joined an organisation as Network Engineer, and I am trying to solve some issues. One major issue I am confronting I will describe it as follows;The network has two Core switches, Core 1 and Core 2, where Core 1 is the main switch. Core 1 is a Foundry switch. There are two main distribution switches (Cisco), where basically all the other switches connect to. I have some native vlan mismatches on several switches. And there are some sections/hosts on the network, which are unable to ping each other. Some of those issues I solved by creating trunk ports and adding vlans to these ports. What I want to know is; what is the theory behind this ?The vlans are configured on Core 1, there you see the tagged and untagged ports. The connection between Core 1 and the distribution switches are trunk. What is the best way to go through this ? This surely has to do with the fact that some ports are not correctly configured with vlans.Any valuable input is apreciated.Thx a lot.

Hello,

Normally a port is tagged or not is dependent mainly on how many VLANs are on a particular port. The standard for this is based on 802.1Q.The standard states that on any given port you can have one untagged VLAN. This means that you can have one VLAN per port and there is no need to tag the port. Tagging means that the port will send out a packet with a header that has a tag number that matches the VLAN tag number.

When there are more than one VLAN per port the port must differentiate what VLAN each packet is destined to.

So for example if we have 2 VLANs on port 1 VL10 and VL20 and we are sending out a packet on each one. In that case i need to have a way to tell the other side which packet is for which VLAN.

So if the .1Q tag for VL10 is 10 and for VL20 is 20 then the port will insert a header with the right tag number on each packet. The other side needs to be set up the same way and will see that if a packet of 10 comes in it will forward it on VL10.So when a port is tagged it inserts and receives packets with the 802.1Q tag for every packet that has a VLAN on it.

And to eliminate your problem make sure your have right configuration on done at each switch uplinks ports.With your architecture if you want to span the vlan across the switch boundary then we do trunking at uplinks. So considering that access layer or dist. layer are having host and gateway is configured on core layer then you will have trunk configured between access layer/dist layer with core passing all users vlans which are configured at access boundary.

And configure all access port with respective vlans.

Hope it Helps..

-GI

Hello,

This is a cisco example and corresponding foundry example.

Cisco

VLAN 10 [creating  vlan]

Vlan 50

Vlan 100

Vlan 150

interface fa0/1

switchport access vlan 50

interface fa0/2

switchport access vlan 100

interface fa0/24

switchport mode trunk

switchport trunk vlan allowed 50,100,150

switchport trunk native vlan 10

******************************************

foundry

You need to use untag for access-port and tag for trunk port.

Vlan 50

untag fa0/1 (just for example. Use the foundry interface name instead

tag    fa0/24

-

VLAN 100

untag fa0/2

tag Fa/24

-

VLAN 150

Tag fa0/24

-

interface fa0/24

dual-mode vlan 10  [ for native VLAN]

*******************************

Hope it helps

Masoud