

switc mode access

swit access vlan 10

If these are on the same subnet, can they ping each other? My initial thought is "NO", but according to a book I was reading they will be able to because the traffic is untagged. Ok, so by default, a workstation traffic is untagged, BUT when you switch that port to an access port, it changes the native vlan to the vlan that it's a member of, in this case Host A's native is 2 and Host B's native is 10.

Am I incorrect?

Thanks!

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎11-13-2008

Istvan

I'm getting a bit confused about this. Both may be configured as access ports but the switch still knows which vlan these access ports are assigned to. So surely internally to the switch it knows this packet must stay with vlan 10.

Because if you argue that access ports receive untagged frames then a switch would surely have to send the frame to all other ports because it can't tie it to a vlan.

Maybe i'm just having a bad day !

Jon

Istvan_Rabai · ‎11-13-2008

Hi Jon,

I meant the following:

Of course switch1 internally knows that the frame is going out of the port on vlan x, because the port is kept track to be part of vlan x.

But the frame is sent out of this port (member of vlan x) to switch2's access port (member of vlan y) in untagged format.

Switch2 will tie this frame to vlan y internally (it's port is kept track to be part of vlan y) and forward it on vlan y, because it will treat this frame as a normal ethernet frame coming from a host connected to this port. (No vlan information on the frame itself).

This is a somewhat dangerous scenario because it can create switching or routing loops in some situations.

Cheers:

Istvan

Jon Marshall · ‎11-13-2008

Istvan

Thanks. Feel a bit embarrassed - last time i do NetPro while under the influence :-).

Jon

Istvan_Rabai · ‎11-13-2008

Hi Jon,

I feel honored to receive this rating, especially that it is from you.

Cheers:

Istvan

Jon Marshall · ‎11-14-2008

Istvan

Comments much appreciated.

Jon

John Blakley · ‎11-14-2008

I just wanted to let everyone know that I had to test this :-)

It worked. The following layout was:

871(fa11)vlan10-2950(fa01)vlan10 --> 2950(fa01)vlan50-2801(fa03)vlan50.

I could ping both ways with no problems. My next question though is:

If there's no concept of the native vlan, why does CDP give a native vlan mismatch on the connecting switchports?

Oh, and I thought frames were sent untagged within the switch, but once they left the switch they needed a tag.

This was a great discussion guys...thank you all!!

--John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎11-14-2008

Hello John,

happy to see it works

>> why does CDP give a native vlan mismatch on the connecting switchports?

simply because the CDP PDU frame contains different information fields including the native vlan/vlan so they can check and complain about this

Hope to help

Giuseppe

John Blakley · ‎11-14-2008

Jon, Giuseppe, and Istvan,

You guys are awesome! Thank you for clearing this up for me!

--John

HTH, John *** Please rate all useful posts ***

John Blakley · ‎11-14-2008

Istvan,

So in other theory, since switch 1's host is in vlan 2 and connected to switch 2 on vlan 10, theoretically if I have a host in vlan 100 on switch 2 on the same subnet as on switch 1, I WON'T be able to see it because that traffic will stay in vlan 10?

Thanks for all of your responses!

John

HTH, John *** Please rate all useful posts ***

Istvan_Rabai · ‎11-15-2008

Hi John,

I wouldn't want to dive into the complexities of such a scenario.

It may be an interesting thing to play with such a configuration and you can of course try it in your lab.

In practical life, however, such configurations aren't viable and they are out of the design recommendations of Cisco.

So for practical life I would prefer to stay as simple as possible.

Cheers:

Istvan

Jon Marshall · ‎11-13-2008

Giuseppe

Sorry, same question as i asked Istvan as i'm getting a bit confused.

If a packet coming in on an access port is not tagged then how does the concept of vlans work at all because a packet coming in on an access port would have to be sent to all ports if the switch doesn't know which vlan it is in ?

I thought the switch internally kept a record of which vlan a port was in.

Jon

Jon Marshall · ‎11-13-2008

Giuseppe

Please ignore :-)

Jon

Mohamed Sobair · ‎11-15-2008

Hi Guys,

I just have one comment to add:

as Jon mentioned,(access ports) have the concept of tagging, the frames are tagged at the egress port of the Switch , so internally the Switch knows which ports are part of which Vlans.

The frames are sent untagged at the ingress port of the Switch.

Native Vlans, are vlans sent untagged across 802.1Q trunks Only and not ISL.

HTH

Mohamed