cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1520
Views
25
Helpful
13
Replies
Highlighted
Beginner

vlan trunk

hello guys,

I'm looking for some help to get this clear. Quoting CISCO:

 

“A native VLAN is assigned to an 802.1Q trunk port.”

 

“Native VLAN is VLAN 1 by default. “

 

 

“A VLAN trunk does not belong to a specific VLAN; rather, it is a conduit for multiple VLANs between switches and routers.”

Isn't the last sentence denying the first two ??

It doesn't make sense at all to me.

Appreciate your help! 

BR

Adam 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

Hi Adam,

Hi Adam,

Of course it's okay to ask further - that's what these forums are here for :)

But if the frame is originating from an access port in VLAN 35 and the native VLAN on the trunk is set to VLAN1, and the trunk port is participating in VLAN35 it will be tagged, correct ?

Correct.

So basically all I need to remember is that, if VLAN the frame belongs to equals the native VLAN on the trunk = no tagging. Correct ? 

Correct.

c) Let's say the switch receives a frame originating from a port in VLAN40, but the trunk is not configured to participate in VLAN40 and it's native VLAN is set to VLAN60, the frame will be dropped. Am I right ?

Correct. More precisely said, if a frame was received over another port in VLAN40 but the trunk does not participate in VLAN40, the frame can not be sent out through this trunk. The frame, however, does not necessarily get dropped - perhaps it can be sent out another trunk or an access port on the switch that participates in VLAN40 (for example, if it is a broadcast frame). The setting of native VLAN on the trunk does not influence the possibility of sending the frame out the trunk: First and foremost, the trunk must participate in a particular VLAN, only then it makes sense to ask whether the frames from this VLAN shall be tagged.

Just to add to the proper terminology, the set of VLANs a trunk participates in is also called the list of allowed VLANs on a trunk, and can be controlled using the switchport trunk allowed vlan command. By default, all VLANs are allowed on a trunk. If the switch receives a frame over some other port in VLAN40, this frame can be sent out over a particular trunk only if VLAN40 is allowed on that trunk (this is the same as saying that the trunk participates in VLAN40). Only if the VLAN40 is allowed on the trunk the frame can be forwarded through it - and only then it makes sense to ask whether the VLAN40 also happens to be the native VLAN on the trunk. If so, the frame would be forwarded untagged, otherwise, it would be tagged.

Best regards,
Peter

View solution in original post

13 REPLIES 13
Highlighted
Hall of Fame Cisco Employee

Hi Adam,

Hi Adam,

Isn't the last sentence denying the first two ??

Not really but it's admittedly worded poorly. It wants to say this:

A VLAN trunk is a port that is not assigned and limited to a single particular VLAN; rather, it participates in multiple VLANs, allowing traffic from all these VLANs to be carried over to the attached device. One of the VLANs in which a trunk port participates is the so-called native VLAN, and by default, it is VLAN 1.

Would this make more sense?

Best regards,
Peter

Highlighted
Beginner

Hi Peter,

Hi Peter,

thank you for taking time to answer ! 

Let me ask differently.  I'm just puzzled with the sentence "“A VLAN trunk does not belong to a specific VLAN; rather, it is a conduit for multiple VLANs between switches and routers.”

So when you say "One of the VLANs in which a trunk port participates" what do you exactly mean with participates? That the trunk port is in the given VLAN or that it processes traffic for that VLAN ? 

Looking forward hearing from you Peter! 

Best regards

Adam 

Highlighted
Hall of Fame Cisco Employee

Hi Adam,

Hi Adam,

With "participating in a VLAN" I mean "being allowed to send and receive frames in this VLAN". An access port participates in a single VLAN only. A trunk participates in multiple VLANs.

As always, feel welcome to ask further!

Best regards,
Peter

Highlighted
Beginner

Hi Peter,

Hi Peter,

thank you, now it's clear to me. 

Can you please tell me whether the port / ports that are "members" of the trunk, should be also in a VLAN.

From what I understood, it should be the Native VLAN, correct? 

And by default it's the VLAN1. So would I have to (in terms of best practice ) to create another VLAN only for trunking purposes ? 

Thank you in advance Peter! 

Best regards

Adam 

Highlighted
Hall of Fame Cisco Employee

Adam,

Adam,

Can you please tell me whether the port / ports that are "members" of the trunk, should be also in a VLAN.

I am afraid there is still some confusion. A trunk is a physical port. A port cannot be a member of a trunk. A port is either a trunk or an access port. By saying "trunk" or "access port" we talk about the mode of operation of a particular physical port.

