Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
22411
Views
10
Helpful
8
Replies

Tagging native VLAN 1

Go to solution
Vladimir Bednikov
Level 1
Level 1

‎06-20-2016 11:47 PM - edited ‎03-08-2019 06:17 AM

I have a question with regards to tagging of VLAN 1. I have a switch configuration which unfortunately has to use VLAN1. It is one of two VLANs that must be trunked to a router. The Switch is a C3750X and the router is a 2951. There is another 2951 router connected to the first router.

R1 has config:

interface gi 0/3/0.1
 ip address 172.10.8.1 255.255.255.0
 encapsulation dot1q 1 native

interface gi 0/3/0.30
 ip address 192.168.8.1 255.255.255.0
 encapsulation dot1q 30

interface gi 0/2
 ip address 10.10.8.1

ip route 172.10.1.0 255.255.255.0 10.10.8.2
ip route 192.168.1.0 255.255.255.0 10.10.8.2

R2 has config:

interface gi 0/2
 ip address 10.10.8.2

interface gi 0/2/0
 ip address 172.10.1.1 255.255.255.0

interface gi 0/3/0
 ip address 192.168.1.1 255.255.255.0

ip route 172.10.8.0 255.255.255.0 10.10.8.1
ip route 192.168.8.0 255.255.255.0 10.10.8.1

R1 and R2 are connected via their Gi 0/2 interfaces.

Switch has config:

interface GigabitEthernet1/0/1
 description Trunk for vlan1 and vlan30
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 1,30
 duplex auto
 speed auto
 no cdp enable

interface GigabitEthernet1/0/2
 switchport access vlan 1

interface GigabitEthernet1/0/3
 switchport access vlan 30

interface vlan1
 description Management Ethernet
 no ip address

interface vlan30
 description General Ethernet
 no ip address

vlan dot1q tag native

sdf

See attached image for layout.

Now, If I use VLAN 10 instead of VLAN 1 then everything works. However, using VLAN 1, even though it is tagged, a PC connected to Gi 1/0/2 of the Switch cannot ping the IP of Gi 0/3/0.1 of R1, nor can it ping the IP of Gi 0/2/0 or R2 or a PC connected to it. However, a PC connected to Gi 1/0/3 of the Switch can ping the IP of Gi 0/3/0.30 of R1, as well as the IP of Gi 0/3/0 or R2 and a PC connected to it.

So, the question is, is there a way to make the native VLAN 1 work in this situation?

Note that the tagging of the native VLAN 1 on the switch works as I have tested it with a laptop connected to it with two virtual switches created. Setting one to VLAN 1 and the other to VLAN 30 and both work.


TIA,

Vlad

Labels:
Preview file
13 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-21-2016 03:02 AM

Hi Vlad,

I believe that the problem in connectivity is caused by the fact that the router sends all packets in VLAN1 in untagged frames, and because the switch is using vlan dot1q tag native, it drops all untagged frames received over trunks.

The solution should be really simple - to tell R1 that VLAN1 is not a native VLAN and thus has to be tagged. On IOS routers, this is done in a somewhat indirect way: You create a new subinterface and configure it with encapsulation dot1q vlan-id native command where the vlan-id is a VLAN number that you are not using at all. For example:

interface gi0/3/0.1002
 encapsulation dot1q 1002 native

I have intentionally chosen VLAN 1002 here because on Catalysts, VLANs 1002 through 1005 are internally reserved for backward compatibility with some very old VLAN implementations for FDDI and Token Ring, and cannot really be created or used. With this trick, your router will stop treating VLAN 1 as a native VLAN automatically (as you cannot have two native VLANs), and will begin tagging packets in VLAN 1.

Would you mind trying this out?

Best regards,
Peter

View solution in original post

Go to solution
Muhammad Uzair
Level 1
Level 1

‎06-21-2016 07:24 AM

Hi, either remove native command from router sub interface so that it will send packets tagged with dot1q vlan ID 1 or remove "vlan dot1q tag native" from the switch, a more simpler configuration would have been you shouldn't have to create the sub interface, you can use the main interface of R1 as an untagged interface.

Hope that help.

Kindest regards,

Uzair



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-21-2016 03:02 AM

Hi Vlad,

I believe that the problem in connectivity is caused by the fact that the router sends all packets in VLAN1 in untagged frames, and because the switch is using vlan dot1q tag native, it drops all untagged frames received over trunks.

