Solved: Questions on Native Vlan

BL00DFL00D · ‎11-19-2012

Im still having problems grasping this topic. I get the jist of it in theoretical use as we use it to send untagged frames across a trunked link. My question I guess would be how is it relevant in today's networks? Why are we sending these frames untagged across the trunk? what typical devices have you seen problems with 802.1q tagging? would we seperate this and build or enable a seperate vlan i.e. vlan 999? Im just trying to find justification of using this command to set a native vlan or just leave all my frames tagged on my trunks.what would be practical application of this in the working environment?

John Blakley · ‎11-19-2012

Kenneth,

On a trunk port, there is only one untagged, native vlan. For example, if I have switch A and switch B interconnected with 3 vlans (10 (native), 20, and 30), the native vlan has to match on switch A and switch B. This means that 10 is the native on both sides. If I put a host on an access port for vlan 10, then switch A transmits that untagged. Switch B will know that it belongs to vlan 10 because it's received an untagged frame.

On L3 switches, you can have a l2 vlan only or a l2 vlan with a l3 interface attached to it. In the example above, let's say that we have 3 SVIs on switch B:

int vlan 10

ip address 10.10.10.1 255.255.255.0

int vlan 20

ip address 10.10.20.1 255.255.255.0

ip helper-address 10.10.10.50

int vlan 30

ip address 10.10.30.1 255.255.255.0

ip helper-address 10.10.10.50

When the host on switch A boots, it will send a request for dhcp. Being that this is broadcasted, it will hit the switch, the switch will put it on vlan 10, and being that switch B sees the traffic (broadcast) come in on vlan 10, the host will stay within the vlan 10 network.

Suppose I have on switch A a host on an access port for vlan 30. The same process of broadcasting, etc, happens, but because the switchport is configured for an access port on a tagged vlan, the traffic will be tagged as that vlan outbound toward switch B (because vlan 30 isn't the native). So, because the broadcast hits the 10.10.30.0 network, it gets to the svi (int vlan 30). The svi is configured to convert all udp broadcasts (dhcp in this case) to unicast and send directly to your dhcp server located at 10.10.10.50. The dhcp server would have a scope for 10.10.10.0, 10.10.20.0, and 10.10.30.0 and will know what subnet to assign an address from based on the requested vlan (vlan 30 - 10.10.30.0).

As far as vlans, I have my vlans configured for the subnet that I want to support. For example, if I had 192.168.100.0, 192.168.200.0, and 192.168.300.0, my vlans would be 100, 200, and 300 respectively. I have phones and Dell switches, so I have to configure trunks for all my ports. The standard configuration for that is to trunk the port and make the native across all ports vlan 100 and make the tagged port vlan 10. The phone runs on 10 and the workstations are on 100.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎11-19-2012

Kenneth,

Most workstations today will not tag their traffic. In general, certain server NICs also don't tag traffic, so all of this traffic would be on the native vlan. In some situations, you can set the default vlan on certain models of NICs, but it's a pain to do this on every workstation.

On the floors in my building, they're built out in vlans. Each floor has its own vlan, but the native vlan is dependant on floor. This native vlan is transparent to the user, but I can force which L3 vlan interface the traffic gets. For example, if I have vlan 10 as the native on floor 10, on the core switch I'd also have vlan 10. I'd also have a L3 vlan 10 svi (switched virtual interface) that would have an ip address of 10.10.10.1. The users on the 10th floor, since vlan 10 is the native, will automatically get an address in vlan 10 of 10.10.10.x and their gateway is 10.10.10.1.

IP phones can tag traffic. I have Avaya phones that are on vlan 100 and the PC connects to the phone. Because the phone tags the traffic at vlan 100 and the pc doesn't tag anything, the phone would get an address for whatever corresponds with vlan 100 and the pc will still get an address in vlan 10.

HTH,

John

*** Please rate all useful posts ****

HTH, John *** Please rate all useful posts ***

BL00DFL00D · ‎11-19-2012

John:

Thank you soo much for showing a practical application of this! So when traffic enters the native vlan in your instance would the packets receive a tag of vlan 10 or no tag at all? and are you also implementing seperate native vlans on each floor as well?

So let me get this straight:

int vlan 10

ip add 10.10.10.1

when a packet traverses this native vlan it will tag it vlan 10 and assign it a 10.10.10.x address

How would the packet receieve a 10.10.10.x address?

John Blakley · ‎11-19-2012

Kenneth,

On a trunk port, there is only one untagged, native vlan. For example, if I have switch A and switch B interconnected with 3 vlans (10 (native), 20, and 30), the native vlan has to match on switch A and switch B. This means that 10 is the native on both sides. If I put a host on an access port for vlan 10, then switch A transmits that untagged. Switch B will know that it belongs to vlan 10 because it's received an untagged frame.

On L3 switches, you can have a l2 vlan only or a l2 vlan with a l3 interface attached to it. In the example above, let's say that we have 3 SVIs on switch B:

int vlan 10

ip address 10.10.10.1 255.255.255.0

int vlan 20

ip address 10.10.20.1 255.255.255.0

ip helper-address 10.10.10.50

int vlan 30

ip address 10.10.30.1 255.255.255.0

ip helper-address 10.10.10.50

When the host on switch A boots, it will send a request for dhcp. Being that this is broadcasted, it will hit the switch, the switch will put it on vlan 10, and being that switch B sees the traffic (broadcast) come in on vlan 10, the host will stay within the vlan 10 network.

Suppose I have on switch A a host on an access port for vlan 30. The same process of broadcasting, etc, happens, but because the switchport is configured for an access port on a tagged vlan, the traffic will be tagged as that vlan outbound toward switch B (because vlan 30 isn't the native). So, because the broadcast hits the 10.10.30.0 network, it gets to the svi (int vlan 30). The svi is configured to convert all udp broadcasts (dhcp in this case) to unicast and send directly to your dhcp server located at 10.10.10.50. The dhcp server would have a scope for 10.10.10.0, 10.10.20.0, and 10.10.30.0 and will know what subnet to assign an address from based on the requested vlan (vlan 30 - 10.10.30.0).

As far as vlans, I have my vlans configured for the subnet that I want to support. For example, if I had 192.168.100.0, 192.168.200.0, and 192.168.300.0, my vlans would be 100, 200, and 300 respectively. I have phones and Dell switches, so I have to configure trunks for all my ports. The standard configuration for that is to trunk the port and make the native across all ports vlan 100 and make the tagged port vlan 10. The phone runs on 10 and the workstations are on 100.

HTH,

John

HTH, John *** Please rate all useful posts ***