Intervlan routing quesion

Hi,
can someone help with a query please.

if 1 have a layer 2 switch, lets say port 5 is configure with vlan5. another layer 2 switch with port 6 in vlan6.

if the host in vlan5 wants to communicate with the host in vlan6, i need a layer 3 switch to do the intervlan routing, thats fine. so lets add a trunk link to a layer 3 switch between them with the correct int vlans configured.

where does the tagging get stripped / added? i assume the frame enters the first switch, gets tagged with vlan5, goes accross the trunk to the l3 switch..then what? vlan5 gets stripped and vlan6 added during the routing process? then enters the 2nd switch with the correct tag?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

Tags only exist on trunks. So when a switch or router sends a frame onto a trunk to another switch/router it tags it. The tag is stripped when it is received on the other side.

Dieg0M

It is routed then tagged on exiting the interface.

xnx

Isn't this question more appropiate in the CCENT/CCNA section?

websponge

xnx wrote: »

Isn't this question more appropiate in the CCENT/CCNA section?

Ummm no?

Thanks for the useful answers, my confusion comes from the access port, the frame must have an identifier of which vlan it belongs too before it's trunked. I was thinking of traffic as it enters the switch.

networker050184

If it is an access port the switch knows which VLAN that port belongs to. It is statically configured so there is no need for any identification in the frame itself.

websponge

Ok, I assumed that. It's this description below, that got me thinking. It suggests the frame has a tag added to it , when it enters the port from the host device..

VLAN Frame tagging is a technology which is used to identify the VLAN that the packet belongs to. The VLAN Frame tag is placed on the Ethernet frame when the Ethernet frame reaches a switch from an access port, which is a member of a VLAN. If the switch has a trunk port, the Ethernet frame can be forwarded out the trunk link port. This enables each switch to see what VLAN the Ethernet frame belongs to and can forward the frame to corresponding VLAN access ports or to another VLAN trunk port.

fredrikjj

websponge wrote: »

Thanks for the useful answers, my confusion comes from the access port, the frame must have an identifier of which vlan it belongs too before it's trunked. I was thinking of traffic as it enters the switch.

Well if we just look at a single switch, that switch knows which vlan a port belongs to, and it knows all other ports that has this vlan assigned. That information serves as the basis for the separation of the mac address tables of the different vlans. For example, traffic from an access port in vlan 10 will never be able to flood to an access ports in vlan 20 because they have separate cam tables. Now, how the hardware actually handles that separation is entirely glossed over in the CCNP material. I can't line break on this device so excuse me while I continue. You don't technically need the tag for inter-switch communication either as long as you only connect two access ports. It's only when using a trunk, and thus sending frames belonging to two or more vlans in the same physical cable, that the switches need some mechanism to be able to distinguish between the frames.

fredrikjj

PS. I think I get what you are asking now websponge. As a frame enters an access port and then gets sent to the trunk port, how does the switch know what access port that frame came from? It must know this to assign the correct tag. My guess is that it looks at the mac address <-> vlan pair in the CAM table. Or possibly, there is some other hardware magic that happens as the frame gets switched between an access port and a trunk port.

websponge

Cheers fredrikjj

Yes, you understood what I was asking

I had one of our CCIE guys go through it with me in the lab today (Im more of a routing person than switching!) we set up a layer 3 switch and some trunks to layer 2 switches, the L2 devices tagged my vlan for travel on the trunk port, the L3 did the routing / switching look up for me, removed the original tag and added the destination tag (using the SVI`s) which was then stripped on the 2nd layer 2 switch..

thanks all