Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
2
Replies

Untagged VLAN assistance

Go to solution
@MatthewMiller
Level 1
Level 1

‎03-05-2020 05:12 PM - edited ‎03-05-2020 05:13 PM

Our network has had no real need to use untagged traffic until recently. We have a new piece of equipment coming to our data center and it requires the use of untagged traffic through a trunked port-channel. 

 

This is my understanding of how tagged and untagged traffic is handled by a switch.

 

When an untagged frame enters into an access port, if a VLAN is defined on the port (switchport access vlan 100), it will insert that tag into the header. If there is no VLAN defined, it inserts the native VLAN (VLAN 1) into the header for processing. If a tagged frame enters an access port, it will be dropped if it doesn't match the VLAN configured on the access port. 

 

When an untagged frame enters a trunk port, it gets tagged by the native VLAN of that trunk. If any tagged frames enter a trunk port, only the VLANs configured on the trunk will be allowed, the rest will be dropped.

 

Basically, VLAN tags are applied at ingress of a port for untagged traffic, and VLAN tags are removed at egress of a port for untagged traffic. 

 

I attempted to test this by taking a switch and configuring the ports 1 and 2. 1 is an access port on VLAN 100 and 2 is a trunk port configured with native VLAN 100. 

 

interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport trunk native vlan 100
switchport mode trunk
!

 

I then connected a laptop to each port configured with IP addresses 10.1.1.2/24 and 10.1.1.3/24. When I attempt to ping from one device to the other, the pings fail. 

 

What am I doing wrong? Am I misunderstanding how untagged traffic works? Am I missing something from my configuration?

 

Any assistance would be greatly appreciated. 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-06-2020 12:11 AM

 

Your configuration should work. 

 

Check that your PC NIC supports tagging and also disable firewalls on PCs if they are running.

 

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-06-2020 12:11 AM

 

Your configuration should work. 

 

Check that your PC NIC supports tagging and also disable firewalls on PCs if they are running.

 

Jon

0 Helpful

Go to solution
@MatthewMiller
Level 1
Level 1
In response to Jon Marshall

‎03-06-2020 09:41 AM - edited ‎03-06-2020 09:41 AM

Jon,

In this particular case, I am only testing untagged traffic so a NIC that supports tagging isn't useful at the moment. To test trunked traffic, it will be for sure.

The true solution was the windows firewalls... *sigh*. Since our domain policy sets our firewall settings, I normally don't have to make any changes. In this case, I was testing off domain, which meant windows firewall was on in full. Turned off the firewalls and I can ping.

Thank you for catching my oversight.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card