The solution should be really simple - to tell R1 that VLAN1 is not a native VLAN and thus has to be tagged. On IOS routers, this is done in a somewhat indirect way: You create a new subinterface and configure it with encapsulation dot1q vlan-id native command where the vlan-id is a VLAN number that you are not using at all. For example:

interface gi0/3/0.1002
 encapsulation dot1q 1002 native

I have intentionally chosen VLAN 1002 here because on Catalysts, VLANs 1002 through 1005 are internally reserved for backward compatibility with some very old VLAN implementations for FDDI and Token Ring, and cannot really be created or used. With this trick, your router will stop treating VLAN 1 as a native VLAN automatically (as you cannot have two native VLANs), and will begin tagging packets in VLAN 1.

Would you mind trying this out?

Best regards,
Peter

Go to solution
Vladimir Bednikov
Level 1
Level 1
In response to Peter Paluch

‎06-21-2016 03:49 AM

Hi Peter, I will try that tomorrow. Thanks. Interestingly, we have an older 2811 with 16 port switch module which was able to be configured the same way as a switch using switchport and specifying that vlan1 needs to be tagged. Not so the 2951 with the EHWC cards where we had to use sub interfaces to specify vlans.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Vladimir Bednikov

‎06-21-2016 04:57 AM

Vladimir,

Yes, the configuration of these two routers would indeed be different - but not because of the platform type but rather because of the fundamental difference between the ports you were using.

Switched ports are configured in a different way than routed ports. The 2811 with the 16-port switching module was configured in a way very similar to classic multilayer switches - configuring per-port access VLANs, trunk ports, native VLANs on trunk ports, then creating interface Vlan etc. However, the built-in ports in a 2951, and even in the 2811 routers, are routed ports. They do not behave as switchports, they do not have access/trunk port modes, and consequently, they do not have a concept of a trunk native VLAN - because they're not trunks at all.

Best regards,
Peter

0 Helpful

Go to solution
Muhammad Uzair
Level 1
Level 1

‎06-21-2016 07:24 AM

Hi, either remove native command from router sub interface so that it will send packets tagged with dot1q vlan ID 1 or remove "vlan dot1q tag native" from the switch, a more simpler configuration would have been you shouldn't have to create the sub interface, you can use the main interface of R1 as an untagged interface.

Hope that help.

Kindest regards,

Uzair



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Muhammad Uzair

‎06-21-2016 04:54 PM

Hello Uzair,

Thanks for joining in!

either remove native command from router sub interface so that it will send packets tagged with dot1q vlan ID 1

Unfortunately, this would not work. Cisco routers know that by default, VLAN 1 is treated as a native VLAN by Catalyst switches, so whenever you configure encapsulation dot1q 1 on a subinterface, the router will add the native keyword automatically, and there is no direct way of telling the router to not to do that. The only workaround I know of is the one I have mentioned - declare a different, possibly unused VLAN as the native VLAN on a different subinterface. This will make the router to automatically remove the native keyword from any other subinterface of the same physical interface.

or remove "vlan dot1q tag native"

This would work but it is possible that Vladimir's company has a policy to have all VLANs tagged on trunks. Implementing this change may require further analysis.

Best regards,
Peter

0 Helpful

Go to solution
Vladimir Bednikov
Level 1
Level 1
In response to Peter Paluch

‎06-21-2016 06:48 PM

Yes, on the router, vlan1 is automatically made native even if I don't specify the native keyword.

Both solutions work but as I cannot change the tagging of vlan1 so I will create a dummy native vlan on R1.

Thanks guys. Question is, how to I mark both posts as correct?

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Vladimir Bednikov

‎06-22-2016 06:50 AM

Vladimir,

Thanks guys. Question is, how to I mark both posts as correct?

Each of our answers should contain a "Correct Answer" button. By clicking on it, you will designate the particular answer as being correct. You can indicate multiple answers as being correct.

Best regards,
Peter

0 Helpful

Go to solution
Muhammad Uzair
Level 1
Level 1
In response to Peter Paluch

‎06-22-2016 07:36 AM

Hi peter, you are right

"the router will add the native keyword automatically"

that was my point that no need to mention "native" in sub interface, it could miss-match/conflict the config, however as his issue has been solved that was the main point :)

Kindest regards,

Uzair 



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
0 Helpful
Customers Also Viewed These Support Documents