Solved: Re: tagged or untagged frames

ITexpert · ‎09-10-2018

I have few questions:

when we put this command, dot1q tag native which results in the drop of untagged frames.

If we put all the ports in diff vlans where should untagg frames will arrive.

Thanks

Richard Burts · ‎09-11-2018

I think that Paul has responded well and would like to approach this question from a slightly different perspective.

As several responses have pointed out the Native VLAN only makes sense in the context of dot1Q trunking. Normally the native vlan frames are not tagged but there is an option to have the switch tag all frames - including all frames that it sends on the native vlan. I believe that the original poster is asking that if all frames on the switch are tagged then where do untagged frames come from. And the answer to this is that untagged frames might be sent to the switch on a trunk port from a neighbor that is not configured to tag all frames, so frames from the neighbor in the native vlan would arrive as untagged - and the switch we are looking at would discard these frames.

HTH

Rick

HTH

Rick

View solution in original post

paul driver · ‎09-11-2018

Hello

First of all the switch as a whole isn’t tied to the native vlan the trunks are.

In fact you can have different native vlans between each trunk interconnects!

@ITexpert wrote:
So this means, If I untag native vlan on whole internal network then nothing will be dropped because one switch will tag and another switch will also forward because of same trunk native tag. Is this correct ? - Correct but per trunk not switch

Also If I create new vlan and then mark that vlan native on all trunk interfaces and then tag default vlan on all interfaces, Does this works good ? - correct

Also because by default your native /mgt vlan is vlan 1 you could if you wished not use vlan 1 whatsoever for anything not even on any access ports And Specify another vlan as you mgt

Then create multiple new vlans which again will all be unused by any access port but additionally you could suspend and shut these all down but still use them on your trunks as native even when they are pruned from traverseing the trunk

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Richard Burts · ‎09-12-2018

There were a couple of follow up questions.

- "So this means, If I untag native vlan on whole internal network then nothing will be dropped"

Yes, assuming correct configuration of the switches, if you untag the native vlan on the whole internal network then all switches will operate on the assumption that the native vlan is untagged and so no frames will be received on the native vlan with tags, and so no frames would be dropped. Focusing on the latter part of the question about nothing will be dropped makes me think of an unusual situation which could exist and which could result in frames being dropped. Think of a situation with two switches. Both switches have three vlans in addition to the default vlan 1, vlans 10, 20, and 30. These switches are configured following the advice that you do not use vlan 1 for data. So there is basically not anything on vlan 1 and all devices are on vlans 10, 20, and 30. Switch 1 and switch 2 are connected by a trunk which is configured to carry vlans 10, 20, and 30. Switch 1 is configured to use vlan 10 as the native vlan. Switch 2 is configured to use vlans 20 as the native vlan. So switch 1 will send frames in vlan 10 with no tag and frames in vlan 20 with tags. Switch 2 will receive frames on vlan 20 that have tags. But switch 2 has vlan 20 as native vlan and is expecting no tags on that vlan. So when it receives frames in vlan 20 with tags it will discard them.

- "Also If I create new vlan and then mark that vlan native on all trunk interfaces and then tag default vlan on all interfaces, Does this works good ?"

Yes if a new vlan is created on all switches and all switches are configured to use this new vlan as native and then if all switches are configured to tag the native vlan then that should work good.

In these questions it is not so important whether tagging for the native vlan is enabled or is disabled. What is important is that all switches in the network be configured in a consistent way. All switches should be configured to treat the same vlan as the native vlan and all switches should tag the native vlan or all switches should not tag the native vlan. Where we get into trouble is when the switch configuration is not consistent. If some switches use one vlan as native while other switches use a different vlan as native or some switches do tag the native vlan while other switches do not tag the native vlan those are the situations where there are problems.

HTH

Rick

HTH

Rick

View solution in original post

balaji.bandi · ‎09-10-2018

Native VLAN is relevant only when there is 802.1q trunking between switches or a switch and a router ( in case of router on stick). Native VLAN has no significance when ISL trunking is used OR all vlans are tagged.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

omz · ‎09-10-2018

vlan dot1q tag native means that every untagged ingress frame is dropped, even if it matches the configured native VLAN.

switchport trunk native vlan 900

"If we put all the ports in diff vlans where should untagg frames will arrive."

There will be no untagged frames because all ports will be tagging.

paul driver · ‎09-10-2018

Hello

This is a global command, so basically your tagging the native vlan.

As stated vlan tagging is only applicable on dot1q trunks not access ports, When enabling this, you should make sure it also enabled on other switches in your network also.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ITexpert · ‎09-11-2018

Hello Paul,

dot1q trunking is already configured , my question is that does tagging native vlan will drop untagg traffic ?

If yes what does untagg traffic means , which traffic is that.

Right now every port is part of some vlan, according to my info trunk ports tag the vlans. So how, it will drop the traffic.

paul driver · ‎09-11-2018

Hello

First of all I like to say -I hope do this the justice it deserves if not i am sure others will kindly let me know it quite hard to put into simplistic terms

@ITexpert wrote:

Hello Paul,

dot1q trunking is already configured , my question is that does tagging native vlan will drop untagg traffic ? -YES/NO
Yes - if you have tagged even the native vlan on one switch trunk and not the other end of the trunk.

