---

Thank you omz to really helpful answer. If the link between SW A & SW B is Access so Packet capture on SW-A int e0/0 not shows vlan ID 10 tag right ?

if the ports e0/0 between sw-a and sw-b are access ports in vlan 10 .. then yes you are right... frames are not tagged.

just to add - if the switch access ports were in vlan 1 (instead of on vlan 10) .. that is native vlan .. 

we will not see vlan 10 tag .. as frames on native vlan are not tagged.

Hello @omz 

Thank you for your answer clearly 

I have another question, in case the link btw 2 switch is trunk mode. The frame in e0/1 without VLAN tag so when the frame arrived e0/0 so how the switch know which vlan this frame belong to to tag vlan id before forwarding out ?

Whether depend on the source MAC so it know the port and vlan which frame was forwarded from ?

How do u think about this article ? is it wrong ?

https://networkdirection.net/articles/network-theory/taggeduntaggedandnativevlans/#Untagged_VLANs 

Hi

The article is correct, on a trunk port, a frame without a tag, is considered to belong to the native vlan. If the native vlan is not configured, it is by default vlan 1 on cisco switches.

/Mikael

Hi Mikael
If this article is correct, so it's wrong with what did you and omz said.
1. A host will send a frame without a tag
2. The frame enters an untagged port on switch 1, configured with VLAN 10 in this case. The switch adds the VLAN tag to the frame (Same with e0/1 in @omz answer, but in this article, the frame still has been tag)
3. Switch 1 determines that port 2 should send this frame to switch 2. This is a tagged port, so it checks that VLAN 10 is allowed on this port. If it is, it leaves the tag intact, and sends the frame. If VLAN 10 is not allowed, it drops the frame
4. Switch 2 receives the frame on tagged port 1. This switch also determines if VLAN 10 is allowed on this port, and drops it if it is not. Switch 2 determines that port 2 should send the frame
5. Since port 2 is an untagged port, it strips the tag from the frame, and then sends it
Host B receives the untagged frame

Hi HuyDC

Is this your most recent message?

Sorry I don't understand the question can you please re-word?

If you are asking about how switch sends on trunk port.. then .. as Mikeal said .. it will check the allowed vlan if the frame is tagged, if not tagged then send on native vlan, bu default vlan 1 is native vlan. you can change the native vlan to different vlan.

Frames on native vlan are not tagged, so if vlan 10 was configured native vlan for a trunk, frames on vlan 10 will not be tagged.

Just for info - Native vlan concept only applies to dot1q trunks links only. Access ports or Cisco ISL trunks don't have a native vlan. ISL is Cisco proprietary nowadays no one uses ISL.

Hope this helps.

Hi @omz , sorry if my question make you confusing.

My biggest question here is: Does the e0/1 port tag the VLAN ID 10 to frame ?

1. I agree that when it received original frame from client, it's have no VLAN information, that mean no VLAN tag as your 1st post image

But i am wondering, after received whether it tag VLAN 10 to the frame before forward it to e0/0. i think it would be YES because when it arrived e0/0, your image show that it have VLAN tag 10

I clear what e0/0 do before send out frame to SW-B, my question just focus on the period from e0/1 received frame to e0/0 received frame, what's switch do to differentiate the VLAN whether it tag VLAN ID or do another way ?

Hi

1 correct

2 the switch always add a tag so it can internally decide what vlan the frame arrived on. If the incoming port is "switchport access vlan 10" then the switch adds tag 10 to the frame, when the switch will send the frame out, it depends on the outgoing interface how it will do with the tag. If the outgoing interface is a trunkport with native vlan=not vlan 10, then the switch send the frame with a tag 10. If the port is a trunkport with native vlan=10, then the switch sends the frame without a tag. If the port is accessport the switch will send the frame without a tag.

3,4,5 correct

/Mikael

VLAN tagging is happening after traffic pass through e0/1(Access port) and before e0/0(Trunk port). hope this is clear

correcting my answer. The right answer is Trunk port is doing the VLAN tagging process. It was published in cisco official document.
Please refer this link - https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging#:~:text=VLAN%2Denabled%20ports%20are%20generally,for%20only%20a%20single%20VLAN.

Thank you @mlund & @omz  for your answer. As @mlund said, so VLAN tag will be not using for differentiate VLAN so it's another sort of an internal tag and depend on each vendor, do u know any ?

But if that, I have another question, what's switchport access vlan 10 meaning on port.

As I understood now, after enter this command and plug the client in, switch will insert "MAC Port VLAN" into MAC address table. When the frame arrived fa0/1 port, it will look up at MAC address table for the VLAN which fa0/1 belong to. If there is any matching entry, it will be forward frame to this port.

P/s : Sorry if my English make you confusing. I am from not native country. Thank you too much