Solved: Vlan Tagging quicky

hellspire69_2 · ‎08-25-2011

Morning All,

just a quick question as this is really bugging me. When I send a packet from my pc destined for the internet, before the packet reaches the core when my SVIs are for routing purposes does the it still get tagged with the vlan id up the trunk? even though its a layer 3 packet? layout is myPc --> switch --trunk--> Core --> router.

Thanks for the help!

Dan

Peter Paluch · ‎08-25-2011

Hi Dan,

This depends on what the connection between your Core and router is. If it is a trunk then your packet will probably be carried in a tagged frame - however, that will be the tag of another VLAN that is at the egress side of your Core switch, in which the router resides. If would not be the tag of the VLAN your PC is located in (otherwise, you would be performing intra-VLAN switching, not inter-VLAN routing).

If the Core/router link is configured as an access link or a routed link (no switchport) then the frame will be untagged.

EDIT: I apologize - I misread your original query. I thought you were asking about the Core/router link, and I answered that. Regarding the connection between the switch and the Core - Ian (below) is right. Sorry for causing confusion.

Best regards,

Peter

View solution in original post

Jon Marshall · ‎08-25-2011

Dan

Think there may be some confusion between L2 and L3.

A trunk carries multiple vlans and each of these vlans are tagged, with the exception of the native vlan on an 802.1Q trunk.

So the SVI for your vlan is on the core switch. Your packet is destined for a remote network so it needs to be routed to that network. To get to the SVI to be routed it has to be L2 switched to the core switch.

The local switch is connected to the core by a trunk link. So assuming there are multiple vlans on your switch when your packet goes from your local switch to the core there has to be a way of identifying which vlan it is when it sent across that trunk link. To do this a vlan tag will be added to your packet (assuming as Ian says, your PC is not in the native vlan of the switch). Once it gets to to the core the core switch then removes the vlan tag and sends it to the SVI.

So whether the packet is destined for another PC in the same vlan or whether it is destined for another subnet to get across the trunk link your packet must still be tagged with correct vlan ID.

Jon

View solution in original post

Jon Marshall · ‎08-25-2011

Dan

Yes, if there is another trunk link between the core and router then your packet will be tagged on that as well.

Jon

View solution in original post

Peter Paluch · ‎08-25-2011

Hi Dan,

This depends on what the connection between your Core and router is. If it is a trunk then your packet will probably be carried in a tagged frame - however, that will be the tag of another VLAN that is at the egress side of your Core switch, in which the router resides. If would not be the tag of the VLAN your PC is located in (otherwise, you would be performing intra-VLAN switching, not inter-VLAN routing).

If the Core/router link is configured as an access link or a routed link (no switchport) then the frame will be untagged.

EDIT: I apologize - I misread your original query. I thought you were asking about the Core/router link, and I answered that. Regarding the connection between the switch and the Core - Ian (below) is right. Sorry for causing confusion.

Best regards,

Peter

hellspire69_2 · ‎08-25-2011

Ok well its exactly like this:

myPc --> switch --trunk--> Core(SVI) --trunk-->ServerFarm Switch --AccessPort--> router.

IAN WHITMORE · ‎08-25-2011

Yes, unless it's the native vlan (which is unlikely) it will get tagged between the switch and the core as it goes over the trunk.

Regards,

Ian

Jon Marshall · ‎08-25-2011

Dan

Think there may be some confusion between L2 and L3.

A trunk carries multiple vlans and each of these vlans are tagged, with the exception of the native vlan on an 802.1Q trunk.

So the SVI for your vlan is on the core switch. Your packet is destined for a remote network so it needs to be routed to that network. To get to the SVI to be routed it has to be L2 switched to the core switch.

The local switch is connected to the core by a trunk link. So assuming there are multiple vlans on your switch when your packet goes from your local switch to the core there has to be a way of identifying which vlan it is when it sent across that trunk link. To do this a vlan tag will be added to your packet (assuming as Ian says, your PC is not in the native vlan of the switch). Once it gets to to the core the core switch then removes the vlan tag and sends it to the SVI.

So whether the packet is destined for another PC in the same vlan or whether it is destined for another subnet to get across the trunk link your packet must still be tagged with correct vlan ID.

Jon

hellspire69_2 · ‎08-25-2011

Thanks Jon!

So just to clarify (I will do some wireshark i think any how) even though it will be router to navigate the first trunk link from my pc then tag will be added. then when the core forwards the packet on from the SVI over the next trunk to the access port that feeds on to the router it will also have a vlan added? the vlan added will be that of the port to the router i.e 500?

Dan

Jon Marshall · ‎08-25-2011

Dan

It's not routed to the core. It is L2 switched to the core. The packet does need to be routed to the destination address but it is not actually routed until it gets to the core switch.

The key difference between routing and switching is -

1) routing is used to get the packet to the correct network

2) switching (L2 switching) is used to deliver the packet on the same network.

So yes your packet needs to be routed but to get to core SVI, that is the same network so it is L2 switched. L2 mac-addressing is used to deliver the packet to each next-hop. L3 addressing is used to determine the next-hop.

So in your example -

1) packet from your PC is L2 switched to core switch. If the packet has to get to the core via a trunk link then (assuming it is not the native vlan) a tag will be added across the trunk link which is removed when it gets to the core switch

2) the packet is received by the L3 SVI for the PC vlan. The core switch then does a L3 IP lookup in the route table to see where to send the packet. The next-hop is the router.

3) What happens next depends on the configuration of the port connecting the core switch to the router -

1) If it is a routed port then vlans do not come into it.

2) If it is configured as a switchport access port ie. -

int gi0/1

switchport mode access

switchport access vlan 10

then there is no vlan tagging because that is not a trunk link

3) if it is a trunk link to the router then yes it will have a vlan tag added (again providing it is not the native vlan).

With all 3 options above the destination mac-address will the interface of the router connecting to the core switch.

Jon

hellspire69_2 · ‎08-25-2011

Thanks Jon for your amazing help! From the SVI the core has to traverse another trunk link to get to the switch that the router is plugged into, on vlan 500(switchport access vlan 500). So I think from The SVi it will get tagged with 500 then removed at the server switch an pushed on out

Jon Marshall · ‎08-25-2011

Dan

Yes, if there is another trunk link between the core and router then your packet will be tagged on that as well.

Jon