How does trunking work between a layer 2 switchport and a layer 3 device?

I have a layer 2 access switch that has a vlan 24 that is mapped to the ip subnet 10.192.24.0/24 and has several other vlans also. How does the layer 3 router place a tag for vlan 24 on the packet/frame? destined for devices in the 10.192.24.0 network?

This is the layer 3 device config:

The interface going to the access switch is gi2/2/3 and the svi is int vlan24

RXXXX# sh run int gig 2/2/3
Building configuration...

Current configuration : 290 bytes
!
interface GigabitEthernet2/2/3
 description TO SXXXX (access switch) PORT 1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 wrr-queue bandwidth 5 25 50
 priority-queue queue-limit 20
 wrr-queue queue-limit 5 25 50
 channel-protocol pagp
end

RXXXX#sh int gi2/2/3 switchport
Name: Gi2/2/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Operational Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

RXXXX#sh run int vlan24
Building configuration...

Current configuration : 219 bytes
!
interface Vlan24
 description (access switch)
 ip address 10.192.24.1 255.255.255.0
 ip helper-address 10.x.x.x
 ip helper-address 10.x.x.x
 no ip redirects
 service-policy input XXXXX
end

The interface gi2/2/3 is listed in mutliple vlans. Vlan 24 and 25 are both on the access switch.

RXXXX#sh vlan id 24

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
24   ROW XXX                         active    Gi1/2/3, Gi1/2/4, Gi1/2/5, Gi1/2/6
                                                Gi1/2/7, Gi1/2/8, Gi1/2/18, Gi1/2/21
                                                Gi1/2/22, Gi1/2/23, Gi1/2/24, Gi1/3/4
                                                Gi1/3/7, Gi1/3/13, Gi1/4/19, Gi1/4/22, Po3
                                                Po4, Po5, Po6, Po7, Po8, Po9, Po10, Po11
                                                Po12, Gi2/2/3, Gi2/2/4, Gi2/2/5, Gi2/2/6
                                                Gi2/2/7, Gi2/2/8, Gi2/2/21, Gi2/2/22
                                                Gi2/2/23, Gi2/2/24, Gi2/3/4, Gi2/3/7
                                                Gi2/4/19

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
24   enet  100024     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- -----------------------------------------
RXXXX#sh vlan id 25

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
25   ROW XXX                        active    Gi1/2/3, Gi1/2/4, Gi1/2/5, Gi1/2/6
                                                Gi1/2/7, Gi1/2/8, Gi1/2/18, Gi1/2/21
                                                Gi1/2/22, Gi1/2/23, Gi1/2/24, Gi1/3/4
                                                Gi1/3/7, Gi1/3/13, Gi1/4/19, Po3, Po4, Po5
                                                Po6, Po7, Po8, Po9, Po10, Po11, Po12
                                                Gi2/2/3, Gi2/2/4, Gi2/2/5, Gi2/2/6
                                                Gi2/2/7, Gi2/2/8, Gi2/2/21, Gi2/2/22
                                                Gi2/2/23, Gi2/2/24, Gi2/3/4, Gi2/3/7
                                                Gi2/4/19

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
25   enet  100025     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
Dragon0x40Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick_O_ShayCommented:
The L3 device will put the VLAN tag on for each respective VLAN it is in. The switch which has the same VLANs configured for that port will deliver a packet only to the other ports in the same VLAN as the tag.
If you are asking where it gets the info for which VLAN it is from - Trunking VLANs Enabled: ALL
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MightySWCommented:
Hi, it gets the tagging VLAN info from the encapsulation 802.1q.  As Rick said, without the Trunking, you wouldn't see the tag as it would all just be routed and all ports would be in access mode.  When the interfaces are in trunk mode and the encapsulation is set for that VLAN then the ports that are allowed on that VLAN will see the tagging for that VLAN.  If you have multiple VLANs accessing the trunk (by default) then everything will be tagged with the respective VLAN from which it came (as Rick stated).

Thanks RIck.
0
Dragon0x40Author Commented:
thanks Rick O Shay and MightySW,

So the layer 3 device gets a packet destined for 10.192.24.91/24 and looks at its routing table and sees that packet needs to go out int vlan24.

RXXX# sh ip route 10.xxx.xx.91
Routing entry for 10.xxx.xx.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Vlan24
      Route metric is 0, traffic share count is 1

The router portion of the switch arps for the ip address:

RXXX#sh arp | inc 10.xxx.xx.91
Internet  10.xxx.xx.91          195   xxxx.64c3.dd04  ARPA   Vlan24

The switch portion is given the destination of vlan 24 and the destination mac and frames the packet with the vlan tag of 24 and destination mac. The switch then sends the frame out all ports associated with vlan 24 if no mac entry found. But there is a mac entery found so it is sends out port gi1/2/3

RXXX#sh mac-address-table | inc xxx.64c3.dd04
    28  xxxx.64c3.dd04   dynamic  Yes        200   Gi1/4/22
    24  xxxx.64c3.dd04   dynamic  Yes         40   Gi1/2/3
    16  xxxx.64c3.dd04   dynamic  Yes        200   Gi1/4/22
    44  xxxx.64c3.dd04   dynamic  Yes        200   Gi1/4/22
    88  xxxx.64c3.dd04   dynamic  Yes        200   Gi1/4/22
RXXX#sh run int gi1/2/3
Building configuration...

Current configuration : 290 bytes
!
interface GigabitEthernet1/2/3
 description TO S192024-4 PORT 1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 wrr-queue bandwidth 5 25 50
 priority-queue queue-limit 20
 wrr-queue queue-limit 5 25 50
 channel-protocol pagp
end
0
Dragon0x40Author Commented:
Interface vlan24 = vlan24 so the router/switch tags frames with 24 any packet matching in the routing table to interface vlan24?
Then arps for the mac and if it has a mac entry unicasts out the associated port.
If no mac entry then broadcasts out all trunk ports with vlan 24 allowed?
0
MightySWCommented:
No, it will do an ARP (convert from IP to MAC address) on the VLAN.  If that IP is successfully mapped to a mac address in the ARP table of the switch then it will forward the FRAME.  If not then it will broadcast.  The router will know to ROUTE to whatever network the IP is on because of the subnet, because that is what a router does.

If its on the VLAN then it will do an ARP, if it sees nothing then the switch will broadcast to refill its ARP table.  If its not there then the packet will be dropped.

That Gigabit interface is ALREADY a member of the same BROADCAST domain as where you are asking for the original mac address (thats what you asked) so it really doesn't forward or LOOK out that interface, it will just broadcast to that interface as well as all of the other interfaces that are members of VLAN 24.  VLANs cut collision domains up into multiple broadcast domains.  The router/layer3 switch will in turn terminate the VLAN broadcast domains.

Just imagine if you had 4 floors with 48 port switches that were automatically trunked together with VLAN1 and one workstation IP tried to communicate with a server that hadn't been used in a while... Well since the ARP query would fail (ip address to mac address) then a broadcast would be sent out.  It would send it across EVERY switch on all floors on that VLAN1 to get the mac address of the server.

I can see what you are asking and you are right there it just seems that you need some gaps filled in.  But mostly what you are asking is correct.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.