No - for control traffic, such as dtp,vtp,cdp..etc .These are assigned to vlan 1 but it doesn't matter for them if that vlan is tagged or not this kind of traffic will be allowed to cross a trunk regardless tagging the native vlan or not or even changing it.

If yes what does untagg traffic means , which traffic is that. - simplest form any frame originating on a native vlan port, that frame will not be tagged a vlan id

Right now every port is part of some vlan, according to my info trunk ports tag the vlans. So how, it will drop the traffic.

Say you have now tagged the default vlan 1, a frame from this vlan will now be tagged on to the trunk but when it arrives on the far side of that trunk vlan 1 is untagged so the interface it isnt expecting to see any tag for vlan 1 so it will be dropped.

Now on the flip side to this, say you have a untagged vlan of 20 on one switch and untagged vlan1 on the other, now if a frame from vlan 20 from one switch is sent over a trunk to that other switch, the untagged frame from vlan 20 will be sent to vlan 1 as they are both untagged vlans.

..

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎09-11-2018

I think that Paul has responded well and would like to approach this question from a slightly different perspective.

As several responses have pointed out the Native VLAN only makes sense in the context of dot1Q trunking. Normally the native vlan frames are not tagged but there is an option to have the switch tag all frames - including all frames that it sends on the native vlan. I believe that the original poster is asking that if all frames on the switch are tagged then where do untagged frames come from. And the answer to this is that untagged frames might be sent to the switch on a trunk port from a neighbor that is not configured to tag all frames, so frames from the neighbor in the native vlan would arrive as untagged - and the switch we are looking at would discard these frames.

HTH

Rick

HTH

Rick

balaji.bandi · ‎09-11-2018

@paul and @rick - Make sense for me.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ITexpert · ‎09-11-2018

@Richard Burts @paul driver @balaji.bandi

So this means, If I untag native vlan on whole internal network then nothing will be dropped because one switch will tag and another switch will also forward because of same trunk native tag. Is this correct ?

Also If I create new vlan and then mark that vlan native on all trunk interfaces and then tag default vlan on all interfaces, Does this works good ?

Thanks alot Guys , you save me alot of browsing hours..:)

paul driver · ‎09-11-2018

Hello

First of all the switch as a whole isn’t tied to the native vlan the trunks are.

In fact you can have different native vlans between each trunk interconnects!

@ITexpert wrote:
So this means, If I untag native vlan on whole internal network then nothing will be dropped because one switch will tag and another switch will also forward because of same trunk native tag. Is this correct ? - Correct but per trunk not switch

Also If I create new vlan and then mark that vlan native on all trunk interfaces and then tag default vlan on all interfaces, Does this works good ? - correct

Also because by default your native /mgt vlan is vlan 1 you could if you wished not use vlan 1 whatsoever for anything not even on any access ports And Specify another vlan as you mgt

Then create multiple new vlans which again will all be unused by any access port but additionally you could suspend and shut these all down but still use them on your trunks as native even when they are pruned from traverseing the trunk

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎09-12-2018

There were a couple of follow up questions.

- "So this means, If I untag native vlan on whole internal network then nothing will be dropped"

Yes, assuming correct configuration of the switches, if you untag the native vlan on the whole internal network then all switches will operate on the assumption that the native vlan is untagged and so no frames will be received on the native vlan with tags, and so no frames would be dropped. Focusing on the latter part of the question about nothing will be dropped makes me think of an unusual situation which could exist and which could result in frames being dropped. Think of a situation with two switches. Both switches have three vlans in addition to the default vlan 1, vlans 10, 20, and 30. These switches are configured following the advice that you do not use vlan 1 for data. So there is basically not anything on vlan 1 and all devices are on vlans 10, 20, and 30. Switch 1 and switch 2 are connected by a trunk which is configured to carry vlans 10, 20, and 30. Switch 1 is configured to use vlan 10 as the native vlan. Switch 2 is configured to use vlans 20 as the native vlan. So switch 1 will send frames in vlan 10 with no tag and frames in vlan 20 with tags. Switch 2 will receive frames on vlan 20 that have tags. But switch 2 has vlan 20 as native vlan and is expecting no tags on that vlan. So when it receives frames in vlan 20 with tags it will discard them.

- "Also If I create new vlan and then mark that vlan native on all trunk interfaces and then tag default vlan on all interfaces, Does this works good ?"

Yes if a new vlan is created on all switches and all switches are configured to use this new vlan as native and then if all switches are configured to tag the native vlan then that should work good.

In these questions it is not so important whether tagging for the native vlan is enabled or is disabled. What is important is that all switches in the network be configured in a consistent way. All switches should be configured to treat the same vlan as the native vlan and all switches should tag the native vlan or all switches should not tag the native vlan. Where we get into trouble is when the switch configuration is not consistent. If some switches use one vlan as native while other switches use a different vlan as native or some switches do tag the native vlan while other switches do not tag the native vlan those are the situations where there are problems.

HTH

Rick

HTH

Rick