Because the terminology in your question is not entirely right, I am not sure what you wanted to ask about. Can you rephrase your question?

So would I have to (in terms of best practice ) to create another VLAN only for trunking purposes ? 

No, that's not right. The purpose of trunking is to carry traffic of multiple VLANs through a single physical port (the trunk port) to another switch so that the other switch can properly dinstinguish which received frame goes to which VLAN, thereby keeping the VLANs separated. There is no such thing as a "VLAN for trunking".

Regarding the native VLAN: On a trunk port, traffic from different VLANs is marked using so-called tags which are inserted into frames as they are sent out from a trunk port. Each tag contains the number of the VLAN the frame belongs to. In essence, each frame sent out from a trunk contains the ID of the VLAN in which the frame is being processed. The device at the other end of the trunk link reads these tags and sorts the received frames into appropriate VLANs. There is only one exception to this rule: The native VLAN is the only VLAN on a trunk port whose traffic is not tagged. Frames in this VLAN will not be tagged when being sent out from a trunk port, and received frames without a tag will be processed in this native VLAN. That's all that is to a native VLAN. Apart from this lack of tagging, there is nothing special about it.

Best regards,
Peter

Highlighted
Beginner

Hello Peter,

Hello Peter,

thank you for your detailed explanation, please excuse that I'm not clear enough in my questions :/ 

Let me ask you this way. Let's say I have a brand new switch with 24 fastEthernet ports. By default all 24 ports will belong to  VLAN1 (the default VLAN). No let's assume I assign ports from 1 to 23 to various VLANs (so all are access ports). So ports 1 - 23 are in different VLANs but none of them is in VLAN1 any more. Now I want to configure port 24 as a trunk port. Will be the trunk port itself still in VLAN1 ? 

Also another scenario.

Same switch, port 1 to - 22 configure as access ports and located in 2 VLANs 10 and 20. Port 23 is still in default VLAN1. Port 24 is configured as a trunk port. According to CISCO the VLAN1 is the management and native VLAN by default. So why wouldn't by a frame coming from port 23 by tagged that it's VLAN1 ?

It's somehow confusing to me still . . . 

Best Regards

Adam 

Highlighted
Hall of Fame Cisco Employee

Hi Adam,

Hi Adam,

Let's say I have a brand new switch with 24 fastEthernet ports. By default all 24 ports will belong to  VLAN1 (the default VLAN). No let's assume I assign ports from 1 to 23 to various VLANs (so all are access ports). So ports 1 - 23 are in different VLANs but none of them is in VLAN1 any more. Now I want to configure port 24 as a trunk port. Will be the trunk port itself still in VLAN1 ? 

Recall my definition of "participate in VLAN X" as a shorthand for "being allowed to send and receive frames in VLAN X". Before you set up port 24 as a trunk port, it is an access port participating in VLAN1, or, as you said, the port "is in" VLAN1.

In the moment you configure port 24 as a trunk port, this port starts participating in all VLANs created on the switch. So it remains participating in VLAN1, and in addition, it starts to participate in all other VLANs. In other words, a trunk port "is in" all VLANs.

Same switch, port 1 to - 22 configure as access ports and located in 2 VLANs 10 and 20. Port 23 is still in default VLAN1. Port 24 is configured as a trunk port. According to CISCO the VLAN1 is the management and native VLAN by default. So why wouldn't by a frame coming from port 23 by tagged that it's VLAN1 ?

If a frame comes into port 23 which is an access port in VLAN1, the switch will remember that this frame belongs to VLAN1. If the switch decides that the frame is going to be sent out the port 24 which is a trunk port, the switch will check the native VLAN setting on the trunk port 24, and if the native VLAN is VLAN1 - the same as the VLAN into which the frame belongs - the frame will not be tagged. Remember, the native VLAN is the only VLAN on a trunk that does not use tags. All other VLANs use tags. If a frame comes into one of the other access ports in VLAN 10 or 20 and is going to be sent out from trunk port 24, it will be tagged appropriately because the VLAN of the frame is not the same as the native VLAN on that trunk.

Native VLAN is configured on a per-trunk basis - it is the property of a trunk port. Different trunk ports can be configured with different native VLANs (although in most cases, this is not necessary, nor is it considered best practice). By default, the setting of native VLAN on all trunk ports on a switch is VLAN1, because that is the only VLAN that exists on a switch reset to factory defaults, and so the only one guaranteed to exist at all times.

As always, feel welcome to ask further!

