cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1654
Views
0
Helpful
9
Replies

Vlan question now

iamtheone12345
Level 1
Level 1

Hi Guys,

I have 3 swicthes connected each with vlans 10,20,30 conncted to a router on stick which has proper subinterfaces for inter vlan routing.

the toplogy is something like this : swicth1------switch2------switch3------->router on stick

All the trunk ports have been properly configured.

Now i have 3 PC's in 3 differnt subnets (corresponding to each of the 3 vlans) connected to the 3 switches so that i can test the inter vlan routing.

It works fine.

My question is,What if i delete vlan 10,20 and 30 from the swicth2 (the switch in the middle of 2 swicthes).Will it forward vlan traffic for a PC say in vlan 10

connected to switch1to a PC in vlan10 connected to the swicth3 ?

Will switch2 forward traffic for a vlan which it doesnot have ?

regards,

Arjun Das

9 Replies 9

nkarpysh
Cisco Employee
Cisco Employee

Hello,

No it wont. Packets from switch 1 will be tagged on trunk to switch 2 with particular VLAN number. Switch 2 needs to have thos VLANs configured to be able to understand the tag values of the packets coming on trunk from switch1 and also to send to all other port in VLAN10. Without those VLANs configured that traffic would be dropped.

Nik.

HTH,
Niko

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Arjun,

modern switches do not forward frames with a vlan-id tag that refers to a vlan not defined in their local database.

This is part of defense against L2 security attacks like vlan hopping and so on.

So the action of removing vlans on the switch 2 in the middle defeats inter vlan routing with hosts connected to switch1 that are limited to same IP subnet connectivity no intervlan routing is possible for them as it was performed by going  through switch2.

Hosts connected to switch3 are not affected. But the overall connectivity it is.

Hope to help

Giuseppe

I agree with everyone else. If you take off the vlans on the middle switch, it will not have it in its vlan database and therefore will be unable to forward the L2 frame going to its default gateway on the switch for intervlan routing and or not able to get to anyone on its local network going from 1 to 3 or 3 to 1. Please correct me if I"m wrong Larosa.

Well i would have thought so.

But in my packet tracer lab it seems to be working.

I mean the switch in the middle is forwarding traffic for vlan 10 and 20 and native vlan even though it itself doesnt have

any of those vlans.

When i deleted those vlans 10,20  from the swicth in the middle ,i also deleted the vlan.dat file from the swicth and reloaded the switch to make sure that the vlans are deleted.I also made the swicth in the middle work in vtp transparent

mode so that it doesnot learn the vlans passed in VTP updates by swicth1.

But logically thinking.....the switch has trunk links on either side  (one side switch1 and the other side switch 3).Isnt

that the reason the trunk links are meant for ?

So it should be passing the vlan 10 and vlan 20 traffic even though it doesnt have those vlan right ???By the way the swicth3 and router on stick link is also a trunk link.

If anybody wants the PT file i can attach it.

Just to make sure everybody understands what i am doing is:A PC in vlan 10 connected to swicth1 is trying to ping a PC in vlan 10 connected to switch3 via switch2 which doesnot have vlan 10.

Hello Arjun,

you may be facing limitations in the software emulation.

It is well known that LAN switching emulation is not perfect.

Real LAN switches work in hardware using ASIC chips that allow them to perform efficiently also the kind of controls about existance of Vlans in local database.

You can check what vlans exist in the local database using

show vlan

Are those vlans 10.20,30 really missing from the device?

Have you changed mode to VTP transparent before deleting the vlans or after?

What VTP mode was before ( VTP server I guess in vtp client mode you shouldn't be allowed to delete vlans)?

A trunk is simply a link that is member of multiple Vlans at the same time but it does not  provide transport service for whatever vlans.

Hope to help

Giuseppe

The swicth was always on VTP transparent mode.The vlans are deleted.just to make sure i erased startup config and vlan.dat after deleting the Vlans.Then suspecting that the vlan database may not have been erased i replaced the swicth in the middle with a completely new switch and configured it as a transparent switch.It is still passing tarffic for vlans that it doesnt have.

Can you provide me documentation that suggests otherwise.

It is indeed emulation SW problem.

Switch without VLAN configured will drop incoming traffic in HW with the following counter growing: "RxBuffer Drop DestIndex Count". It means that switch reading the frame header and can't understand where to foward traffic as there are no VLAN of this kind set.

Just tested that on 3560 - it does what is explained above.

Nik

HTH,
Niko

So Nik what you are saying is that the middle switch wont forward traffic from swicth1 vlan 10 to swicth 3 vlan 10 as the middle switch(swicth 2) doesnt have vlan 10??

It would be great if you could provide me link of a cisco documentation.

Hi Arjun,

I guess there will not be any exact link with same test. The configuration described above is not expected to work . The working configuration - is to have VLAN consistency across all switches in domain to pass traffic through. Thus applying that config you create unsupported configuration which should not work on Cisco software and can work unpredictably on 3rd party emulation software.

You can go through LANSW design links to get more details:

http://www.cisco.com/en/US/tech/tk389/tk390/tk6/tsd_technology_support_sub-protocol_home.html

http://docwiki.cisco.com/wiki/Internetwork_Design_Guide_--_Designing_Switched_LAN_Internetworks#Common_Software_Infrastructure

http://www.cisco.com/en/US/tech/tk389/tk689/tech_design_guides_list.html

Nik

HTH,
Niko
Review Cisco Networking for a $25 gift card