Solved: Router on a stick without trunk

rohan1108 · ‎02-10-2015

Hi Guys

I believe I understand why we need vlan tagging when router uses same MAC address on all subinterfaces as the MAC of its physical interface

So I am just a little confused when it comes down to the need of vlan tagging with Router on a stick under following scenario:

On older codes of IOS, if you create subinterfaces on a router then router would generate separate, unique MACs for each subinterface

In that case if the link bt. L2 switch and this router is untagged then as per my understanding, router should still be able to distinguish between the traffic depending on which MAC the packet was destined to and then handle it Layer 3 accordingly

So if that's true, then do we need trunk bt. L2 sw and Router only if Router uses same MAC across all subinterfaces?

In other words, if router uses unique MACs on all subinterfaces, do we not need trunk bt. switch and router?

Thanks guys!

Peter Paluch · ‎02-11-2015

Hi,

You have a very interesting idea on your mind here :) Unfortunately, it would not work - but the explanation will be slightly more lengthy.

You are suggesting that if IOS generated a unique MAC address for each VLAN subinterface of a routed interface, VLAN tags would not be necessary on the link between the router and the switch because the particular subinterface for which incoming frames are intended would be identified simply by the unique destination MAC address in these frames.

However, this would cause a disparity between the functionality provided and required by a switch and the functionality provided and required by a router. A switch port can operate only as an access port (without VLAN tags, VLAN membership statically determined by its configuration) or a trunk port (with VLAN tags, with VLAN membership determined on a per-frame basis using the VLAN tag in the frame). Your proposed mode of operation on the router requires that destination MAC addresses, not VLAN tags, are used to distinguish the VLAN from which the frame is coming into the router, and that source MAC addresses are used to distinguish the VLAN into which the frames are being forwarded out from the router, and that the frames are otherwise untagged. This is a problem. A switch does not expect nor support distinguishing VLANs based on source or destination MAC addresses. All it would see on its port are frames in a single VLAN (probably the native VLAN) sourced and destined from various MAC addresses. Simply put, to a switch, all frames on such link would belong to a single VLAN, irrespective of their source/destination MAC addresses.

In addition, I doubt that even the old IOSes created unique MAC addresses for VLAN subinterfaces. Are you perhaps confusing this with the way old switches, not routers, worked? Old switches generated unique MAC addresses to make sure that the STP Bridge IDs for different per-VLAN STP instances were unique as well. However, for a router, there is no advantage in generating unique MAC addresses per a VLAN subinterface, quite the contrary: it would require that the NIC controller supported multiple MAC addresses per physical port, a requirement increasing the cost and complexity of the NIC. VLANs are ways of multiplexing a single physical interface, and multiplexing is done above the basic Ethernet connection and principially in software, so it is actually desirable that the subinterfaces over a single physical NIC all have the same MAC address.

Does all of this make sense?

Best regards,
Peter

View solution in original post

Peter Paluch · ‎02-11-2015

Hi,

You have a very interesting idea on your mind here :) Unfortunately, it would not work - but the explanation will be slightly more lengthy.

You are suggesting that if IOS generated a unique MAC address for each VLAN subinterface of a routed interface, VLAN tags would not be necessary on the link between the router and the switch because the particular subinterface for which incoming frames are intended would be identified simply by the unique destination MAC address in these frames.

However, this would cause a disparity between the functionality provided and required by a switch and the functionality provided and required by a router. A switch port can operate only as an access port (without VLAN tags, VLAN membership statically determined by its configuration) or a trunk port (with VLAN tags, with VLAN membership determined on a per-frame basis using the VLAN tag in the frame). Your proposed mode of operation on the router requires that destination MAC addresses, not VLAN tags, are used to distinguish the VLAN from which the frame is coming into the router, and that source MAC addresses are used to distinguish the VLAN into which the frames are being forwarded out from the router, and that the frames are otherwise untagged. This is a problem. A switch does not expect nor support distinguishing VLANs based on source or destination MAC addresses. All it would see on its port are frames in a single VLAN (probably the native VLAN) sourced and destined from various MAC addresses. Simply put, to a switch, all frames on such link would belong to a single VLAN, irrespective of their source/destination MAC addresses.

In addition, I doubt that even the old IOSes created unique MAC addresses for VLAN subinterfaces. Are you perhaps confusing this with the way old switches, not routers, worked? Old switches generated unique MAC addresses to make sure that the STP Bridge IDs for different per-VLAN STP instances were unique as well. However, for a router, there is no advantage in generating unique MAC addresses per a VLAN subinterface, quite the contrary: it would require that the NIC controller supported multiple MAC addresses per physical port, a requirement increasing the cost and complexity of the NIC. VLANs are ways of multiplexing a single physical interface, and multiplexing is done above the basic Ethernet connection and principially in software, so it is actually desirable that the subinterfaces over a single physical NIC all have the same MAC address.

Does all of this make sense?

Best regards,
Peter

rohan1108 · ‎02-11-2015

Thanks a lot Peter!

That makes it a lot clearer. Thank you again for taking out time for such a detailed reply :)