VLAN trunking w/ dot1q and Native VLAN

Netstudent

I got Routing on a stick nailed down pretty good, but I'm still a little confused with 802.1Q and Native Vlans. Especially when configuring vlans across multiple switches. The books say that the native VLAN by default is 1. So lets say I have 2 switches and a router with 3 VLANS spanned across both switches. One of the VLANS is VLAN1 of course. So when I set up the Trunk ports, those trunk ports will be in vlan1 by default. The book says that dot1q does not encapsulate frames in the native VLAN when sending frames across a trunk. lets say hypothetically the other two vlans are 2 and 3.

1. So if a frame goes from Switch1 to switch 2 while staying in the same vlan2, will it lose the tag because the trunk port is in VLAN1? or does the trunk port on switch 2 w/ a native VLAN just leave it alone and pass it on to the port with the corresponding MAC address.


2. Is it a common practice to have all the trunk ports in VLAN1 or the native vlan?

Also the book says "When the switch on the other side of the link recieves a frame in the native vlan, it notices the lack of a 802.1Q header and knows that the frame is part of the native VLAN.

But what if the frame isn't a part of the native vlan, like I stated previously. What if it is part of VLAN2 and is just going across the trunk.

I just have a couple of small gaps in my conceptualization that maybe someone could fill in for me and it will all come together.

This is really erking me out because I can't seem to nail down this concept and I should. Should I bang my head against the desk over VLANS across multiple switches for the CCNA? OR should I just grasp routing on a stick and worry about the rest in CCNP?

remyforbes777

Native VLANs (VLAN1) aren't tagged because they don't need to be. Setting a port to trunking mode carries all VLAN information over it. It tags the ones that are not native to distinguish which vlan to send the data to. If a switch receives a packet that is not tagged then it knows its for the native vlan (vlan1) . Its the 802.1q protocol that does the tagging. You are probably thinking too hard about it.

ignign0kt

If I'm not mistaken... the trunk port will tag all frames that aren't in the native VLAN. If the native VLANs want to communicate across more than 1 switch, the trunk port won't tag it. I've never really thought about which VLAN the trunk port is on... or whether you can even change it. As long as the native VLANs match on the other switches, all is good.

Netstudent

Ya I tend to do that a lot, over-think it. When I learn something I want to get every detail in my brain and sometimes I confuse myself. Thanks for the replies guys. Maybe i need to just take a cisco breather and come back with a fresh mind. ignign0kt, you say you never thought about which vlan you have on your trunk ports. Is that because it doesn't matter or because you just never thought about it?

remyforbes777

This is how I looke at it. Since the port automatically routes traffic for all VLANs once put into trunking mode, what does it matter what VLAN it belongs to. I mean natively all ports are VLAN 1, but you are setting it up as a trunk port and if this is a Layer 2 swtich it contains no IP information so it really doesn't matter as far as I know.

Netstudent

Thanks, I got it now. It all came together just like i knew it would.

remyforbes777

Good glad that you were able to get the concept. Good luck.

EdTheLad

Just to add a little.
The trunk port by default will belong to all vlans. If you configure an allow list you can specify which vlans the trunk will allow so therefore the trunk will belong to all vlans specified in the allowed list.You can setup the allowed list manually or if you are running vtp you can configured vtp pruning which will dynamically add and remove vlans from the allowed list.

Netstudent

1. When configuring VTP pruning, can I just use the global configuration VTP pruning command and be done with it or is it mandatory to use the VTP pruning vlan {vlan ID} interface subcommand as well?


2. Is it common practice to put an IP on a VLAN interface for every vlan on every switch? Also I just read that you can give hosts in a vlan a default gateway address of that VLAN interface address. Would that be the only reason to assign an IP for all vlan interfaces on all switches?

The reason I'm asking is because I just went through that SIM on the CCNA prep center called
VLAN/VTP and the sim had me configure an IP on a VLAN interface for every single VLAN on every single switch involved in the SIM. So basically if a switch was a part of 3 vlans, then it had 3 VLAN interface IP's. All in different subnets. It said to do this so that you can give your host the default gateway IP which is the VLAN int IP for that VLAN on that switch that the host is on. GET IT?

I'v just never read about it or seen it done. I thought you just assign each switch a single IP for administrative purposes only.

Netstudent

::BUMP::

iproute

Netstudent wrote:

1. When configuring VTP pruning, can I just use the global configuration VTP pruning command and be done with it or is it mandatory to use the VTP pruning vlan {vlan ID} interface subcommand as well?

