5

I'm currently studying for the Cisco switching exam and having trouble understanding exactly how 802.1q tagging works.

Given three daisy chained switches (A,B, and C) with trunk ports between them and VLAN 101 defined on both end switches (A and C), I'm not sure why the VLAN also needs to be defined on the middle one (B)?

Note that I am not disputing that it does need to be configured, I'm just trying to understand why exactly.

As I understand it, traffic from VLAN 101 on switch A will be tagged as it goes through the trunk to switch B. According to the documentation I have read, trunks will pass all VLANs by default, and the .1q tag is only removed when the frame leaves through an access port on the relevant VLAN. From this I would expect switch B to simply forward the tagged frame unchanged through the trunk to switch C.

Can anyone shed some light on how switch B processes this frame and why it does not get forwarded through the other trunk ?

Jon Reeves
  • 438
  • 2
  • 8

3 Answers3

6

Trunking just gives an interface the ability to deal with tagged frames. It doesn't give it a general ability to handle all tags.

This is where the "default" or PVID (primary VLAN ID) comes in. When you set this, the switch treats all incoming packets with tags that it isn't explicitly configured to handle as if it was an untagged packet on the PVID. The frame is then handled with that in mind -- with the 802.1q tag removed.

You have to explicitly specify which VLANs are supported on which ports. This means you have to explicitly define and configure how the VLANs are forwarded through your mesh(*) of switches. Otherwise, all tagged packets could potentially go everywhere, leading to security problems and potential bottlenecks in terms of throughput.

(*) == originally typed as "mess", but that's often an appropriate sentiment.

David Mackintosh
  • 14,293
  • 7
  • 49
  • 78
  • So if the switch doesn't recognise the VLAN ID, it removes the tag and treats it as being on the native VLAN ? Or does it drop the frame if it does not recognise the VLAN ID ? If it just treats it as untagged wouldnt you still have lots of frames going over the wrong VLAN (ie the native rather than the original VLAN) ? – Jon Reeves Jan 16 '11 at 08:40
  • It drops the tag and treats it as if it was on teh default (PVID) VLAN. If the PVID is a special number, some switches will discard the frame rather than forward it across the PVID. And yes, this is precisely why you have to specify your tagging through your mesh -- to prevent frames going everywhere. – David Mackintosh Jan 17 '11 at 14:42
1

Hm I sat here thinking about this for 10 minutes and couldn't come up with a good generic answer. Maybe there's something specific to how cisco equipment works that makes this a requirement? Maybe it's simpler to always require that vlans be enabled on intermediate switches because it makes the logic simpler?

This could also be a guard against malicious intent or careless mistakes - you are forcing the user to positively configure the intermediary switches to deal with vlans, instead of just allowing them to exist by default. Best I can think of.

Phil Hollenback
  • 14,947
  • 4
  • 35
  • 52
1

Your doubt was why you need to configure the VLAN in the intermediate switch i.e., Switch B. Here is the simple and TO THE POINT answer for you. Switch B only forwards the tagged frames over those trunks that are defined to support that VLAN, and for which that VLAN is in a forwarding state. That means Switch B's Vlan table should have VLAN 101.

Nils
  • 7,695
  • 3
  • 34
  • 73
Shafi
  • 11
  • 1