Best regards,
Peter

Highlighted
Beginner

Hello Peter,

Hello Peter,

If it's ok with you I would like to ask further :)

a) If the switch decides that the frame is going to be sent out the port 24 which is a trunk port, the switch will check the native VLAN setting on the trunk port 24, and if the native VLAN is VLAN1 - the same as the VLAN into which the frame belongs - the frame will not be tagged.

But if the frame is originating from an access port in VLAN 35 and the native VLAN on the trunk is set to VLAN1, and the trunk port is participating in VLAN35 it will be tagged, correct ? 

b) Remember, the native VLAN is the only VLAN on a trunk that does not use tags. All other VLANs use tags.

So basically all I need to remember is that, if VLAN the frame belongs to equals the native VLAN on the trunk = no tagging. Correct ? 

c) Let's say the switch receives a frame originating from a port in VLAN40, but the trunk is not configured to participate in VLAN40 and it's native VLAN is set to VLAN60, the frame will be dropped. Am I right ?

Thank you in advance Peter for your incredible support!

Best regards

Adam  

Highlighted
Hall of Fame Cisco Employee

Hi Adam,

Hi Adam,

Of course it's okay to ask further - that's what these forums are here for :)

But if the frame is originating from an access port in VLAN 35 and the native VLAN on the trunk is set to VLAN1, and the trunk port is participating in VLAN35 it will be tagged, correct ?

Correct.

So basically all I need to remember is that, if VLAN the frame belongs to equals the native VLAN on the trunk = no tagging. Correct ? 

Correct.

c) Let's say the switch receives a frame originating from a port in VLAN40, but the trunk is not configured to participate in VLAN40 and it's native VLAN is set to VLAN60, the frame will be dropped. Am I right ?

Correct. More precisely said, if a frame was received over another port in VLAN40 but the trunk does not participate in VLAN40, the frame can not be sent out through this trunk. The frame, however, does not necessarily get dropped - perhaps it can be sent out another trunk or an access port on the switch that participates in VLAN40 (for example, if it is a broadcast frame). The setting of native VLAN on the trunk does not influence the possibility of sending the frame out the trunk: First and foremost, the trunk must participate in a particular VLAN, only then it makes sense to ask whether the frames from this VLAN shall be tagged.

Just to add to the proper terminology, the set of VLANs a trunk participates in is also called the list of allowed VLANs on a trunk, and can be controlled using the switchport trunk allowed vlan command. By default, all VLANs are allowed on a trunk. If the switch receives a frame over some other port in VLAN40, this frame can be sent out over a particular trunk only if VLAN40 is allowed on that trunk (this is the same as saying that the trunk participates in VLAN40). Only if the VLAN40 is allowed on the trunk the frame can be forwarded through it - and only then it makes sense to ask whether the VLAN40 also happens to be the native VLAN on the trunk. If so, the frame would be forwarded untagged, otherwise, it would be tagged.

Best regards,
Peter

View solution in original post

Highlighted
Beginner

Hello Peter,

Hello Peter,

thank you so much! 

I'm impressed with the way you explain. I collect ALL your comments to my question for further reference. 

I would like to thank you, it appreciate each and every comment. You're  a true inspiration! 

Looking forward to hear from you soon :)

Best regards

Adam  

Highlighted
Hall of Fame Cisco Employee

Adam,

Adam,

I am honored and humbled. It is always so incredibly rewarding to know that I could be of help. Discussing networking topics with you is always a great pleasure - you are a very good debater. I hope to continue our discussions here on whatever topic you find interesting, provided - of course - I feel competent about it.

Thank you!

Best regards,
Peter

Highlighted
Beginner

Hi Adam,

Hi Adam,

By default, a port without switchport configuration is actually operating as an access port. And that port is assigned to a VLAN, that is the default native VLAN 1. Which means on a fresh switch, all ports belong to VLAN 1 - native VLAN making possible for traffic to pass across all ports.

The other mode of operation is trunk. You configure the port as a trunk if you need multiple VLANs to pass over that port (i.e going to L3 capable device for inter-vlan routing, going to a different switch where the VLANs also exist). All traffic that did not originate on a port configured as an access port (untagged) will pass thru the trunk port as the native traffic.

The main thing is that traffic belong to specific VLANs you created, otherwise they belong to the native VLAN (untagged). 

Trunk does not belong to a specific VLAN, but it needs to be assigned a native vlan for all untagged or unclassified VLAN traffic. If you did not configure a native vlan on the trunk, it uses VLAN 1 by default. Please note also, the native VLAN on both ends of a trunk must match.

Kind Regards,

Chezter

Highlighted
Beginner

how like that?

how like that?

CreatePlease to create content
Content for Community-Ad