Don't know. Haven't configured VTP pruning. Probably won't before taking the ICND.

Netstudent wrote:

2. Is it common practice to put an IP on a VLAN interface for every vlan on every switch?

I believe it's common to put one IP address on a VLAN for each switch. This is a layer two switch you're talking about, yes?

Netstudent wrote:

Also I just read that you can give hosts in a vlan a default gateway address of that VLAN interface address. Would that be the only reason to assign an IP for all vlan interfaces on all switches?

If it's a layer 2 switch, putting the VLAN's IP address as the default gateway wouldn't help you (as far as I know). However, if it's a layer 3 switch, it has routing capabilities, and this might work (in theory, as I don't have a layer 3 switch to play with). I would expect that you'd still have to set the default gateway as one of the physical interfaces and not a VLAN IP.

Netstudent wrote:

I'v just never read about it or seen it done. I thought you just assign each switch a single IP for administrative purposes only.

That is the general idea as I understand it. If I remember correctly, about a month ago I tried to assign an IP address to two VLANs. While it let me do that just fine, each time I would no shutdown the interface, the other VLAN would go down. Essentially, it wouldn't let me have two VLAN interfaces no shutdown as the same time. Maybe I'm not remembering correctly; who knows?

Netstudent

Hmmm... Interesting

Those were my thoughts as well, however this SIM is strange. Maybe you can give it a whirl and see what you think. You must have a username and password for the cisco website though.

Has anyone else out there configured this SIM?

It is in the CCNA prep center, login, then click EXAM STUDY, then click "Configuring VTP/VLAN's from KnowledgeNet/NETq " from ICND lab sims.

Also if anyone out there has configured this SIM and taken the CCNA, how close is it to the real thing?

I guess they were layer3 switches and it just didn't say they were.

Rearden

I know this is a big bump, but I just wanted to mention that for security purposes sometimes only a specific vlan has an IP address. For example on our edge gear, vlan 1 is the only one with an IP address, and they are 10.x.x.x addresses. That way, only a few machines that have an interface in vlan1 in addition to its normal interface can connect to the switches to manage them. VLAN 1 is only used for management purposes here.

rjbarlow

Netstudent, also me I have done that lab and I found it extremely muddler . For CCNA exam the unique worry about VLANs interfaces for me will be the managment VLAN1. I am sorry like You for not understand all shades of the matter and I just know that I will feel much ignorant when I will go to take the exam.

EdTheLad

Rearden wrote:

I know this is a big bump, but I just wanted to mention that for security purposes sometimes only a specific vlan has an IP address. For example on our edge gear, vlan 1 is the only one with an IP address, and they are 10.x.x.x addresses. That way, only a few machines that have an interface in vlan1 in addition to its normal interface can connect to the switches to manage them. VLAN 1 is only used for management purposes here.

It's not really a security issue rather its a software limitation.A 2950 will only support one vlan interface running ip, if you configure an additional vlan interface it will shutdown the previous vlan interface.So its best to choose one management vlan and leave it at that.This is one thing that annoys me on the 2950.Best practices is not to use vlan 1 at all, better to assign all unused ports to a carpark vlan and use a seperate vlan for management.
Layer 3 switches group ports into vlans and each vlan gets a subnet address,same thing as assigning a management vlan on a layer 2 switch but you can run routing protocols on the vlan interfaces.

Rearden

Oh, I didn't realize that about the 2950s. The switches we use here are 3560Gs, a layer 3 switch. I just assumed that you could assign multiple IPs to all switches. Thanks for that info.

Netstudent

rjbarlow wrote:

Netstudent, also me I have done that lab and I found it extremely muddler . For CCNA exam the unique worry about VLANs interfaces for me will be the managment VLAN1. I am sorry like You for not understand all shades of the matter and I just know that I will feel much ignorant when I will go to take the exam.

RJ,

Don't let that practice SIM bother you. Basically the sim used layer 3 switches and didn't specify. The only thing that could have led anyone to that assumption is maybe the symbol they used for the core switch. As far as understanding the NAtive VLAN and encapsulation, I totally get it in it's full entirety now. The management VLAN is assigned an IP (called Switch Virtual Interface on layer 3 switch) so that the switch can be telnetted to and managed. Don't feel ignorant, not everything automatically clicks with everyone. Just pound vlans into your brain right before the test.