Solved: Thanks Jon. I would like to

SREENATH R · ‎08-20-2015

HI All,

We have a requirement whereby we need to tag the physical interface (please note: not the sub interface) of a router to a particular vlan. I am aware of how to do this on the sub interface and for what I am trying to do, I want to avoid creating the sub interface if I can tag the physical interface with a particular vlan-id. I am aware of the "vlan-id dot1q "command on cisco 2821" but that does not seem to work..
Has anyone done this and if so can they share their experience. Please let me know if I execute the below config , will the interface Gi0/0 send out the packets having vlan 45 encapsulated data frame ?
Thanks in advance .

interface GigabitEthernet0/0
description undefined
ip address 172.16.3.2 255.255.255.0
duplex full
speed 100
vlan-id dot1q 45
exit-vlan-config

Jon Marshall · ‎08-20-2015

I just did a quick search and it seems although the description of that command is what you want it actually doesn't work as you have found out or at least other people are saying it doesn't.

So I guess the questions are -

1) are there subinterfaces on this main interface ?

If not can you not make the port on the switch an access port in vlan 45 ?

2) if there are subinterfaces can you not just make the native vlan on the trunk vlan 45.

I appreciate neither of the above will tag that vlan so they may not be what you are looking for but if that command does not work as intended it's difficult to see what else you could do.

Edit - if I get time later I will see if I can test it but it doesn't sound from what I have read that it works as described.

Jon

View solution in original post

Jon Marshall · ‎08-20-2015

I just did a quick search and it seems although the description of that command is what you want it actually doesn't work as you have found out or at least other people are saying it doesn't.

So I guess the questions are -

1) are there subinterfaces on this main interface ?

If not can you not make the port on the switch an access port in vlan 45 ?

2) if there are subinterfaces can you not just make the native vlan on the trunk vlan 45.

I appreciate neither of the above will tag that vlan so they may not be what you are looking for but if that command does not work as intended it's difficult to see what else you could do.

Edit - if I get time later I will see if I can test it but it doesn't sound from what I have read that it works as described.

Jon

SREENATH R · ‎08-20-2015

Hi Jon,

I appreciate your help. If use the following set of config in the corresponding connected switch port , will it work in right way ? I meant to ask, if the switch forward a packet to the router gi 0/0 , the switch will not tag any vlan id for vlan 45 as it belongs to native vlan, right ? and the same way when router reply back to switch it also don't tag any vlan id (as "vlan-id dot1q" command doesn't do anything ), right ? There are no sub interfaces for Gi 0/0 on router. Please confirm the same, will it work in the right way or not ? I guess there will mot be any vlan id taging for vlan 45 traffic between router and switch.

interface GigabitEthernet 2/9
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45
switchport mode trunk
speed 100
duplex full

Jon Marshall · ‎08-20-2015

If there are no subinterfaces and you don't intend to have any then I would use the other option ie. on the switch -

int gi2/9
switchport
switchport mode access
switchport access vlan 45
spanning-tree portfast

is there a reason why you want the connection to be a trunk ?

Jon

SREENATH R · ‎08-21-2015

Hi Jon,

My intention is to find why such a configuration is there on the switch and router. But I am sure it is working fine between switch and router. I need to know how the below config is working fine in between the switch and router ? I guess there will not be any vlan tagging between the devices and "vlan-id dot1q 45" will be an incomplete command or config on the router. Please confirm how the below scenario is working fine .

Router :

interface GigabitEthernet0/0
description undefined
ip address 172.16.3.2 255.255.255.0
duplex full
speed 100
vlan-id dot1q 45
exit-vlan-config

!

Switch :

interface GigabitEthernet 2/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45
switchport mode trunk
speed 100
duplex full

Jon Marshall · ‎08-21-2015

Okay, sorry I misunderstood what you were asking.

Yes I don't think that command is doing anything.

Your switch is sending untagged packets in vlan 45 to the main interface on the router and they are accepted simply because a router expects untagged packets on it's main interface.

As far as I can tell it is the "switchport trunk native vlan 45" command that makes this work and not the "vlan dot1q 45" command on the router.

Edit - if you are thinking of removing that command from the router interface though I would do it out of hours just in case :-)

Jon

SREENATH R · ‎08-21-2015

Thanks Jon. I would like to understand the command " vlan-id dot1q 45
exit-vlan-config " is not making any tagging on the router interface. As we all know the encapsulation will apply usually on sub-interfaces . But here the thing is on physical interface. In another scenario (the blow config), I could see " vlan-id dot1q 5 " also communicating with the switch. So I just wondered if any vlan tagging is there , how the router will communicate with switch ? because the router will send packet with vlan tag as 5 and in switch the allowed vlan is only 45. So we can assume "vlan-id dot1q 5" is not function on the router physical interface.
May I know about the use of "vlan-id dot 1q<vlan-id>" .Suppose in case If we need to tag valn 5 on this router physical interface what will be the required full config also ?

Router :

interface GigabitEthernet0/0
description undefined
ip address 172.16.4.2 255.255.255.0
duplex full
speed 100
vlan-id dot1q 5
exit-vlan-config

!

Switch :

interface GigabitEthernet 2/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45
switchport mode trunk
speed 100
duplex full

Jon Marshall · ‎08-21-2015

Are you sure I your last post that is the correct port on the switch because it is the port number as your earlier post ?

If the configuration is correct then I can't see how that command is doing anything at all because if it was tagging packets with vlan ID 5 then the switch would drop them because the only vlan allowed on the trunk is vlan 45.

So I'm really not sure what that command is doing if anything in your setup.

If I get the chance later today I may test that command to see if it does anything but from your configurations and what other people have reported it doesn't seem to do what it says it should.

Perhaps there are specific circumstances where it works.

Jon

SREENATH R · ‎08-21-2015

Hi John,

Yes ,the above configuration is right and it is working fine. Don't compare this configuration with my first scenario as there is no connection between these two. I just need to know how it is working fine ? I am expecting your precious reply. Thank you.

Router :

interface GigabitEthernet0/0
description undefined
ip address 172.16.4.2 255.255.255.0
duplex full
speed 100
vlan-id dot1q 5
exit-vlan-config

!

Switch :

interface GigabitEthernet 2/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45
switchport mode trunk
speed 100
duplex full

Jon Marshall · ‎08-21-2015

It can only be working as far as I can see if the router is simply ignoring that command because as you say if the router was tagging packets then the switch wouldn't accept them and in addition if the switch is sending untagged packets but the router is expecting tagged packets then again it wouldn't work.

So as far I can see the router is simply ignoring that command.

Jon

VLAN Tagging on the router (cisco 2821) physical interface