What will happen if access ports get a tagged packet of the Same VLAN?

royavi5302 · ‎04-06-2024

HostA (eth0.20) ----> (F1/1)[SW1](F1/2) ---> (F1/2)[SW2](F1/1) ---> (eth0.20)HostB

Lets say F1/1 (SW1) is an access port and part of VLAN 20 and I configured a Ubuntu HostA with eth0.20. As per the logic an Access port can only accept packet untagged but part of that same VLAN.

In this case when the HostA sends the packet to HostB, will SW1 Port F1/1 accept the packet? So F1/1 is the access port and part of VLAn 20 and eth0 is also part of VLAN 20 but sending a Taged packet.

I have not mentioned the switch mode of F1/2 as I want someone to suggest the ideal mode.

Unfortunetly I could not try this scenario on the Packet tracer as I can not create eth0.20 nic.

Joseph W. Doherty · ‎04-06-2024

"As per the logic an Access port can only accept packet untagged but part of that same VLAN."

I don't believe that's always correct. I.e. some Cisco switches will accept tagged frames on access ports, provided they have a zero VLAN number (used for L2 Cos), use the VLAN number the access port is assigned to, or use the VLAN number for a voice VLAN assigned to the access port.

MHM Cisco World · ‎04-08-2024

will check it in lab

update you tomorrow
MHM

KJK99 · ‎04-08-2024

@royavi5302

If you have a Ubuntu server with an interface eth0.20, it means that there are two interfaces on the NIC. One is a parent interface, eth0, and the other is a child interface, eth0.20. If you send a frame from the parent interface, the frame will be untagged. If you send a frame from a child interface, the frame will be tagged with the associated VLAN ID, 20 in your case.

An access port on a switch will, of course, accept untagged frames and place them in the VLAN the access port belongs to. It will also accept frames that are tagged, but only if the tag indicates that the frame belongs to the VLAN of the access point. This feature is called 'Ingress Filtering' and it is always enabled on access or trunk ports.

However an access port will send only untagged frames. And, if an untagged frame comes to a Ubuntu NIC described above, it will go to the eth0 interface, not eth0.20. Only frames tagged with VID 20, will go to the eth0.20 interface.

That means that an access port is not a good match for a NIC with two or more interfaces. Instead, a trunk port should be used. In your case, it should be a trunk port that belongs to VLAN 20 and the VLAN with a subnet that matches the subnet of the eth0 interface. This second VLAN should be the native VLAN on the trunk port.

Kris K

Joseph W. Doherty · ‎04-08-2024

"It will also accept frames that are tagged, but only if the tag indicates that the frame belongs to the VLAN of the access point."

Believe you may be overlooking frames with VLAN zero used just for L2 CoS tagging. (Unusual usage, though.)

"However an access port will send only untagged frames."

Except when access port supports a "voice" VLAN (or if it can create VLAN zero tagged frames).

NB: a "voice" VLAN, on an access port, isn't restricted to just VoIP usage although that would almost always be what it's used for.

KJK99 · ‎04-08-2024

@Joseph W. Doherty

Voice VLAN access ports...

I call them smart ports with the default behaviour of access ports. They behave like access ports only if their smarts cannot figure out what devices are connected to them. There are different types of smart ports.

Kris K

Richard Burts · ‎04-09-2024

The OP asks "I have not mentioned the switch mode of F1/2 as I want someone to suggest the ideal mode". We do not know enough about this environment to be able to give good advice. So far the only vlan mentioned is vlan 20. Is there anything in the environment/design that calls for other vlans? If there are to be other vlans then configuration of the interface as a trunk may be desirable. If vlan 20 is to be the only active vlan then certainly configuration of F1/2 as an access port would be appropriate.

HTH

Rick